SMBs

Configure a Squid proxy server through Webmin

Jack Wallen demonstrates how to set up a Squid proxy server through the web-based Webmin administration tool.

A proxy server can prevent employees from visiting certain sites, help reduce the load on your network by caching pages for clients, and make use of SSL to secure connections between clients and servers. Many smaller companies assume they don't have the time or the money to put into setting up a proxy server. Thanks to Webmin, that is not the case.

With the Webmin administration portal, you can easily set up a Squid proxy server and manage that proxy with the user friendly web-based administration tool. I will walk you through the steps of setting up a Squid proxy server through the Webmin tool. I will demonstrate this on a Ubuntu 12.10 platform and do everything through the web-based GUI (no command-line necessary). Because Squid is designed to run on UNIX-like systems (there was a Windows port for a brief period, but it was abandoned), you need to have Webmin running on a UNIX-based system. Once you have Webmin up and running, you are very close to having Squid installed.

Installing Squid

In order to be able to enable the Squid module, Squid needs to be installed; fortunately, Webmin is smart enough to handle this task for you. After you log in to Webmin as an administrator, you can have Webmin install Squid and then enable the module for you. Here's how:

  1. Log in to Webmin as your administrative user.
  2. Scroll down until you see in the left navigation, the Unused Modules section.
  3. Expand Unused Modules and scroll down until you see the entry for Squid.
  4. Click the Squid proxy server entry.
  5. In this new window (Figure A) click the Click Here link to have Webmin run the install. You can watch the progress of the installation fly by in the same screen.
Figure A

Click the image to enlarge.
When the installation completes, refresh the view of your Webmin portal and then expand the Servers section. You should now see a listing for Squid Proxy Server (Figure B). Click the Squid Proxy Server, and you're ready to start setting it up. Figure B

Click the image to enlarge.

Setting up Squid

The first thing you will see is the error "Your Squid cache directory /var/spool/squid3 has not been initialized. This must be done before Squid can be run." In order to initialize this, click the Initialize Cache button (with either an existing user, or you can create a new user/group "proxy"). At this point you will see the "Stopping Squid" warning. Once the system has been initialized, you will be prompted with the Return To Squid Index link. If you continue seeing this error, here's what you need to do:

  1. Open a terminal window.
  2. Open the file /etc/squid3/squid.conf.
  3. Search for the line #cache_dir ufs /var/spool/squid3 100 16 256 (around line 2245).
  4. Remove the "#" character.
  5. Save the file.
  6. Go back to Webmin and click the Initialize Cache button again.

Your plan for using the proxy will dictate how you configure it. Regardless of how you use it, you will want to define the ports used by the proxy first. By default, Squid uses 3128. You can stick with the default, or if you need to go with a non-standard port, here's how to change it:

  1. From the Webmin Squid page, click Ports And Networking.
  2. In the Ports And Networking page (Figure C), configure the port.
  3. Once you have the port set, click Save.
You can set Squid to listen to more than one port by going back into Ports And Network and adding a new port.
Figure C

Click the image to enlarge.

By default, Squid will listen to requests coming from all addresses. You can set this on a per-address or per-hostname basis by entering the IP address or hostname under the Hostname/IP Address column in the table.

Let's say you want to block Facebook using Squid. You must first create a new Access Control List (ACL), which you can do by following these steps:

  1. From the module index, click Access Control.
  2. Below the listing, select Webserver Hostname from the drop-down and click Create New ACL.
  3. In the Create ACL window (Figure D) enter a name for the ACL (Like Facebook) and then enter the domain (facebook.com). (You could even create a single ACL for a group of related domains.)
  4. In the Failure Redirect, enter the page you would like this to be redirected to.
  5. Click Save.
Figure D

Click the image to enlarge.

Now you have to create a Proxy Restriction. Here's how:

  1. Click the Proxy Restriction tab in the ACL window.
  2. Click Add Proxy Restriction.
  3. Select Deny.
  4. Select the new ACL from the list on the left (Figure E).
  5. Click Save.
  6. In the restrictions listing, you can move the restriction up or down (using the arrows) according to your needs. Also, you can allow an ACL by selecting Allow instead of Deny.
Figure E

Click the image to enlarge.

Back at the module index, click Apply Changes to restart Squid with the newly created restrictions.

You should now have a proxy set up to block all access to Facebook (I'm not advocating this practice, just using it as an example). You can apply this same idea to nearly anything you'd like to block. And remember, Squid can be used for a lot more than blocking domains.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

2 comments
Eddie B
Eddie B

GREAT help, thanks Jack! I had the "cache_mem is larger than total disk cache space" warning, which was solved by adding "cache_mem 50 MB" below the line you refer to (the one that needs to be uncommented). How would I add restrictions so that a newly created user (let's call him proxyuser) would be able to connect from any IP and use the proxy to connect to a list of domains (all other domains would be denied, even with valid user)? Thanks again.