Page 1 of 2 12 LastLast
Results 1 to 25 of 42
  1. #1

    Thumbs up Guide:Setup Squid as a HTTP proxy on your VPS to browse blocked web sites!

    I have tried many proxy methods such as D switch on SSH,web based proxies,VPN and all the methods are slow than average browsing because encryption etc.

    But I have tried setting up squid to test and I have experienced it gives that same speed like without any proxy. ( also you need to have a good VPS or dedi to get the speed)
    And now I dont need to consider going back to no proxy because squid delivers content to my PC as fast as no proxy.

    So here is my guide to setup squid on ubuntu or debian vps for you. You can even run it on 64MB RAM VPS but needs good connection to get no-proxy speeds from it!

    What you will need-

    * A VPS or dedicated server with minimum ram of 64MB (64MB of ram will be enough because squid doesn’t eat much ram)
    * Debian or Ubuntu installed on your server
    * NANO text editor installed on your server ( run “apt-get install nano” to install it if you dont have it already)

    Steps-

    Install squid on your ubuntu or debian server, issue this command over SSH

    Code:
     apt-get install squid
    Then squid is successfully installed and you need to setup squid to access internet because its currently set only for localhost

    squid’s config file is huge so we need to find some lines using nano on squid config file.

    Issue this commands to open squid config file with NANO text editor.

    Code:
    nano /etc/squid/squid.conf
    Click image for larger version. 

Name:	squid-config.jpg 
Views:	1462 
Size:	116.6 KB 
ID:	18159


    squid config Setup Squid as a HTTP proxy to browse blocked web sites!

    On there we need to add 2 lines to configure this for our personal use.

    You can add then on top of the page. those 2 lines are

    Code:
    http_access allow all
    
    http_access allow localnet
    Here is the squid.conf file after adding that 2 lines
    Click image for larger version. 

Name:	squid-modified-conf.jpg 
Views:	1895 
Size:	100.1 KB 
ID:	18158

    squid modified conf Setup Squid as a HTTP proxy to browse blocked web sites!

    So that’s it on server side. Restart squid to load our configuration.

    Code:
     restart squid
    Like I said previously on this guide I’m not focused on setting up security for squid like adding ACL (Access Control Lists) to prevent other users using your proxy etc.

    But this is 1000 times better than setting up a php web based proxy to browse the web.

    While server side setup complete we need to setup our web browsers to use our proxy. I think you are probably using firefox to browse the web so here is the configuration for firefox for other programs you can use the same.

    On firefox navigate to Tools=>Options=>Advanced=>Network=>Settings=>Manual Proxy Configuration

    On that page enter your IP address that squid is installed and port as 3128 because we didn’t changed the default squid port. Also click the checkbox “Use this proxy server for all protocols”

    firefox settings Setup Squid as a HTTP proxy to browse blocked web sites!
    Click image for larger version. 

Name:	firefox-settings.jpg 
Views:	1764 
Size:	70.9 KB 
ID:	18157
    Thats it! icon smile Setup Squid as a HTTP proxy to browse blocked web sites!

    Note that

    * We didn’t setup Access Control Lists so any one who knows your squid server ip address and port can use your proxy.
    * When choosing a server for setting up squid for your use try to get a server which gives lowest ping times for your location which will help you to browse more fast.

    Here is the link for original post! - http://www.ruchirablog.com/setup-squ...ked-web-sites/

  2. #2
    Very nice guide..
    Will try to do that on my vps..
    Thanks...

  3. #3
    Join Date
    Oct 2006
    Location
    canada
    Posts
    528
    Without...
    Like I said previously on this guide I’m not focused on setting up security for squid like adding ACL (Access Control Lists) to prevent other users using your proxy etc.
    ...not only is this generally a bad idea, but is against the ToS of a lot of hosts that post here.
    What did you expect was going to happen?
    6sync is where I've made my home ): // @tenkay

  4. #4
    Quote Originally Posted by dyna! View Post
    Without...
    ...not only is this generally a bad idea, but is against the ToS of a lot of hosts that post here.
    No I dont think hosts wont allow personal proxies. Actually its not good idea to run this kind of proxy for public because it will degrade performance and use bandwidth a lot than web based proxy.

