How to Install and Configure Squid Proxy on Arch Linux

Squid is a free, open-source, fully featured proxy server that provides proxy and cache services for Hyper Text Transport Protocol. It reduces bandwidth, reduces server load, and improves response times by caching and reusing frequently-requested web pages. It also offers access control features that help you to filter Internet traffic. Generally, Squid proxies only HTTP connections and supports other protocols including FTP, Gopher, SSL, and WAIS.

In this post, we will show you how to install the Squid proxy server on Arch Linux.

Step 1 – Configure Repository

By default, the default repository is outdated in Arch Linux, so you will need to modify the default mirror list. You can do it by editing the mirrorlist configuration file:

nano  /etc/pacman.d/mirrorlist

Remove all lines and add the following lines:

## Score: 0.7, United States
Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch
## Score: 0.8, United States
Server = http://lug.mtu.edu/archlinux/$repo/os/$arch
Server = http://mirror.nl.leaseweb.net/archlinux/$repo/os/$arch
## Score: 0.9, United Kingdom
Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
## Score: 1.5, United Kingdom
Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch
Server = http://archlinux.dcc.fc.up.pt/$repo/os/$arch
## Score: 6.6, United States
Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
## Score: 6.7, United States
Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
## Score: 6.8, United States
Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
## Score: 7.1, India
Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch
## Score: 10.1, United States
Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch

Save and close the file then update all the package indexes with the following command:

pacman -Syu

Step 2 – Install Squid Proxy Server

By default, the Squid package is included in the Arch Linux default repository. You can install it using the following command.

pacman -S squid

After installing the Squid proxy, start and enable the Squid service using the following command.

systemctl start squid
systemctl enable squid

By default, Squid listens on port 3128. You can check it with the following command.

ss -antpl | grep squid

You will get the following output.

LISTEN 0      0                  *:3128             *:*    users:(("squid",pid=52872,fd=12))

Step 3 – Configure Squid Authentication

Before deploying Squid proxy in your organization, it is recommended to configure user-based authentication on Squid so only valid users can access the internet via Squid proxy.

First, install the Apache package with the following command.

pacman -S apache

Next, create a file to store the Squid user and password.

touch /etc/squid/squid_passwd
chown proxy /etc/squid/squid_passwd

Next, create a new user and set a password.

htpasswd /etc/squid/squid_passwd squiduser

Set your password as shown below:

New password: 
Re-type new password: 
Adding password for user squiduser

Next, edit the Squid configuration file and enable the authentication.

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file.

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file, then restart the Squid proxy service to apply the changes:

systemctl restart squid

Step 4 – Configure Squid to Anonymize Traffic

Next, you will also need to configure Squid to mask client IP addresses and anonymize the traffic. You can do it by editing Squid’s main configuration file.

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file.

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save and close the file, then restart the Squid proxy service to apply the changes:

systemctl restart squid

Step 5 – Verify Squid Proxy

Now, your Squid proxy is installed and configured. It’s time to verify whether Squid is working or not.

To test the Squid proxy, you will need to define your Squid proxy on your desktop computer’s browser settings.

On the desktop system, open Mozilla Firefox and click on Edit => Preferences as shown below:

Scroll down to the Network Settings section and click on Settings. You should see the following page:

Select the Manual proxy configuration radio button, enter your Squid server IP address in the HTTP Host field and 3128 in the Port field, select the “Use this proxy server for all protocols” check box, and click on the OK button to save the settings.

Your browser is now configured to browse the Internet through the Squid proxy.

To verify it, type the URL https://www.whatismyip.com/. You will be asked to provide a username and password as shown below:

Provide your Squid proxy server username and password which you created earlier and click on the OK button. You should see the following page:

Conclusion

Congratulations! You have successfully installed the Squid proxy server on Arch Linux. You can now implement Squid proxy in your organization to cache the content and filter the internet traffic. You can try the Squid proxy server on dedicated server hosting from Atlantic.Net!