07
01
18
 1 Comment

Setting up Squid proxy on Ubuntu 16.04 to browse blocked websites

Posted by | Ubuntu |

Squid 3.5.12 can be installed and tested on Ubuntu 16.04 with the following commands:

sudo apt install squid
service squid start
sudo ufw allow 3128/tcp
wget -e use_proxy=yes -e http_proxy=http://localhost:3128 http://google.com

by default Squid listens on port 3128.

At first, Google Chrome started with Squid proxy from some external IP address:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server=http://developernote.com:3128

shown me the following:

But after I allowed HTTP access to ‘all‘ in /etc/squid/squid.conf, it started to work over HTTP. To enable HTTPS I compiled Squid from sources as some smart Russian guy with a bad name described in his blog post.

Added firewall rule:

sudo ufw allow 3129/tcp

And Squid started to work over HTTPS with the following config:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid-password
acl guests proxy_auth REQUIRED
 
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
 
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#http_access allow localhost
#http_access deny all
http_access allow guests
 
#http_port 3128
 
https_port 3129 connection-auth=off cert=<public key> key=<private key>
 
coredump_dir /var/spool/squid
 
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

Now I use Google Chrome with HTTPS proxy:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server=https://developernote.com:3129

To prevent my compiled Squid from being updated I put all its packages on hold by creating file squidpacks.txt:

dpkg --get-selections | grep -i squid > squidpacks.txt

replacing ‘install’ with ‘hold’:

1
2
3
4
5
6
7
8
squid                                           hold
squid-cgi                                       hold
squid-common                                    hold
squid-dbg                                       hold
squid-langpack                                  hold
squid-purge                                     hold
squid3                                          hold
squidclient                                     hold

and executing the following command as root:

dpkg --set-selections < squidpacks.txt

1 Response to Setting up Squid proxy on Ubuntu 16.04 to browse blocked websites

  1. dmitriano says:
    January 15, 2025 at 8:03 am

    https://github.com/diladele/squid-ubuntu
    The default version of Ubuntu 24.04 noble comes with both squid and squid-openssl packages. If you already installed squid package, uninstall it first and then install squid-openssl package.
    sudo apt-get install squid-openssl

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *