[Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS

By fusi0n
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

fusi0n

Posted
Posted

After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very straightforward and simple guide on how to setup Squid/SquidGuard on a network.. If you have any questions or something in the guide is left out/wrong, please let me know.

How to setup a Squid Server with SquidGuard 
Protecting your Network from Ads/Spyware/Malware
Follow this guide at your own risk! I will not be held responsible for any damages

For this guide, we are going to use Ubuntu 14.04.1 LTS, I will assume that you have the knowledge on how to install an Ubuntu Server on hardware or a VM. Also, set a static IP for the server.

Just follow these commands, and you’ll be up and running!

1. sudo apt-get update
2.  sudo apt-get upgrade
3. sudo apt-get install squid3
4. sudo nano /etc/squid3/squid.conf
5. You can actually just copy and paste this into the squid.conf, everything is commented out..  Just change the hostname to the hostname of the server.. 
visible_hostname your-machines-hostname
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”.
acl intranet 10.50.0.0/32
http_access allow intranet
7. sudo service restart squid3

Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide. 
To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”. 


Now, it’s time to install SquidGuard!
1.    sudo apt-get install squidguard
2.    sudo mkdir /opt/3rdparty
We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical.  For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business.
3.    sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz
4.    sudo tar xzf shallalist.tar.gz
5.    sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db
6.    Add this to  /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard
7.    sudo squidGuard -C all
8.    chown -R proxy:proxy /var/lib/squidguard/db
9.    Add this to my /etc/squid3/squid.conf  type, “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard

Now, we need to edit the squidGuard.conf

I recommend to make a backup of your squidGuard.conf then making a new one..
1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak
2. sudo rm /etc/squidguard/squidGuard.conf
3.sudo nano /etc/suqidgurd/squidGuard.conf
Copy and paste this,
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
acl {
default {
pass !porn !adv !spyware all
redirect http://localhost/block.html
}
}
You can test your squidguard by doing a dry run
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

You should see, 
squidGuard ready for requests 
squidGuard stopped 
If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”

You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from,  http://urlblacklist.com/

Grand Master

fusi0n

Posted
  • Author
Posted
  On 15/09/2015 at 15:06, limok said:

Yes I need this. We've got one set up and it looks like a botched up job. I'll be following this guide to set and test a proxy. 

Cheers

Thanks! 

  On 15/09/2015 at 15:36, BudMan said:

Shouldn't this be in the guide section and not in visualization

Ah, I thought it would be best in the networking section.. Maybe the mods will move it.. Thanks.  

Grand Master

fusi0n

Posted
  • Author
Posted
  On 15/09/2015 at 22:07, BudMan said:

why did you put it under vitalization subsection?

It looks like it is under Home  Technical Help & Support  Internet, Network & Security  [Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS like I intended it to me..  

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Stylish Samsung Galaxy S25 Edge gets 20% discount sending it to lowest price

      By zikalify · Posted

      Stylish Samsung Galaxy S25 Edge gets 20% discount sending it to lowest price by Paul Hill If you’re in the market for a powerful, stylish phone, then you may be interested in the Galaxy S25 Edge, which is now reduced to $969.99, down 20% from the $1,219.99 list price. This is the lowest price that the device has been at on Amazon. You can get the device at this price if you go for the Titanium Icyblue or Titanium Silver editions. These models are the top-end S25 Edge variants with 512GB of storage. While this Samsung device may be about as thick as a pencil, it’s constructed from titanium and uses Corning Gorilla Glass Ceramic 2 on the display. This should ensure durability, despite its thin design. The thickness of this phone is just 5.8mm, and it weighs 163g. Camera capabilities and AI enhancements The Galaxy S25 Edge's camera system is impressive. It has a 200MP main camera with optical image stabilization and a 2x optical quality zoom. This feature magnifies the image using optical mechanisms in the camera lens so that the zoomed image retains its original clarity, detail, and resolution of the scene. On the back, there is also a 12MP ultrawide camera with autofocus and on the front, there’s a 12MP camera. Like many phones coming out now, there are AI-powered camera features such as Night Video, Best Face for group shots, Portrait Selfie, and Gallery Search by description. Notably, there is no dedicated telephoto lens like in the S25+ and S25 Ultra. This is a tradeoff that the company decided to make to achieve its ultrathin design. Telephoto lenses are camera lenses that are designed to make distant objects appear closer and larger in your photos and videos. The absence of this telephoto lens may be a deal breaker for those looking to use this camera for professional shots; otherwise, it’s still very impressive, especially with that 200MP main camera. Performance, display, and integrated AI features The S25 Edge is powered by the Snapdragon 8 Elite chipset, specifically the 3-nanometer Qualcomm SM8750-AB. It has an octa-core CPU (2x4.47 GHz Oryon V Phoenix L + 6x3.53 GHz Oryon V2 Phoenix M) and an Adreno 830 GPU. This model's display is a 6.7-inch QHD+ Dynamic AMOLED 2X with a 120Hz adaptive refresh rate and high brightness. This device has plenty of other AI features too, outside of the camera, including Cross App Action, Audio Eraser for videos, Now Brief/Now Bar for personalized information, and of course, Google Gemini. With 12GB of RAM, the specs on this phone are really very good. It should be capable of doing most tasks you throw at it, including gaming. You may wonder if it will handle games well, given that the thin design means it could overheat. Samsung has already thought about this and included a reconfigured vapor chamber that helps to keep the phone cool. Battery life and charging speed: The main compromise Aside from the removal of the telephoto lens, this phone also has a drawback in terms of battery life. Its 3,900 mAh battery capacity means it’s smaller than many other devices, even compared to budget phones. Another disappointing aspect is the charging, where the wired charging speed is limited to 25W—that’s lower than what you find on very affordable Xiaomi POCO devices. This battery limitation might make this device a bad choice if you’re away from a charger for long periods. One affordable way to mitigate this downside is by carrying a portable charger, but still, it’s ironic that you buy a thin phone to be lighter and then end up carrying a brick-sized charger around with you. You could also just bring your charger and plug it into an outlet. Is the Galaxy S25 Edge the smart buy for you? If you’re someone who wants a sleek, lightweight phone that has a premium build and can easily slice through tasks you throw at it, then the Galaxy S25 Edge is very likely for you. It’s also great for anyone looking for a standout camera that doesn’t need a telephoto lens. However, if you need a device with all-day battery life because you’re going camping or to the middle of nowhere, then you could probably find a better fit with a longer battery life. If this device is for you, check out the links below. Samsung Galaxy S25 Edge (Titanium Icyblue): $969.99 (Amazon US) / MSRP $1,219.99 Samsung Galaxy S25 Edge (Titanium Silver): $969.99 (Amazon US) / MSRP $1,219.99 This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • Is the Start menu in Windows actually useful? Do we even need it?

