Setup a proxy server using squid

→ Are you a new visitor? Please visit the page guidance for new visitors ←

Setup a proxy server using squid

I have written a few articles about how you can create a reverse proxy server for a backend web server and minimize impact on attacks or even on security. This time however I thought of showing you how you can install a proxy server (just a proxy) and secure it using squid configuration rules and iptables. Its not really that hard, but you need to be sure it is secured as there are a few bad users that can use it for different malicious things.

Why use a proxy server?

There are a number of reasons why you would need to use a proxy server, one case in particular were I was glad I had this was when a friend of mine had issues connecting to some part of  a network and he was forced to use a proxy or similar to get by. However since its something that’s needed for work, we needed privacy and security there. So I asked him to use the proxy server installation that I had there installed and was laying around doing nothing (even now).

Using this proxy server my friend was able to do his work properly, even though it would be a bit slower, it was working for him and he could do his job. This type of setup is called transparent proxy configuration.

Installing squid proxy server

To install squid is really simple, almost every distribution now has it in its repos, so you just need to use the package installer to install the proxy server:

After this is done, the proxy server is already installed and ready to work. What you would need to be careful are a few settings I’ll list below:

Using the above settings you would restrict access to a specific port and allow access only to the IPs:

Next would be to specifically allow the ports you want to access through proxy:

The above is the important part where you restrict access to specific ports only, eg. allowing access through proxy only to port 80.

Next you need to restart your squid server with the new settings:

Iptables firewall settings for squid proxy

If you wish to further secure your access to your proxy, you can do this using a firewall, basically you would want to allow access only to your local IP addresses to access your proxy server, so you can use the bellow iptables rules to filter access to port 4500 only to specific IPs:

Of course, don’t forget that you would need to permit access to the ports where you allow the proxy server to connect, for instance:

will allow access externally to port 80. Same would be with your other ports.

That would be all I could think of right now, basically you restrict access using iptables firewall, then using squid configuration rules, so you should be safe if say iptables rules are not loaded.

See you again in our next articles, cheers!

Request an article ←