Squid 3 Proxy Setup in Ubuntu 13.10

The newer versions of Squid have been converted to upstart. This is a quick write-up on how we got Squid3 installed on Ubuntu 13.10. We also set it up to allow any users on the local network and require passwords for users outside of the network.

Install Squid3

sudo apt-get install squid3 apache-util

Create file passwd in /etc/squid3/ and change file rights.

sudo touch /etc/squid3/passwd
sudo chmod o+r passwd

Add username and passwords to Squid passwd file

sudo htpasswd passwd your_username.

The following is the squid.conf located at /etc/squid3/squid.conf

http_port 3128

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl ncsa_users proxy_auth REQUIRED

acl SSL_ports port 443 # https

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow ncsa_users
http_access deny all

We then restarted Squid and checked the status

sudo service squid3 restart
sudo service squid3 status

If the status shows stop/wait, check the log in “/var/log/squid3/cache.log” to see why

Leave a Reply

Your email address will not be published. Required fields are marked *