    So this article is generally for Private use proxy!

  5. #5
    Thank you for share us the good tutorial , but if you want to browse blocked web sites, you may choice SSH Tunnel first . it is fast and security.

  6. #6
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    112

    Talking adding access control list

    Adding an access control list is only a couple more lines and definitely worth adding. All the vps hosts that I have had on here don't care if you run a SQUID proxy as long as it's not public. This said, your proxy will be found if it's running on the default port. There are people all day that scan massive ranges of ip's looking for proxies to do their dirty work with.

    Now for the good stuff. To add to these diretions an ACL (access control list) we can do two things. Make an ACL that allows only shell users. AKA people that we (adduser joesmoe) to our vps, or use an ACL with a passwd file that is in the same directory as the squid.conf file. It took me a while to figure out but it's definitely worth it.

    I like adding users via the passwd file because you don't have to give users access to your vps in order for them to use the proxy....YES, I know you can specifiy no shell access at the time of the user creation to get by this conundrum. But that is too much stuff to get into for this simple add on tutorial.

    Ok so lets build on this previous tutorial.
    To add system users with vps access to the proxy access add this to the top of your conf.
    #1
    nano /etc/squid/squid.conf

    #2
    #Insert the below text into your config file

    #Custom Modifications
    auth_param basic program /usr/lib/squid/pam_auth
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 4 hours
    acl password proxy_auth REQUIRED
    http_access allow password

    #3
    #Use the find command to locate port 3128 (CTRL + W) 3128
    #Change port 3128 to something else

    http_port 9988

    #4
    #Let's also add this
    # This will stop your http proxy from forwarding your headers from your real IP.

    forwarded_for off

    #5
    # And finally deny all other access to this proxy except for vps shell users.

    http_access deny all

    #6
    #next save your new config ( CTRL + O ) , then ( CTRL + X )

    #7
    #Now we have to stop squid and restart with the newly edited config file for changes to take place.

    #8
    #Change your prompt to the PWD /etc/squid/
    squid -k shutdown
    squid squid.conf

    #9 Now set your browser to use your newly designated port.
    # When your done load a new webpage and you should get a prompt for a user name and password. BAM. Enter your credentials and you're on your way.

    ------------------------------------------------------------
    ALTERNATIVE METHOD
    ------------------------------------------------------------

    If your like me and you don't want your proxy users to have access to your vps, then make a simple access file in your /etc/squid/ directory called users_passwd.

    Follow the Step by step below to have squid use this file instead of PAM to authenticate your users.

    #1

    nano /etc/squid/users_passwd

    type any character press backspace and save an empty file.

    exit nano

    #2

    nano /etc/squid/squid.conf

    #add this to the top of your config file
    # Custom commands
    #turn off http headers being forwarded
    forwarded_for off

    #As you can see below, the proxy will authenticate your users
    #with ncsa auth using the file we just made called users_passwd
    #located in the /etc/squid/ directory.

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users_passwd

    #now we are going to have to make the proxy autheicate your users. Add this next line below the previous.

    acl ncsa_users proxy_auth REQUIRED
    http_access allow ncsa_users

    #3
    # Add this last line to protect your proxy
    # And finally deny all other access to this proxy
    http_access deny all

    # If you want to change the port as above just search for 3128 (ctrl + w).
    #Change port 3128 to something else
    #http_port 9988 or whatever you want

    #4
    # Now save your newly modifies config file. ( CTRL + O )

    #5
    # Exit nano (ctrl + x)

    #6
    #shutdown squid from PWD (/etc/squid) squid -k shutdown

    #7
    #now we are going to make our first new user to go in our #users_passwd file located /etc/squid/users_passwd. To do this we are going to use the htpasswd program that comes with apache2
    #If you have apache2 installed great if not you need to get htpasswd from somewhere.

