[Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS


Recommended Posts

After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very straightforward and simple guide on how to setup Squid/SquidGuard on a network.. If you have any questions or something in the guide is left out/wrong, please let me know.

How to setup a Squid Server with SquidGuard 
Protecting your Network from Ads/Spyware/Malware
Follow this guide at your own risk! I will not be held responsible for any damages

For this guide, we are going to use Ubuntu 14.04.1 LTS, I will assume that you have the knowledge on how to install an Ubuntu Server on hardware or a VM. Also, set a static IP for the server.

Just follow these commands, and you’ll be up and running!

1. sudo apt-get update
2.  sudo apt-get upgrade
3. sudo apt-get install squid3
4. sudo nano /etc/squid3/squid.conf
5. You can actually just copy and paste this into the squid.conf, everything is commented out..  Just change the hostname to the hostname of the server.. 
visible_hostname your-machines-hostname
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”.
acl intranet 10.50.0.0/32
http_access allow intranet
7. sudo service restart squid3

Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide. 
To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”. 


Now, it’s time to install SquidGuard!
1.    sudo apt-get install squidguard
2.    sudo mkdir /opt/3rdparty
We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical.  For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business.
3.    sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz
4.    sudo tar xzf shallalist.tar.gz
5.    sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db
sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db
6.    Add this to  /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard
7.    sudo squidGuard -C all
8.    chown -R proxy:proxy /var/lib/squidguard/db
9.    Add this to my /etc/squid3/squid.conf  type, “sudo nano /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard

Now, we need to edit the squidGuard.conf

I recommend to make a backup of your squidGuard.conf then making a new one..
1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak
2. sudo rm /etc/squidguard/squidGuard.conf
3.sudo nano /etc/suqidgurd/squidGuard.conf
Copy and paste this,
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
acl {
default {
pass !porn !adv !spyware all
redirect http://localhost/block.html
}
}
You can test your squidguard by doing a dry run
sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

You should see, 
squidGuard ready for requests 
squidGuard stopped 
If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”

You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from,  http://urlblacklist.com/

  On 15/09/2015 at 15:06, limok said:

Yes I need this. We've got one set up and it looks like a botched up job. I'll be following this guide to set and test a proxy. 

Cheers

Thanks! 

  On 15/09/2015 at 15:36, BudMan said:

Shouldn't this be in the guide section and not in visualization

Ah, I thought it would be best in the networking section.. Maybe the mods will move it.. Thanks.  

  On 15/09/2015 at 22:07, BudMan said:

why did you put it under vitalization subsection?

It looks like it is under Home  Technical Help & Support  Internet, Network & Security  [Guide] Setup Squid and SquidGuard with Ubuntu Server 14.04.1 LTS like I intended it to me..  

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Yes and No... Yesterday there was someone on another forum asking what Linux version he should use for his transition from Windows, based on his graphical/video/3d needs. He got 10 different Linux distros and a handful of GUI's as an answer. Linux for the uninformed is just a hot mess regarding distributions. People are used to one Windows version. Or one Mac. Not having to choose from a pile of... what actually? And yes, Linux Mint would be a great replacement as long as you use the PC for the basics. Anything else will quickly result in frustration and searching on various forums. Linux isn't really the easy replacement for Windows. As I hate to say it, transitioning to a Mac is a way better experience. And I'm not entirely unfamiliar with Linux, having extensively dabbled with Mint and lately with Rocky for my Davinci Resolve experiments. It's still a pain... It really is..
    • Welcome on board!
    • iOS 26 leaks reveal AI-powered Messages, animated Music lock screen, and CarPlay redesign by Sagar Naresh Bhavsar A lot of these are reportedly changing this year for Apple. While the "Plus" model is expected to be replaced with the iPhone 17 Air, the iOS software is also expected to undergo a major branding change. Instead of iOS 19, Apple is rumored to introduce iOS 26 at the upcoming WWDC 2025 event on June 9. Not only iOS, but the change is expected across all platforms. Meaning, from this year, it could all be streamlined: iOS 26, iPadOS 26, macOS 26, watchOS 26, and more. However, since Apple Intelligence is still in its early stages, Apple is expected to introduce a slew of new features to apps such as Music, Messages, Notes, and CarPlay. According to 9to5Mac, Apple is preparing some "low-profile enhancements" for everyday apps, based on the information from previously accurate sources. As per the report, the Messages app could get an "Automatic Translation" feature that will make use of AI (artificial intelligence) to translate both incoming and outgoing messages. Plus, the Messages app could also gain a "Polls" feature, letting group chat members vote directly within the app. Apple Music is also expected to get a new full-screen animated lock screen artwork, enhancing the Now Playing widget by bringing a maximized look to the album art on the lock screen. The Notes app could also gain the ability to export notes in Markdown, a long-requested feature that third-party apps have supported for years. Apple recently introduced CarPlay Ultra, with some amazing changes, but that is limited to a few luxury cars at the moment. The standard CarPlay is expected to get a UI overhaul with iOS 26. While details remain under wraps, the new interface is speculated to reflect the sleek, glass-like design of iOS 26. Since these are still rumors, we suggest you take them with a pinch of salt. If you are confused about which iPhones will support iOS 26, you can check out the list of supported phones here.
    • Greetings!
    • Hmm, I'll give it a go
  • Recent Achievements

    • Week One Done
      Leonard grant earned a badge
      Week One Done
    • One Month Later
      portacnb1 earned a badge
      One Month Later
    • Week One Done
      portacnb1 earned a badge
      Week One Done
    • First Post
      m10d earned a badge
      First Post
    • Conversation Starter
      DarkShrunken earned a badge
      Conversation Starter
  • Popular Contributors

    1. 1
      +primortal
      261
    2. 2
      snowy owl
      158
    3. 3
      +FloatingFatMan
      145
    4. 4
      ATLien_0
      140
    5. 5
      Xenon
      131
  • Tell a friend

    Love Neowin? Tell a friend!