07
01
18
 Leave a comment

Setting up Squid proxy on Ubuntu 16.04 to browse blocked websites

Posted by | Ubuntu |

Squid 3.5.12 can be installed and tested on Ubuntu 16.04 with the following commands:

sudo apt install squid
service squid start
sudo ufw allow 3128/tcp
wget -e use_proxy=yes -e http_proxy=http://localhost:3128 http://google.com

by default Squid listens on port 3128.

At first, Google Chrome started with Squid proxy from some external IP address:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server=http://developernote.com:3128

shown me the following:

But after I allowed HTTP access to ‘all‘ in /etc/squid/squid.conf, it started to work over HTTP. To enable HTTPS I compiled Squid from sources as some smart Russian guy with a bad name described in his blog post.

Added firewall rule:

sudo ufw allow 3129/tcp

And Squid started to work over HTTPS with the following config:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid-password
acl guests proxy_auth REQUIRED

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#http_access allow localhost
#http_access deny all
http_access allow guests

#http_port 3128

https_port 3129 connection-auth=off cert=<public key> key=<private key>

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

Now I use Google Chrome with HTTPS proxy:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --proxy-server=https://developernote.com:3129

To prevent my compiled Squid from being updated I put all its packages on hold by creating file squidpacks.txt:

dpkg --get-selections | grep -i squid > squidpacks.txt

replacing ‘install’ with ‘hold’:

squid                                           hold
squid-cgi                                       hold
squid-common                                    hold
squid-dbg                                       hold
squid-langpack                                  hold
squid-purge                                     hold
squid3                                          hold
squidclient                                     hold

and executing the following command as root:

dpkg --set-selections < squidpacks.txt

Leave a Reply

Your email address will not be published. Required fields are marked *