    #8
    # Let's generate our first user.
    htpasswd /etc/squid/users_passwd your-first-user-name-here

    #9
    #Enter the password you want for your-first-user-name-here

    #10
    #verify that the user was added to the users file.

    nano /etc/squid/users_passwd

    # You should see your first username: followed by an encrypted password.
    # Now exit out of nano and let's start up squid to test your first user name.

    #11
    # From the PWD /etc/squid/
    squid squid.conf

    #12
    # Now open a web browser with your custom port and Ip set in the proxy configuration options. If you did this right, you should be prompted for a username and password. Enter what you made a few minutes ago for the username and the password you chose. If you did it all correctly you should see your web page come up.

    Hope this helps anyone who was having difficulty setting this program up. I know I struggled when I initally installed this program until I got it simplified. Let me know if anyone needs any help setting this up and I will try to assist you.

    --Matt
    Last edited by mattdahack; 01-06-2011 at 11:50 PM. Reason: Mispelled command

  7. #7
    Thanks for the follow up . But its easy if we just add ACL for ip range block! Allowing only our subnet (for users who have dynamic ip) or limiting access only for our ip (users who got dedicated ip from ISP)

    How ever thanks again for followup!

  8. #8
    Join Date
    Sep 2010
    Location
    Ohio - Guatemala
    Posts
    192
    Quick question on this. I am going to be setting up a Squid proxy for my personal use this next week or so. This tutorial is just what I was looking for. But one thing, what do I need to add to limit day and time for a user, well better yet for a group and assign users to a group if possible?

    I need to have two groups for my small set of users, one is mon-fri, 8AM-5PM and the other group is only Sat 8-5.

    Thanks for any help you can give me. I tried the Squid wiki but man is it a mess to understand.

  9. #9
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    112
    So you want to know how you can allow some clients to use the cache at specific times?
    Let's say you have two users that should only be allowed access to the Internet during working hours (8:30 - 17:30). You can use something like this:

    acl RESTRICTIONS USER1 # Replace with proxy username
    acl WORKING time MTWHF 08:30-17:30 # Times to allow access in 24hour format
    http_access allow RESTRICTIONS WORKING
    http_access deny RESTRICTIONS
    Fast Reliable Proxy Service. Counter-Surveillance. http://www.cs16fl.com

  10. #10
    How about username / password authorization?

  11. #11
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    112
    Use this below code for everything

    acl WORK_TIME time MTWHF 08:30-17:30 # Time allowed access in 24hour format
    http_access allow ncsa_restricted_time_users WORK_TIME
    http_access deny ncsa_restricted_time_users

    acl ncsa_restricted_time_users proxy_auth REQUIRED
    http_access allow ncsa_restricted_time_users
    http_access deny all

    Then make a new user file and put the people in it you want restricted
    to the above specified times. Call the file 'ncsa_restricted_time_users'
    without the quotes and put it in the same directory as the config file

    to generate a new restricted user in your new file use the following command
    htpasswd /etc/squid/ncsa_restricted_time_users user1
    Fast Reliable Proxy Service. Counter-Surveillance. http://www.cs16fl.com

  12. #12
    Thanks. I may have overlooked it but the caffeine is wearing off and bed is looking very comfortable.

  13. #13
    Join Date
    Sep 2010
    Location
    Ohio - Guatemala
    Posts
    192
    Hmm I am getting an error:

    ACL name 'ncsa_restricted_time_users' not defined!
    FATAL: Bungled squid.conf line 6: http_access allow ncsa_restricted_time_users WORK_TIME
    Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
    This is the top of my squid.conf file:

    acl WORK_TIME time A 08:00-17:00 # Time allowed access in 24hour format
    http_access allow ncsa_restricted_time_users WORK_TIME
    http_access deny ncsa_restricted_time_users

    acl ncsa_restricted_time_users proxy_auth REQUIRED
    http_access allow ncsa_restricted_time_users
    http_access deny all

    # WELCOME TO SQUID 2.6.STABLE21
    I have created the pass file so that's there, what did I break this time ha ha

  14. #14
    Join Date
    Sep 2010
    Location
    Ohio - Guatemala
    Posts
    192
    Never mind we're good I moved things around a bit and now it works. Thanks for the help.

