How To Install And Access Configure Squid on Linux

For Debian-based systems execute the following commands:

user@localhost: ~ sudo apt update


user@localhost: ~ sudo apt upgrade

To install the latest version for your distribution you will use the command:

user@localhost: ~ sudo apt install squid

Check if it is running:

user@localhost: ~ systemctl status squid

Access configuration

Configuration file /etc/squid/squid.conf, and also the line ‘include /etc/squid/conf.d/*’ will pull up all the files in the /etc/squid/conf.d/ directory. Subnets from which will be posible access are defined by strings that starts with the keywords “http_access allow …” If there is a line “http_access allow localnet” then the localnet definishion should be above.

acl localnet src
acl localnet src

Each such line will add its entry to the list of localnet networks

To prohibit downloading files by extension *.exe, *.bat, *.cmd, *.avi for connections not protected with https. To the /etc/squid/squid.conf file add a string like this:

acl my_blacklist url_regex "/etc/squid/ext_blacklist"

http_access deny my_blacklist

Create file /etc/squid/ext_blacklist:

user@localhost: ~ sudo nano /etc/squid/ext_blacklist

Add regular expressions:


To access from our subnet we need to open port 3128in the firewall <MY_LOCAL_NET> (for example: ). In case of firewalld we need to execute commands:

user@localhost: ~ sudo firewall-cmd --zone work -add-source <MY_LOCAL_NET>
user@localhost: ~ sudo firewall-cmd --zone work --add-port=3128/tcp
user@localhost: ~ sudo firewall-cmd --runtime-to-permanent

For iptables before prohibited rules you need to insert a line: (Strongly depends on existing rules, and before adding review already existing rules using the following command: iptables -nvL –line ):

user@localhost: ~ sudo iptables -I INPUT 3 -s <MY_LOCAL_NET> -p tcp --dport 3128 -j ACCEPT

For nftables you need to insert in the /etc/nftables.conf file before prohibited rules line like this:

ip saddr <<MY_LOCAL_NET> tcp dport 3128 accept


If you are logged in as root superuser then the command sudo (temporary acquisition of the superuser rights) will not be needed

Was this article helpful?

Related Articles

Leave A Comment?