Tiny Content Filtering And Web Acceleration Appliance (Ubuntu, Squid, Apache, VMWare) (2022)

On this page

  1. Tiny Content Filtering And Web Acceleration Appliance (Ubuntu, Squid, Apache, VMWare)
    1. Step 1. Download and Install Ubuntu Server 10.10
    2. Step 2. Perform post install configuration of Ubuntu
    3. Step 3. Install Squid Web Caching Proxy
    4. Step 4. Install Apache 2
    5. Step 5. Install QuintoLabs Content Security 1.0
    6. Resume

This small HOWTO will show you how to set up a small virtual machine to speed up and secure your home / small enterprise web surfing network using Ubuntu Server 10.10, Squid 3.1 and Content Security 1.0 deployed in a VMWare Virtual Player running on Windows 7 x64 as a host operating system.

Previously I tested interesting applications using VMWare Virtual Server 1.0 and later 2.0 but always was frustrated by the complex setup procedure of such a heavy weight browser based virtualization beast. Not a long time ago I found out that VMWare Virtual Player is capable of creating virtual machines and was very pleased with its performance and simplicity of the installation.

Step 1. Download and Install Ubuntu Server 10.10

Go to http://www.ubuntu.com/server and get the latest version of Ubuntu server (10.10) 32-bit. The site says the recommended version is x64 bit but as we are trying to create a small virtual machine the 32bit will suffice for our purposes.

Start up the VMWare Virtual Player and create a new virtual machine with the following hardware parameters: name - virtual-qlproxy, hard disk - 8Gb. Press the "Customize the hardware" button and delete the floppy, USB controller, printer and sound card, set the amount of memory to 256Mb. Switch the network adapter from "NAT" mode into "Bridged". Point the virtual CDROM to the ISO image of Ubuntu Server that you have downloaded and start the virtual machine.

Follow the steps of the Ubuntu install wizard mostly accepting the defaults. The only settings that need to be configured are - the hostname (I set it to virtual-qlproxy) and login name and password (I set them to user and [emailprotected] respectively). Now wait a little till the installation is complete and reboot the system.

Step 2. Perform post install configuration of Ubuntu

The IP address of the network interface card of our freshly installed Ubuntu server is set to DHCP. While it is possible to leave it like this it means that every time the server is restarted it may be assigned a different IP address so accessing this server later by IP address may become a little irritating. The easiest way is to set the IP address to static one. To do it we must change the file located at /etc/network/interfaces by typing the following in the terminal:

(Video) UBUNTU: Basic time restrictions with Squid Web Proxy

sudo nano /etc/network/interfaces

Find this line in the file iface eth0 inet dhcp and replace it with:

iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1

NOTE: The provided above settings (IP addresses) are valid for my environment that connects to the ISP using the Cisco/LinkSys Wireless N Broadband Router that has a DHCP server built in that gives out internal IP addresses from the 192.168.1.* private subnet. Your router may give other addresses so please beware :) !

One more thing left to do is adjust the DNS settings. Run the following command in the terminal...

 sudo vi /etc/resolv.conf 

... and add the IP address of the DNS server that runs on router:

nameserver 192.168.1.1

Now restart your networking by typing...

sudo /etc/init.d/networking 

... in the terminal or just restarting the virtual machine. After restart confirm that the networking functions correctly by typing in the terminal:

ping -c 3 192.168.1.1
nslookup google.com

(Video) Reviewing Apache log files in Linux

There should not be any errors in the outputs on these commands.

Step 3. Install Squid Web Caching Proxy

Next we need to install the latest version of the squid proxy server. In order to do that type the following in the terminal:

 sudo apt-get install squid3

The squid package is downloaded from the Internet and is installed automatically. The only thing to do is to let the external users from our network access the squid. Open the squid configuration file by typing...

sudo nano /etc/squid3/squid.conf 

... and uncomment the following lines acl localnet src 192.168.0.0/16 and http_access allow localnet.

Save the file and restart the squid by typing:

 sudo /etc/init.d/squid restart

To verify that squid runs correctly point your browser to the IP address of the proxy server (192.168.1.2) and surf to some web sites.

Step 4. Install Apache 2

It is also a good idea to have a web server installed on the virtual machine. This web server will later host the status and report information for Squid and Content Security for Squid Proxy. In order to have the Apache2 installed issue the following commands in the terminal...

(Video) Open Source Logging: Getting Started with Graylog Tutorial

 sudo apt-get install apache2 libapache2-mod-php5

... then open your browser and navigate to http://192.168.1.2. You should see the "It Works!" greetings from Apache.

