In former articles i’ve talked about Tor and SSH to browse the net in a more secure (or at leat anonymous) way.
But sometimes it’s easier to do the configuration just one time on a server and setup a proxy there, and than use it as proxy for all your computers, or perhaps all your office or friends computers.
And with VPS this is a cheap way to browse the net starting from another part of the world.
So in this article we’ll see how to do a basic setup of Squid.
I’ll do the setup on a Debian 6, so some commands for installation of files, or the location of configuration file could change in your distribution.
As first thing, a small description of Squid:
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Squid it’s available on Debian, so we can install Version 3 with the command:
aptitude install squid3 squid3-common
This automatically install also all the requirements that we need.
now we just need to change some parameter to allow only our IP or lan to use Squid and to change some parameters.
Allow the access to Squid only from your IP
You probably don’t want to create a public proxy Squid that everyone can use..and abuse.
So we’ll do a rule so that only your IP can connect to Squid.
Find the following line in the file /etc/squid3/squid.conf:
#acl localnet src 10.0.0.0/8
This line create an acl (access control list) with name localnet, declaring as ip belonging to this rule all those in the LAN 10.0.0.0/8
Now you have 2 choice:
1) If you have a public IP you can just use it, if your IP it’s 18.104.22.168 change the above configuration in:
acl localnet src 22.214.171.124
2) If you have a dynamic IP the best solution it’s to open a range of IP, this will be more insecure than just opening 1, but much better than leave Squid wide open. to open the range from 126.96.36.199 to 188.8.131.52 do the following change:
acl localnet src 184.108.40.206/24
now you must add another parameter to match this change, search for the string:
http_access allow localhost
and ADD also the line
http_access allow localnet
Change standard port
For security reasons i prefer to do not use the defualt ports when possible, so i suggest to search for this line:
And change the 3128 in any other port > 1024.
By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server. Find the following line in the file /etc/squid3/squid.conf:
Change it to:
And add at the bottom of the squid.conf file the following instructions:
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
All done, save the file and restart squid with the command:
On the Browser
Now you just have to change the proxy setup on your browser, for example on firefox it’s located in Edit -> Preferences -> Advanced -> Network -> Settings here select “Manual proxy configuration” and put the IP and port of your Squid server as HTTP proxy.
Visit http://www.whatismyip.com/ and you should see the IP of your Linux server.
NOTE: Https sites will NOT work in this Anonymous setup.
- Linux Security: How to hide processes from other users
- Productivity boosting with open source applications
- 8 Simple To Follow Tips To Secure Your Apache Web Server
- The Humble “Open Source” Bundle
- Linux Games: FTL Advanced Edition expansion
Find me on Google+