Cybersecurity Updates & Tools

Install and Configure Squid Proxy on Ubuntu 18.04: Setup Guide

Squid is a full-featured caching proxy server that supports HTTP, HTTPS, and FTP. It is most commonly used to cache repeated web requests to speed up browsing, filter traffic based on IP or user credentials, and route connections through a specific server. Some teams also use it to bypass geo-restrictions or monitor network activity.

This guide walks you through installing Squid on Ubuntu 18.04, configuring access control and basic authentication, opening the firewall port, and pointing your browser at the proxy.

<strong>Prerequisite:</strong>&nbsp;You need sudo access.

Install Squid Proxy on Ubuntu

Squid is available in Ubuntu’s default repositories. Install it with:

bashsudo apt updatesudo apt install squid

The Squid service starts automatically. Verify it is running:

bashsudo systemctl status squid

Look for Active: active (running) in the output.

Configure Squid Access Control

Squid’s configuration lives in /etc/squid/squid.conf. Before making any changes, back up the original file:

bashsudo cp /etc/squid/squid.conf{,.original}

Open the file for editing:

bashsudo nano /etc/squid/squid.conf

By default, Squid listens on port 3128 on all network interfaces. To bind to a specific IP or change the port, find the http_port line and update it:

http_port IP_ADDR:PORT

Restrict access by IP address

By default, Squid only allows connections from localhost. To allow specific clients, create a dedicated file containing their IP addresses:

# /etc/squid/allowed_ips.txt192.168.33.1

Then add the following lines to squid.conf, before the http_access deny all rule:

acl allowed_ips src "/etc/squid/allowed_ips.txt"http_access allow localhosthttp_access allow allowed_ipshttp_access deny all

The order of http_access rules matters. Squid reads them top to bottom and stops at the first match — similar to how firewall rules work. Always keep http_access deny all at the bottom.

Apply the changes by restarting Squid:

bashsudo systemctl restart squid

Enable Proxy Authentication

Squid supports HTTP basic authentication using a password file. Create a user with openssl and write the credentials to the htpasswd file:

bashprintf "josh:$(openssl passwd -crypt 'Sz$Zdg69')\n" | sudo tee -a /etc/squid/htpasswd

Add the following lines to squid.conf to enable authentication:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswdauth_param basic realm proxyacl authenticated proxy_auth REQUIREDhttp_access allow authenticated

If you want all clients to log in rather than be allowed by IP, replace the http_access allow allowed_ips rule with http_access allow authenticated. Restart Squid after saving.

Open the Squid Port in UFW

If UFW is active on your server, allow Squid traffic with:

bashsudo ufw allow 'Squid'

This opens port 3128 on both IPv4 and IPv6.

Configure Your Browser to Use the Proxy

Firefox: Go to Preferences > Network Settings > Settings. Select Manual proxy configuration, enter your Squid server IP in the HTTP Host field and 3128 in the Port field. Check Use this proxy server for all protocols and click OK.

To verify the proxy is working, open google.com and search “what is my ip” — you should see your Squid server’s IP address instead of your own.

Google Chrome: Chrome uses system proxy settings by default. For a quick test on Linux, start Chrome from the terminal with a dedicated proxy profile:

bash/usr/bin/google-chrome \    --user-data-dir="$HOME/proxy-profile" \    --proxy-server="http://SQUID_IP:3128"

For a persistent setup, use the SwitchyOmega extension to manage proxy configurations directly inside Chrome.

Squid is now installed and configured on your Ubuntu 18.04 server. Whether you use it for caching, traffic filtering, or client access control, the ACL and authentication setup above gives you a solid foundation. Leave a comment below if you run into any issues during setup.