      By emptyother · Posted

      I got too many apps I use actively. Theres been too often I completely blank on the name of the application and had to manually look through the list for it. Now I'm using Start11 and got my apps sorted in the Start menu by categories so that if I'm looking for Krita i can find it under "Art editors". If MS are going to change it, they should consider making automated categories. Seen some Linux distros do that. But if they do, theres probably gonna be a lot of wrongly categorized apps though, unfortunately.
    • Microsoft is removing legacy drivers from Windows Update

      By d5aqoëp · Posted

      Planned obsolescence
    • LAV Filters 0.80.0

      By Copernic · Posted

      LAV Filters 0.80.0 by Razvan Serea LAVFSplitter is a multi-format media splitter that uses libavformat (the demuxing library from ffmpeg) to demux all sorts of media files. LAV Splitter is a Souce Filter/Splitter required to demux the files into their separate elementary streams. LAV Audio and Video Decoder are powerful decoders with a focus on quality and performance, without any compromises. Supported Formats: MKV/WebM, AVI, MP4/MOV, MPEG-TS/PS (including basic EVO support), FLV, OGG, and many more that are supported by ffmpeg! LAV Filters are based on ffmpeg and libbluray and is aimed to offer a all-around solution to perfect playback of file-based Media as well as Blu-rays. LAV Filters 0.80.0 changelog: LAV Splitter NEW: Introduced the IURLSourceFilterLAV interface to allow opening URLs with custom user agent and referrer NEW: Added support for WebP images Changed: Increased the length of the advanced subtitle selection field, so its no longer cut off after 255 characters Changed: Improved buffering behavior on badly interleaved video files Fixed: Audio streams with an unknown/unsupported codec are no longer selected for playback, as long as others are present Fixed: Improved accuracy of reported FPS from AviSynth scripts LAV Video NEW: D3D11 support for HEVC 4:2:2 and 4:4:4 hardware decoding NEW: Dolby Vision extension metadata is exported for renderers to use Changed: Added additional media types to support more video streams Changed: Updated dav1d for significant AV1 decoding improvements Fixed: Improved handling of H.264 4:4:4 files encoded by certain versions of x264 Fixed: VP9 DXVA2/D3D11 decoding could result in artifacts on some clips Fixed: Decoding ProRes reports more accurate color details LAV Audio Changed: Added support for additional ADPCM audio codecs Download: LAV Filters 0.80.0 | 15.5 MB (Open Source) View: LAV Filters Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Is the Start menu in Windows actually useful? Do we even need it?

      By Max Norris · Posted

      Haven't really used it much for years, not specific to Windows 11.. it's there but I mostly ignore it. I do install StartAllBack though bust mostly for the other bits that it brings. I prefer the "alt-space" type launchers (KRunner in Plasma, Flow in Windows or the like), a lot less clutter and more smarts like bookmark/history searches and other useful plugins.

  • Recent Achievements

    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      674
    2. 2
      ATLien_0
      277
    3. 3
      Michael Scrip
      220
    4. 4
      +FloatingFatMan
      168
    5. 5
      Steven P.
      160
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!