[Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS


Recommended Posts

After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very straightforward and simple guide on how to setup Squid/SquidGuard on a network.. If you have any questions or something in the guide is left out/wrong, please let me know.

How to setup a Squid Server with SquidGuard 
Protecting your Network from Ads/Spyware/Malware
Follow this guide at your own risk! I will not be held responsible for any damages

For this guide, we are going to use Ubuntu 14.04.1 LTS, I will assume that you have the knowledge on how to install an Ubuntu Server on hardware or a VM. Also, set a static IP for the server.

Just follow these commands, and you’ll be up and running!

1. sudo apt-get update
2.  sudo apt-get upgrade
3. sudo apt-get install squid3
4. sudo nano /etc/squid3/squid.conf
5. You can actually just copy and paste this into the squid.conf, everything is commented out..  Just change the hostname to the hostname of the server.. 
visible_hostname your-machines-hostname
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”.
acl intranet 10.50.0.0/32
http_access allow intranet
7. sudo service restart squid3

Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide. 
To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”. 


Now, it’s time to install SquidGuard!
1.    sudo apt-get install squidguard
2.    sudo mkdir /opt/3rdparty
We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical.  For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business.
3.    sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz
4.    sudo tar xzf shallalist.tar.gz
5.    sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db
6.    Add this to  /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard
7.    sudo squidGuard -C all
8.    chown -R proxy:proxy /var/lib/squidguard/db
9.    Add this to my /etc/squid3/squid.conf  type, “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard

Now, we need to edit the squidGuard.conf

I recommend to make a backup of your squidGuard.conf then making a new one..
1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak
2. sudo rm /etc/squidguard/squidGuard.conf
3.sudo nano /etc/suqidgurd/squidGuard.conf
Copy and paste this,
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
acl {
default {
pass !porn !adv !spyware all
redirect http://localhost/block.html
}
}
You can test your squidguard by doing a dry run
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

You should see, 
squidGuard ready for requests 
squidGuard stopped 
If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”

You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from,  http://urlblacklist.com/

  On 15/09/2015 at 15:06, limok said:

Yes I need this. We've got one set up and it looks like a botched up job. I'll be following this guide to set and test a proxy. 

Cheers

Thanks! 

  On 15/09/2015 at 15:36, BudMan said:

Shouldn't this be in the guide section and not in visualization

Ah, I thought it would be best in the networking section.. Maybe the mods will move it.. Thanks.  

  On 15/09/2015 at 22:07, BudMan said:

why did you put it under vitalization subsection?

It looks like it is under Home  Technical Help & Support  Internet, Network & Security  [Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS like I intended it to me..  