Step 5. Install QuintoLabs Content Security 1.0

Next step would be to install the Content Security 1.0 for Squid from QuintoLabs (I will refer to it as qlproxy further in text). In order to do it go to the download area of QuintoLabs web site and download the DEB package for Ubuntu from there http://quintolabs.com/qlicap_download.php. For those who do not know, qlproxy is a content filtering server to be used as a companion to the Squid web proxy that lets you filter/block web downloads, remove advertisements and banners and control web site usage by the proxy clients (i.e. prohibit explicit and adult content).

For now the program integrates with Squid as URL rewriter but the ICAP and/or eCAP integration is on the way. Anyway current URL rewriter capability will suffice for our needs.So in order to install the qlproxy navigate to the downloaded *.deb package in the terminal and type the following command:

 sudo dpkg --install qlproxy_1.0.950.0_i386.deb

The installer will run and after a short while the program will be installed into /opt/quintolabs/qlproxy. Now we need to configure it and integrate it with Squid. The configuration files are plain text and stored in /opt/quintolabs/qlproxy/etc/ *.conf and rather simple to modify with a handful of comments inside. I am going to perform the following modifications:

  1. Redirect the proxy clients to the local instance of Apache server when the traffic is being blocked - to do it open the qlproxyd.conf file and find the qls_redirect_url = http://www.quintolabs.com/redirect/index.php line and change it to qls_redirect_url = http://192.168.1.2/redirect/index.php.
  2. I personally do not like excessive advertising on the web sites so as I often browse through Russian and German web sites I will also enable adblock filtering by uncommenting the corresponding russian and german adblock subscriptions in qladb.conf file.
  3. My kids sometimes play online games on my computer so I prefer to set the level of adult blocking heuristics to high in the qlproxyd.conf file - by changing from qlurlb_heuristics_level = normal to qlurlb_heuristics_level = high. If anything is blocked by the qlproxy I can later add it to the exceptions.conf file to have it passed through.
  4. I heard that worms, trojans and other malware related software often connect to the world by IP addresses so I put a magic regexp into the qlhttpb.conf file to filter them out url = http://\d+\.\d+\.\d+\.\d+/.*

Good for now, let us issue a restart command to make the qlproxyd daemon reload the configuration:

 sudo /etc/init.d/qlproxy stop && /etc/init.d/qlproxy start

Next we need to integrate it with Squid. As the qlproxy now uses the url rewriter functionality of Squid the integration is straightforward and works for both Squid 3 and Squid 2. Open /etc/squid3/squid.conf and find the url_rewrite_program section. Add the following url_rewrite_program /opt/quintolabs/qlproxy/sbin/qlproxyd_redirector --config_path=/opt/quintolabs/qlproxy/etc/qlproxyd.conf.

The number of url rewriters needs to be set to a reasonable value (default is 5). These 5 would fit nice for the kind of networking environment I have in place so ensure you have the url_rewrite_children set to 5. The URL rewriter is single threaded so it is better to leave the url_rewrite_concurrency at its default value.

(Video) Install Ubuntu LAMP Server 12.04 LTS into VirtualBox

So the integration with squid is now complete and we can restart the squid and see of it is able to start the url rewriters. Issue the following command in the terminal...

 sudo /etc/init.d/squid3 restart

... after restart finishes the...

 ps aux | grep qlproxy 

... should show you the running 5 instances of qlproxyd_redirector created by squid and the qlproxyd daemon itself.

The last thing to do is to integrate the qlproxy with Apache to be able to see the reports on user activities (generated once a day) and redirect pages that could explain the users why their request was blocked. This is actually quite easy, open the /etc/apache2/sites-enabled/default file and add the following to it:

Alias /redirect /opt/quintolabs/qlproxy/redirectOptions FollowSymLinksAllowOverride NoneAlias /redirect /opt/quintolabs/qlproxy/reportsOptions FollowSymLinksAllowOverride None

Now reload the apache by typing in the terminal:

 sudo /etc/init.d/apache2 restart

Resume

Finally everything is in place to start the accelerated secure web surfing without adverts - point your browser to 192.168.1.2 port 3128 and browse to your favourite website and see the difference. The IP addresses in URLs are blocked and explicitly adult content sites are too. The VMWare takes not more than 256 MB and surfing experience is quite acceptable. The system is automatically updated once a day for the latest url block list and advert subscriptions and requires minimal additional maintenance.

