How to Install and Configure Squid Proxy on Ubuntu 18.04

Published on

6 min read

Squid Proxy Ubuntu

Squid is a full-featured caching proxy supporting popular network protocols like HTTP, HTTPS, FTP, and more. Squid is mostly used for improving the web server’s performance by caching repeated requests, filtering web traffic and accessing geo-restricted content.

This tutorial will walk you through the process of setting up a Squid Proxy on Ubuntu 18.04 and configuring Firefox and Google Chrome web browsers to use it.

Installing Squid on Ubuntu

Squid package is included in the default Ubuntu 18.04 repositories. To install it enter the following commands as sudo user :

sudo apt updatesudo apt install squid

Once the installation is completed, the Squid service will start automatically.

To verify that the installation was successful and Squid service is running, type the following command which will print the service status:

sudo systemctl status squid
● squid.service - LSB: Squid HTTP Proxy version 3.x
   Loaded: loaded (/etc/init.d/squid; generated)
   Active: active (running) since Thu 2019-06-27 11:45:17 UTC

Configuring Squid

Squid can be configured by editing the /etc/squid/squid.conf file. You can also use separate files with configuration options which can be included using the “include” directive.

The configuration file contains comments that describe what each configuration option does.

Before making any changes, it is a good idea to back up the original configuration file:

sudo cp /etc/squid/squid.conf{,.orginal}

To edit the file, open it in your text editor :

sudo nano /etc/squid/squid.conf

By default, Squid is configured to listen on port 3128 on all network interfaces on the server.

If you want to change the port and set a listening interface, locate the line starting with http_port and specify the interface IP address and the new port. If no interface is specified Squid will listen on all interfaces.

# Squid normally listens to port 3128
http_port IP_ADDR:PORT

Running Squid on all interfaces and on the default port should be fine for most users.

In Squid, you can control how the clients can access the web resources using the Access Control Lists (ACLs).

By default, Squid allows access only from the localhost.

If all of the clients that will use the proxy have a static IP address you can create an ACL that will include the allowed IPs.

Instead of adding the IP addresses in the main configuration file we will create a new dedicated file that will hold the IPs:

# All other allowed IPs

Once done open the main configuration file and create a new ACL named allowed_ips (first highlighted line) and allow access to that ACL using the http_access directive (second highlighted line):

# ...
acl allowed_ips  src "/etc/squid/allowed_ips.txt"
# ...
#http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all

The order of the http_access rules is important. Make sure you add the line before http_access deny all.

The http_access directive works in a similar way as the firewall rules. Squid reads the rules from top to bottom, and when a rule matches the rules below are not processed.

Whenever you make changes to the configuration file you need to restart the Squid service for the changes to take effect:

sudo systemctl restart squid

Squid Authentication

Squid can use different back ends, including Samba , LDAP and HTTP basic auth to authenticated users.

In this tutorial, we’ll configure Squid to use basic auth. It is a simple authentication method built into the HTTP protocol.

We’ll use the openssl to generate the passwords and append the username:password pair to the /etc/squid/htpasswd file using the tee command as shown below:

printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

Let’s create a user named “josh” with password “Sz$Zdg69”:

printf "josh:$(openssl passwd -crypt 'Sz$Zdg69')\n" | sudo tee -a /etc/squid/htpasswd

Now that the user is created the next step is to enable the HTTP basic authentication and include the htpasswd file.

Open the main configuration and add the following:

# ...
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

The first three highlighted lines are creating a new ACL named authenticated and the last highlighted line is allowing access to authenticated users.

Restart the Squid service:

sudo systemctl restart squid

Configuring firewall

Assuming you are using UFW to manage your firewall, you’ll need to open the Squid port. To that enable the ‘Squid’ profile which includes rules for the default Squid ports.

sudo ufw allow 'Squid'

To verify the status type:

sudo ufw status

The output will look something like the following:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
Squid                      ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
Squid (v6)                 ALLOW       Anywhere (v6)  
If Squid is running on another, non-default port, for example, 8888 you can allow traffic on that port with: sudo ufw allow 8888/tcp.

Configuring Your Browser to Use Proxy

Now that you have Squid set up, the last step is to configure your preferred browser to use it.


The steps below are the same for Windows, macOS, and Linux.

  1. In the upper right-hand corner, click on the hamburger icon to open Firefox’s menu:

  2. Click on the ⚙ Preferences link.

  3. Scroll down to the Network Settings section and click on the Settings... button.

  4. A new window will open.

    • Select the Manual proxy configuration radio button.
    • Enter your Squid server IP address in the HTTP Host field and 3128 in the Port field.
    • Select the Use this proxy server for all protocols checkbox.
    • Click on the OK button to save the settings.
    Firefox Squid Proxy

At this point, your Firefox is configured and you can browse the Internet through the Squid proxy. To verify it, open, type “what is my ip” and you should see your Squid server IP address.

To revert back to the default settings go to Network Settings, select the Use system proxy settings radio button and save the settings.

There are several plugins that can also help you to configure Firefox’s proxy settings such as FoxyProxy .

Google Chrome

Google Chrome uses the default system proxy settings. Instead of changing your operating system proxy settings you can either use an addon such as SwitchyOmega or start Chrome web browser from the command line.

To launch Chrome using a new profile and connect to the Squid server, use the following command:

Linux :

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \

macOS :

"/Applications/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \

Windows :

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^

The profile will be created automatically if it does not exist. This way you can run multiple instances of Chrome at the same time.

To confirm the proxy server is working properly, open, and type “what is my ip”. The IP shown in your browser should be the IP address of your server.


You have learned how to install Squid on Ubuntu 18.04 and configure your browser to use it.

Squid is one of the most popular proxy caching servers. It improves the speed of the web server and can help you take restrict user access to the Internet.

If you hit a problem or have feedback, leave a comment below.