[Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS


Recommended Posts

After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very straightforward and simple guide on how to setup Squid/SquidGuard on a network.. If you have any questions or something in the guide is left out/wrong, please let me know.

How to setup a Squid Server with SquidGuard 
Protecting your Network from Ads/Spyware/Malware
Follow this guide at your own risk! I will not be held responsible for any damages

For this guide, we are going to use Ubuntu 14.04.1 LTS, I will assume that you have the knowledge on how to install an Ubuntu Server on hardware or a VM. Also, set a static IP for the server.

Just follow these commands, and you’ll be up and running!

1. sudo apt-get update
2.  sudo apt-get upgrade
3. sudo apt-get install squid3
4. sudo nano /etc/squid3/squid.conf
5. You can actually just copy and paste this into the squid.conf, everything is commented out..  Just change the hostname to the hostname of the server.. 
visible_hostname your-machines-hostname
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”.
acl intranet 10.50.0.0/32
http_access allow intranet
7. sudo service restart squid3

Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide. 
To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”. 


Now, it’s time to install SquidGuard!
1.    sudo apt-get install squidguard
2.    sudo mkdir /opt/3rdparty
We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical.  For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business.
3.    sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz
4.    sudo tar xzf shallalist.tar.gz
5.    sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db
6.    Add this to  /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard
7.    sudo squidGuard -C all
8.    chown -R proxy:proxy /var/lib/squidguard/db
9.    Add this to my /etc/squid3/squid.conf  type, “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard

Now, we need to edit the squidGuard.conf

I recommend to make a backup of your squidGuard.conf then making a new one..
1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak
2. sudo rm /etc/squidguard/squidGuard.conf
3.sudo nano /etc/suqidgurd/squidGuard.conf
Copy and paste this,
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
acl {
default {
pass !porn !adv !spyware all
redirect http://localhost/block.html
}
}
You can test your squidguard by doing a dry run
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

You should see, 
squidGuard ready for requests 
squidGuard stopped 
If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”

You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from,  http://urlblacklist.com/

  On 15/09/2015 at 15:06, limok said:

Yes I need this. We've got one set up and it looks like a botched up job. I'll be following this guide to set and test a proxy. 

Cheers

Thanks! 

  On 15/09/2015 at 15:36, BudMan said:

Shouldn't this be in the guide section and not in visualization

Ah, I thought it would be best in the networking section.. Maybe the mods will move it.. Thanks.  

  On 15/09/2015 at 22:07, BudMan said:

why did you put it under vitalization subsection?

It looks like it is under Home  Technical Help & Support  Internet, Network & Security  [Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS like I intended it to me..  

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Lol tf you are talking about. People are PAYING by using this app exclusively, just indirectly. Do you have any idea how much facebook charges for api access to WhatsApp which has become more or less a monopoly in e-commerce.
    • My kid tried, so I took her to Microcenter and showed her the differences in price as well as storage and specs. We bought a Windows machine. She loves it, and is off to college this fall with her gaming level windows laptop at the price of a Mac that came with a 512GB SSD, and half the RAM.
    • Hasleo Backup Suite Free 5.4.2.1 by Razvan Serea Hasleo Backup Suite Free is a free Windows backup and restore software, which embeds backup, restore and cloning features, it is designed for Windows operating system users and can be used on both Windows PCs and Servers. The backup and restore feature of Hasleo Backup Suite can help you back up and restore the Windows operating systems, disks, partitions and files (folders) to protect the security of your Windows operating system and personal data. The cloning feature of Hasleo Backup Suite can help you migrate Windows to another disk, or easily upgrade a disk to an SSD or a larger capacity disk. System Backup & Restore / Disk/Partition Backup & Restore Backup Windows operating system and boot-related partitions, including user settings, drivers and applications installed in these partitions, which ensures that you can quickly restore your Windows operating system once it crashes. Viruses, power failure, or other unknown reasons may cause data loss, so it is a good habit to regularly back up the drive that stores important files, you can at least recover lost files from the backup image files in the event of a disaster. System Clone / Disk Clone / Partition Clone Migrate the Windows operating system from one disk to another SSD or larger disk without reinstalling Windows, applications and drivers. Clone entire disk to another disk and ensure that the contents of the source disk and the destination disk are exactly the same. Clone a partition completely to the specified location on the current disk or another disk and ensure that the data will not be changed. File Backup & Restore Back up specified files(folders) instead of the entire drive to another location to protect your data, so you can quickly restore files(folders) from the backup image files when needed. Incremental/Differential/Full Backup Different backup modes are supported, you can flexibly choose data protection schemes, which can improve backup performance and save storage space while ensuring data security. Delta Restore Delta restore uses advanced delta detection technology to check the changed blocks on the destination drive and restore only the changed blocks, so it has a faster restore speed than the traditional full restore. Universal Restore This feature can help us restore the Windows operating system to computers with different hardware and ensure that Windows can work normally without any hardware compatibility issues. Hasleo Backup Suite 5.4.2.1 changelog: The program crashes when sending emails Application notifications cannot be displayed in the Windows Notification Center Updated Italian and German translations Fixed other minor bugs Download: Hasleo Backup Suite 5.4.2.1 | 33.9 MB (Freeware) Links: Hasleo Backup Suite Website | Hasleo Backup Suite Guide | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • 99% of Control Panel will be moved to Settings. Then by 2050, 20% of settings will have been moved to the Configuration Menu. I have no issues with Settings as it exists now in Windows 11. Bring everything over and be done with it.
    • We collect the few carcasses we get (as long as drivers report them, as they should) and while we have our fair share, we don't have nearly enough crashes with deer "to paint the roads with deer carcasses" in Finland. Also, if you can't handle the risks, DO NOT DRIVE. I really don't want everything to be so simple and stupid, that I don't have to worry about my surroundings (I also hate Apple devices because they kind of decide everything for you and offer very little customization vs. Android). Most people probably encounter much higher risks and dangers in their daily jobs than they encounter on roads. Just a few weeks ago I twisted my anckle at work while walking and I haven't had even a near miss with an animal in traffic for many years despite driving something like 27000+ km/year (there were a couple of off years in there too) and seeing many deer, a few moose and many smaller creatures on the road. I find it extremely rare to have deer stumble directly in front of me - it happens, but in my opinion not nearly enough to warrant considering it super dangerous (I actually find it exhilarating when it does happen as it changes the daily commute and it actually requires me to stay focused). It is probably more common to have some idiot with their face glued to their phone wonder in front of you or a kid on an electric scooter disregard all traffic rules. Here in the Nordics we also have plenty of snow and that kind of f's up anything that relies on lines or other clear lane indicators. The one time I have (kind of) started raging while driving was when I had a loan car from service and it had lane guidance. That freaking thing basically felt like it wanted to hit every pothole and bump it could and I really, really freaking hated it (came close to ripping the whole steering wheel of, I tell you . Didn't feel safer at all, quite the contrary, and it distracted me from the road more than anything else I've driven before, constantly fighting that f'ing thing to go where I wanted it to go (no clear lines, a crack in the pavement, etc. and it became confused as hell and required more adjusting than any traditional car). Also noteworthy that globally the amount of people with driver's licenses is pretty low (like under 20 %), many countries have great public transport systems and many walk and cycle (even during the winter).
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      660
    2. 2
      ATLien_0
      266
    3. 3
      Michael Scrip
      235
    4. 4
      Steven P.
      164
    5. 5
      +FloatingFatMan
      150
  • Tell a friend

    Love Neowin? Tell a friend!