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Reddit takes legal action, says Anthropic trained Claude on Reddit posts without permission by David Uzondu Reddit has filed a complaint against Anthropic, alleging the AI company straight-up stole its content to train AI models, including the Claude chatbot, without paying a dime. The lawsuit, lodged on June 4, 2025, in San Francisco, accuses Anthropic of repeatedly violating Reddit's User Agreement, which explicitly prohibits unauthorized commercial exploitation and automated scraping of its platform. The data on Reddit seems to be very valuable, seeing as the platform is already making bank licensing its content to other big AI players like Google and OpenAI, as mentioned in its complaint. These deals are reportedly worth tens of millions annually, so it's understandable why Reddit would be ###### if Anthropic was just taking the goods for free. Reddit has been quite clear that while its platform is open for community, it has rules, and commercial outfits cannot just waltz in and use user-generated content to build billion-dollar enterprises without permission or compensation. According to Reddit, Anthropic has been scraping its content since at least December 2021, ignoring technical measures like robots.txt designed to prevent such automated access. Reddit claims that in July 2024, Anthropic falsely stated it had stopped its bots from accessing Reddit, when audit logs allegedly showed Anthropic's bots hit Reddit's servers over a hundred thousand more times in the following months. The complaint on page 5 even includes a screenshot of Reddit's lawyers chatting with Claude, where the AI "confirms" it was trained on Reddit data. Now, we don't know how true this is, given the fact that LLMs hallucinate a lot. Reddit's legal filing paints Anthropic as a company with "two faces": one that publicly preaches about ethical AI and respecting boundaries, and another that privately ignores rules to line its pockets. Reddit is not holding back in what it is asking the court to do to Anthropic. The company demands significant monetary compensation, aiming to recover any profits Anthropic made from using Reddit's data, get repaid for its own financial losses, and it is also seeking punitive damages, looking to punish Anthropic for what Reddit describes as willful and malicious conduct. In addition to that, the company is also seeking an injunction designed to permanently stop Anthropic from using any Reddit data. This order would also compel Anthropic to delete all Reddit content from its systems and pull any AI technology, like its Claude chatbot, from commercial use if it was developed using this disputed data. On top of all that, Reddit wants Anthropic to cover all its legal expenses, including attorneys' fees and court costs.
    • I'm just thinking out loud for a second...could it be the cookie prompt that kicks up the adblock message? The reason I ask is that on Firefox (ad-block enabled but not for Neowin) I don't get the cookie consent option. But if I open Chrome (ad-block disabled) and go to the Neowin I get the cookie banner and then it's all fine. Some form of conflict of interest between the banners? It's probably nothing, but that's what I have just noticed.
    • SoundSwitch 6.14.1 by Razvan Serea SoundSwitch is a Windows app that makes switching your sound devices super easy. Normally, changing speakers or microphones means clicking through annoying menus. With SoundSwitch, you just press a shortcut key (like Ctrl + Alt + F1) — and it switches to the device you want. You can set different keys for speakers, headphones, microphones, or even groups of devices. It also lets you mute your mic with a hotkey and shows a clear banner so you know it's muted. It runs in the background, shows up in your taskbar, and starts with Windows if you want. It’s perfect if you use multiple audio devices and get tired of clicking around every time you want to change one. SoundSwitch features: Customizable Hotkeys: Assign specific key combinations to switch between audio devices quickly. ​ Playback and Recording Device Switching: Toggle between selected playback and recording devices without navigating through system menus. ​ Microphone Mute Toggle: Use hotkeys to mute or unmute the default microphone. ​ Persistent Mute Notification: Displays a compact banner indicating the microphone's mute state, which remains visible until the microphone is unmuted. ​ Profile Management: Create profiles to switch between specific combinations of playback and recording devices using designated hotkeys. ​ Command Line Interface (CLI): Control SoundSwitch through command-line commands for device switching, microphone mute control, and profile management. ​ Auto-Start with Windows: Option to launch SoundSwitch automatically upon system startup. ​ Multi-Language Support: Includes translations for various languages, such as Tamil. ​ Notification Customization: Choose the type of notifications displayed for device switching and mute status. ​ Support for Various Hotkey Combinations: Accepts single keys like PrintScreen, Pause, Home, End, and function keys as hotkeys. ​ System Tray Integration: Access settings and perform device switching directly from the system tray icon. ​ Device Grouping: Organize multiple devices into groups for streamlined switching. ​ User-Friendly Interface: Provides an intuitive setup and configuration process for users. ​ Open-Source Development: Available on GitHub for community contributions and transparency. ​ Regular Updates: Actively maintained with new features and bug fixes. ​ SoundSwitch 6.14.1 changelog: Bug Fixes settings: fix opening settings crashing the application when using CLI or opening SoundSwitch again (b3dca74) Languages Amharic: Added About translation using Weblate (8a40dab) Japanese: Translated About using Weblate (3541994) Japanese: Translated Settings using Weblate (ca5b2fe) Japanese: Translated Settings using Weblate (39a2340) Japanese: Translated Tray Icon using Weblate (1286b92) Japanese: Translated Update Download using Weblate (1c2c658) Norwegian Bokmål: Translated Settings using Weblate (5aaf243) Portuguese: Translated Settings using Weblate (e11f18d) Swedish: Translated Settings using Weblate (8b7b738) Download: SoundSwitch 6.14.1 | 45.4 MB (Open Source) View: SoundSwitch Website | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Wow, the usual crowd is out in full force again — the trolls who think sarcasm is insight, the doom prophets who scream 'web apps = surveillance', and the armchair devs who still think Outlook 2003 was peak tech. Here’s a wild idea: maybe evaluate an app on what it does instead of what your paranoia imagines it’s doing. The new Outlook is fast, clean, and tightly integrated. No, it’s not perfect — what app is? But if your main tech critique is 'It’s different and Microsoft is evil', you’re not reviewing software. You’re just rehearsing your trust issues. Don't like it? Cool. But at least bring something to the table besides tired one-liners and Chicken Little routines. Some of us actually use this stuff and prefer practical feedback over pointless whining.
    • And they will only last thousands of years underground we don’t know where.
  • Recent Achievements

    • Reacting Well
      James courage Tabla earned a badge
      Reacting Well
    • Apprentice
      DarkShrunken went up a rank
      Apprentice
    • Dedicated
      CHUNWEI earned a badge
      Dedicated
    • Collaborator
      DarkShrunken earned a badge
      Collaborator
    • Rookie
      Pat-Garrett went up a rank
      Rookie
  • Popular Contributors

    1. 1
      +primortal
      341
    2. 2
      snowy owl
      167
    3. 3
      +FloatingFatMan
      163
    4. 4
      ATLien_0
      161
    5. 5
      Xenon
      128
  • Tell a friend

    Love Neowin? Tell a friend!