FAQs

What is Squid proxy used for? ›

Squid is a widely-used caching proxy server for Linux and Unix platforms. This means that it stores requested Internet objects, such as data on a Web or FTP server, on a machine that is closer to the requesting workstation than the server.

Is there a GUI for Squid? ›

Full Squid User Interface

We provide a full GUI for configuration and management of Squid, as well as reporting, alerts, APIs, graphing and more. You can set up a brand new Squid Cache installation or integrate with your existing one.

How do I know if my squid proxy is working? ›

To check whether Squid is running, choose one of the following ways:
  1. Using systemctl : > systemctl status squid. The output of this command should indicate that Squid is loaded and active (running) .
  2. Using Squid itself: > sudo squid -k check | echo $?

What is AWS Squid? ›

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Typical Total Price. $0.092/hr.

Is Squid a good proxy? ›

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms, and monitoring of critical parameters via the Simple Network Management Protocol (SNMP).

What network is Squid on? ›

Episodes. Squid Game consists of one season with nine episodes at a run time of 32 to 63 minutes. All nine episodes were written and directed by Hwang. The full series was released in all Netflix worldwide markets on September 17, 2021.

How do you set up a squid? ›

  1. Installing Squid Proxy on Ubuntu. Step 1: Refresh the Software Repositories. Step 2: Install Squid Package on Ubuntu.
  2. Configuring Squid Proxy Server.
  3. Configure Squid Client. Add Squid ACL. Configure Proxy Authentication. Add a new user and password. Block Websites on Squid Proxy.
  4. Commands When Working with the Squid Service.
Feb 15, 2019

What is Squid Analysis Report Generator? ›

SARG is a tool that analyses the proxy log files and creates beautiful reports out of it. It is handy to see how much bandwidth is used by individual machines on the network and one can check on which websites the network's users are surfing.

How do you get rid of squid? ›

  1. Remove squid apt-get remove --purge squid apt-get remove --purge squid3.
  2. Install squid apt-get install squid apt-get install squid3.
  3. Copy the file squid.conf directory squid.

How can I tell if squid is running on Ubuntu? ›

To verify it, open google.com , type “what is my ip” and you should see your Squid server IP address. To revert back to the default settings, go to Network Settings , select the Use system proxy settings radio button and save the settings.

What is Squid proxy in Linux? ›

Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP.

Is squid a reverse proxy? ›

Squid as Reverse Proxy

Whereas a typical proxy generally provides internal clients with external web content, a reverse proxy functions in exactly the opposite manner: In this case, content from one or multiple internal web servers is loaded so as to be provided to external clients.

What is the proxy server? ›

A proxy server is an intermediary server that retrieves data from an Internet source, such as a webpage, on behalf of a user. They act as additional data security boundaries protecting users from malicious activity on the internet. Proxy servers have many different uses, depending on their configuration and type.

How do I setup a AWS proxy server? ›

Follow the steps below to create a proxy server. Step 1: Go to the AWS console and select EC2 from the services. Step 2: Select Instances from the left panel and then click in Launch instance. Step 3: From the list, select Ubuntu Server 18.04 LTS, and click in next.

Where is Squid based? ›

In fact, these are actually filmed on real-life sets in the city of Daejeon! Some of the series' casts have posted behind-the-scenes and geotagged Daejeon as their location. Often dubbed as Asia's Silicon Valley, Daejeon is one of South Korea's major cities.

How does Squid work with https? ›

We are using Squid since it is designed to act as a caching proxy for the web supporting HTTP, HTTPS, FTP, and more. When ssl-bumping is enabled, Squid will decrypt and re-encrypt the SSL traffic using a configurable CA certificate.

How do I setup a proxy server in Linux? ›

How to Set Up a Linux Proxy Server
  1. The first thing to do is to update to the latest package list. Use the “Sudo apt-get update”.
  2. Install Squid Proxy server.
  3. Start and enable the proxy server.
  4. To see the status use “systemctl status” command. ...
  5. To see which port the proxy is running use “netstat –tnlp”.

What is squid port? ›

By default, Squid launches a session listening on port 3128.

How install squid on Windows? ›

To install Squid on Windows, follow these steps:
  1. Download the Squid MSI installer and install Squid.
  2. Click the Squid for Windows icon in the tray menu and select Stop Squid Service.
  3. Navigate to the Squid installation folder, for example C:\Squid\bin, and run the following command from command line:
  4. squid.exe -z -F.

What is a caching proxy? ›

Proxy caching is a feature of proxy servers that stores content on the proxy server itself, allowing web services to share those resources to more users. The proxy server coordinates with the source server to cache documents such as files, images and web pages.

Is Squid a reverse proxy? ›

Squid as Reverse Proxy

Whereas a typical proxy generally provides internal clients with external web content, a reverse proxy functions in exactly the opposite manner: In this case, content from one or multiple internal web servers is loaded so as to be provided to external clients.

What is a caching proxy? ›

Proxy caching is a feature of proxy servers that stores content on the proxy server itself, allowing web services to share those resources to more users. The proxy server coordinates with the source server to cache documents such as files, images and web pages.

What would http tunneling be used? ›

HTTP tunneling is used to create a network link between two computers in conditions of restricted network connectivity including firewalls, NATs and ACLs, among other restrictions. The tunnel is created by an intermediary called a proxy server which is usually located in a DMZ.

What does Squid do in Linux? ›

Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP.

Where is Squid installed? ›

The default Squid configuration file is located in the '/etc/squid/ directory, and the main configuration file is called “squid. conf”. This file contains the bulk of the configuration directives that can be modified to change the behavior of Squid.

How do I enable caching in Squid? ›

How to enable caching on Squid for Windows?
  1. Make sure that the directory d:\squidcachedir exists and empty (create with mkdir command if necessary).
  2. Add the caching directive to the config file squid.config. ...
  3. Stop the squid service.

How do I connect to Squid proxy? ›

Configure the client
  1. Tools>Options>Advanced>Network>Settings...
  2. Select Manual proxy configuration and tick the 'use this proxy server for all protocols' box.
  3. Under HTTP Proxy: add the squid listening IP address, 10.0. 0.1. In the Port: section add the squid listening port 3128.
  4. Click OK to save the changes.
Dec 20, 2021

What is Squid port? ›

By default, Squid launches a session listening on port 3128.

What is Squid forward proxy? ›

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.

What is the most common caching proxy? ›

The most common caching proxy is the HTTP proxy which caches web pages from servers on the Internet for a set amount of time.

Is a VPN a proxy? ›

No. A VPN and proxy server both mask your IP address. But a VPN will also encrypt the data you send and receive, something that a proxy server doesn't do. If you are already using a VPN, then, connecting to a website or app through a proxy server would be an unnecessary step.

Why web cache is called as proxy server? ›

A Web proxy cache is a type of cache that stores and delivers frequently accessed websites, images and/or objects on the Internet. It is designed to help in delivering Internet-based data and objects more quickly to end users and also to free up bandwidth. A Web proxy cache is also known as a proxy cache.

What is HTTP tunneling and why do attackers need? ›

Applications and attacks have quickly learned that they can evade firewalls and other security devices via HTTP tunneling. HTTP tunneling is a method of evading network firewalls and access control policies by encapsulating traffic in HTTP headers and sending it over the most open port in the network – port 80.

What is a tunnel and how you can bypass a HTTP proxy? ›

HTTP-Tunnel comes in to play by acting as a middle man in relaying the traffic between your blocked applications using port 80 which is normally not blocked and to the destination server, effectively bypassing the restrictions on firewall and proxy.

How many types of proxy server are there? ›

Types of Proxy Servers | Learn 11 Types of Proxy Servers.

Videos

1. You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!
(Craft Computing)
2. A Modern Linux Graphical TERMINAL SERVER | Complete Guide for Remote Access | Any Device, Many Users
(apalrd's adventures)
3. Jellyfin: A Complete Installation Tutorial
(Switched to Linux)
4. How to Create an Always Free Website on the Oracle Cloud
(Tony Teaches Tech)
5. your home router SUCKS!! (use pfSense instead)
(NetworkChuck)
6. Bloqueando sites pornográficos com Squid-Cache e SquidGuard - Prática 4a2f8c
(aiedonline)

Top Articles

Latest Posts

Article information

Author: Aracelis Kilback

Last Updated: 07/31/2022

Views: 6375

Rating: 4.3 / 5 (44 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Aracelis Kilback

Birthday: 1994-11-22

Address: Apt. 895 30151 Green Plain, Lake Mariela, RI 98141

Phone: +5992291857476

Job: Legal Officer

Hobby: LARPing, role-playing games, Slacklining, Reading, Inline skating, Brazilian jiu-jitsu, Dance

Introduction: My name is Aracelis Kilback, I am a nice, gentle, agreeable, joyous, attractive, combative, gifted person who loves writing and wants to share my knowledge and understanding with you.