WEB SEO & WEB DESIGNING

Website Designing Search Engine Marketing

Linux Ubuntu Servers Softwares VPN Servers

Squid + SquidGuard Installing on Ubuntu

Sep 19, 2025

1. What are we installing?

Component Purpose License
Squid Open‑source HTTP/HTTPS proxy and caching server GNU GPL v2 (open-source)
SquidGuard URL filtering & blacklist engine that runs in front of Squid GNU GPL v2 (open-source

Together they give you a proxy that can protect your webtraffic from your PC access to dangerous websites.

2. Quick FAQ

Question Answer
How much does it cost? Both packages are free (open‑source). Commercial support can be purchased from vendors, but the software itself costs nothing.
Is a firewall required? No, SquidGuard does not replace a firewall. It works on top of Squid (a forward proxy). You still need a firewall (UFW, iptables, etc.) to limit who can reach the proxy.
What’s the main benefit of SquidGuard? URL filtering, content‑based blocking, parental controls, bandwidth savings, and the ability to create whitelists/blacklists that apply to all users behind the proxy.

3. Prerequisites

  • Ubuntu 20.04 LTS or newer (the steps work on 22.04/24.04 as well)
  • A user with sudo privileges
  • A machine that will act as the proxy (can be a router, a dedicated VM, or a desktop)

Tip: Keep the system updated before you start.

sudo apt update && sudo apt upgrade -y

4. Installation

4.1 Install Squid

sudo apt install squid -y

Default config file: /etc/squid/squid.conf

4.2 Install SquidGuard

sudo apt install squidguard -y

Default config file: /etc/squidguard/squidGuard.conf

On Ubuntu the SquidGuard package comes with a pre‑built configuration that works out of the box for most use‑cases.
However, you’ll want to tweak it for your own domain names, IP ranges, and blacklist sources.

5. Basic Configuration

5.1 Squid – Listening on Port 3128

Open /etc/squid/squid.conf and ensure the following:

http_port 3128

If you want to restrict access to your LAN only, add:

acl localnet src 192.168.0.0/16   # adjust to your network
http_access allow localnet
http_access deny all

5.2 SquidGuard – Set the Database Directories

Edit /etc/squidguard/squidGuard.conf:

dbroot       /var/lib/squidguard
logroot      /var/log/squidguard
Blacklist    /etc/squidguard/blacklists
Whitelist    /etc/squidguard/whitelists

Create the directories:

sudo mkdir -p /etc/squidguard/blacklists
sudo mkdir -p /etc/squidguard/whitelists

5.3 Create a Simple Blacklist

Create /etc/squidguard/blacklists/exceptions:

# Example
adultporn.com
example.com

The file names are categories. SquidGuard can combine many categories in a single ACL.

5.4 Tell Squid to Use SquidGuard

In squid.conf add the ACL and the url_rewrite_program line:

acl blocked_site dstdomain "/etc/squidguard/blacklists/exceptions"
url_rewrite_program /usr/lib/squid/squidGuard -c /etc/squidguard/squidGuard.conf
url_rewrite_access deny blocked_site

5.5 Restart Services

sudo systemctl restart squid
sudo systemctl restart squidguard

6. Verify the Setup

  1. Check Squid’s status
   sudo systemctl status squid
  1. Test from a client within the LAN
  • Point the browser’s proxy settings to IP_of_proxy:3128.
  • Try visiting adultporn.com → should be blocked.
  • Visit example.com → should be allowed.
  1. Check logs
   sudo tail -f /var/log/squid/access.log
   sudo tail -f /var/log/squidguard/urls.log

7. Firewall (UFW) – Allow Only Trusted Clients

sudo ufw allow from 192.168.0.0/16 to any port 3128
sudo ufw enable

Adjust the subnet (192.168.0.0/16) to match your LAN.

8. Advanced Tips

Topic How to Do It
Automatic Blacklist Updates Use squidguard-update which pulls daily lists from sites like http://www.squidguard.com or https://www.malwarebytes.com.
Whitelist Create /etc/squidguard/whitelists/allowed and define domains that should bypass the blacklist.
Custom Categories Define more files under /etc/squidguard/blacklists/ (e.g., social, video) and reference them in Squid ACLs.
HTTPS (SSL) Filtering Requires ssl-bump in Squid and a self‑signed proxy cert. SquidGuard can’t inspect the SSL handshake, so you’ll need to use Squid’s own blocking rules for HTTPS.
Multi‑Site Proxy Set http_port 3128 + http_port 8080 to expose different interfaces.
Performance Tweak cache_mem, maximum_object_size_in_memory, and maximum_object_size in squid.conf for your traffic profile.

9. Licensing & Cost Recap

Component License Commercial Support
Squid GPL v2 Available from vendors like Squidware, Cisco, or via community support.
SquidGuard GPL v2 Same as Squid; there are not many commercial editions, but you can hire a sysadmin for setup.

Bottom line: The software is free. You only pay for hardware or paid support if you need it.

10. Resources

  • Official Docs
  • Squid: https://wiki.squid-cache.org/ConfigExamples/BasicConfiguration
  • SquidGuard: https://www.squidguard.org/quick-start-guide/
  • Community Forums
  • Ubuntu Forums – Squid section
  • Reddit r/networking
  • Automatic Blacklists
  • https://www.malwarebytes.com/
  • UFW Cheat Sheet
  • https://help.ubuntu.com/community/UFW

TL;DR

  1. sudo apt install squid squidguard
  2. Configure squid.conf (port, ACLs)
  3. Create a simple blacklist in /etc/squidguard/blacklists/
  4. Tell Squid to use SquidGuard (url_rewrite_program).
  5. Restart services.
  6. Open firewall port 3128 for your LAN.
  7. Test from a client.

That’s it! You now have a working Squid proxy with URL filtering powered by SquidGuard, all for free. Happy filtering!

Related Post

Bing IndexNow – How It Works For SEO ?

Sep 22, 2025

How to configure Exim4 as Smarthost with Mailjet

Sep 20, 2025

How to install OpenVPN server in linux ubuntu digitalocean droplet

Sep 17, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.