  15. #15
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    112
    Glad to be of service. Glad to hear you got it working :-)
    Fast Reliable Proxy Service. Counter-Surveillance. http://www.cs16fl.com

  16. #16
    Join Date
    Sep 2010
    Location
    Ohio - Guatemala
    Posts
    192
    Ok, hate to be a pain, but it works but it's extremely slow. I know it's not that server since I use that server for backups and it's connection speed is always transfer between two servers at around 8 or 9 MB/s. I mean it takes about 30 seconds to load Google. What could this be?

  17. #17
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    112
    I don't know man, mine runs great Getting about 6mb/sec through the proxy. I am not sure what is going on with your's check your firewall rules and if you're running one, shut it down and restest the speed.
    Fast Reliable Proxy Service. Counter-Surveillance. http://www.cs16fl.com

  18. #18
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,124
    Nice guide, anyway to optimize is really good with cache?
    Diego Rodríguez B. - http://diegorbaquero.com
    Hosting Industry Consultant

  19. #19
    Join Date
    Aug 2009
    Location
    INDIA
    Posts
    43
    Really cool guide..
    Helped me out while installing it for a client of mine

    Thanks
    reloadIN - Onshore & Offshore Web Hosting Solution
    VPS | DEDICATED | CLOUD | VPN SERVERS
    █ Server Location - USA|RUSSIA|GERMANY|NETHERLANDS|INDIA

  20. #20
    Join Date
    Sep 2010
    Location
    Ohio - Guatemala
    Posts
    192
    Well it's working now wonderfully, I messed around with some cache settings and we're all good. Quick one more question before I go messing with the file to figure it out. Is there a way to have two user groups and different times and such? For instance, I want one user group to be filtered by the times I set, that works great. But I have one user that I want to give access to whenever they login, is this possible?

  21. #21
    does anyone knows how to resolve this issue?
    im using centOS

    [root@tiger ~]# chkconfig squid on
    [root@tiger ~]# service squid start
    init_cache_dir /var/spool/squid... /etc/init.d/squid: line 62: 3133 Aborted $SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
    Starting squid: /etc/init.d/squid: line 42: 3134 Aborted $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
    [FAILED]
    [root@tiger ~]#

  22. #22
    Sorry for updating an old thread, but how do you exit from squid.conf file after you edit it. I spent 30 minutes trying to figure it out, if someone could help me, it would be greatly appreciated.

  23. #23
    Quote Originally Posted by phoneplus View Post
    Sorry for updating an old thread, but how do you exit from squid.conf file after you edit it. I spent 30 minutes trying to figure it out, if someone could help me, it would be greatly appreciated.
    Ctrl+O to write the changes!

    Ctrl+X to exit!

  24. #24
    how can i access any site using squid?

    every time i go visit a site it always "denied" is there anything i can do to resolve the said issue?

    thank you

  25. #25
    Join Date
    Apr 2011
    Location
    Myrtle Beach, SC
    Posts
    45
    Anyone got a link to a manual describing how to block certain ad servers via Squid. For instance, when I surf facebook or myspace using squid....sometimes there are giant flash/image ads, that slow me down big time. How can I go in squid & block like "serv21.adserver.valueclick.com"? I haven't figured out where to put it in the config & it's been like 2 years I've used squid now lol
    Last edited by n3rdy-jenn; 05-11-2011 at 02:41 PM. Reason: added more info

Page 1 of 2 12 LastLast

Similar Threads

  1. Set Up a Private Proxy or Squid Proxy Server Website
    By handsomeabhi in forum Systems Management Requests
    Replies: 8
    Last Post: 08-20-2010, 09:42 AM
  2. Squid Proxy
    By Skeptical in forum Hosting Security and Technology
    Replies: 1
    Last Post: 07-29-2007, 12:28 AM
  3. Replies: 1
    Last Post: 07-22-2006, 02:55 AM
  4. Squid Proxy Help
    By white_2kgt in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-09-2006, 06:37 PM
  5. Squid Proxy Trial
    By zetec452 in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 09-24-2005, 03:39 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •