Install and Configure Squid Proxy on Ubuntu 22.04

By Jennifer Mathew

Updated on Feb 18, 2024

In this tutorial, we'll explain how to install and configure Squid proxy on Ubuntu 22.04.

Squid is a stable, popular, open-source HTTP proxy. It is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.Through a proxy server, an end user is able to control and monitor their web traffic for a wide variety of purposes, including privacy, security.

Install and Configure Squid Proxy on Ubuntu 22.04


  • An Ubuntu 22.04 install dedicated server or cloud server
  • A root user access or normal user with administrative privileges.
  • For normal user, use sudo in front of every command.

1. Update Server

Keep the server updated for latest repositories links.

apt update

2. Install Squid Proxy Server

Next, execute following simple command to install Squid proxy. 

apt install squid -y

that's it we have installed Squid proxy server.

3. Configure Squid Proxy Server

Here, we'll see series of configurations. You can choose the modification as per your requirements.


First, let's check how we can change the default port 3128.

Use your favorite editor and open squid.conf file:

nano /etc/squid/squid.conf

Find http_port 3128. Here you can replace any port you want.

http_port 8080

For this demostration purpose, we are keeping the default port.

Allow access to all

At initial, Squid proxy blocks all the incoming access or traffic. We can allow it. Find http_access deny all and replace it with following:

http_access allow all

Important note: Allowing incoming traffic with authentication will allow everyone to connect to the Squid proxy server. This is for temporary, we will deny any traffic and allow authenticated traffic later. 


We can add access control list and add our IP like shown below:

acl localnet src

Basically, it is saying that connect to the server if the traffic is comming from the specified IP.


  • localnet is just name of ACL
  • src is where the request would originate from under this ACL. Mention your IP address.

Save and exit.

We need to restart the Squid service everytime we change anything in squid.conf file.

systemctl restart squid

Configure firewall

Before we proceed further, we need to add Squid proxy port in firewall. If you are not using firewall, you can skip this step.

ufw allow 3128/tcp

Note: If you are using different port, replace 3128 with you port.

We can now test the Squid proxy server using following command:

curl -v -x http://your_server_ip:3128

Note: Replace port 3128 with your port.


*   Trying [server ip]...
* Connected to [server ip] ([server ip]) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to
> Host:
> User-Agent: curl/7.61.1
> Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established

We can test it web browser too.

4. Configuring Squid Proxy Authentication

We can use username and password to connect to the server. If the user is authenticated then only the user can connect to the server otherwise it will give HTTP code 407 from proxy after CONNECT or likewise error.

We can add user and password and use those credetials to connect to the proxy server.

First, we need to install apache2-utils to get access of htpasswd command to generate password. Execute following command to install it:

apt install apache2-utils

Next, Create a passwd file in /etc/squid and add username and password using htpasswd command. Execute following command:

sudo htpasswd -c /etc/squid/passwd [username]

Note: Replace [username] with your username. 

It will prompt and ask for password of the user. Use secure password. Once you enter the password, it will create a file. Let's print the contents of the file using cat command:

sudo cat /etc/squid/passwd

We can see the user we have added with the password.

Next, update the squid.conf to use our /etc/squid/passwd file. Use your favorite editor and edit squid.conf:

nano /etc/squid/squid.conf

Find include /etc/squid/conf.d/* and add following contents below:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

Important note: Here /usr/lib/squid/basic_ncsa_auth, if squid is installed in lib64 directory, replace lib with lib64 and if you have installed squid3, replace squid with squid3.

Find http_access allow all and replace it with http_access deny all. So that only authenticated user can connect with the Squid proxy server.

Save and exit the file.

Restart the Squid service

systemctl restart squid

5, Test Connection

To test the connection and verify that everything set perfectly, execute following command:

curl --proxy http://[server IP]:[port] --proxy-user [username]:[password] -L

Note: Replace [server IP]:[port] [username]:[password] with your details.

Block Websites (Optionally)

If we want to block certain websites for user accessing, we can do it easy. 

First, create a file named blocked.acl in /etc/squid directory. 

nano /etc/squid/blocked.acl

Add websites that we want to block

Save and exit the file.

Edit squid.conf file:

nano /etc/squid/squid.conf

Add following lines after the ACL list we have added for IP address:

acl blocked_social_websites dstdomain "/etc/squid/blocked.acl"
http_access deny blocked_social_websites

Note: We can change the blocked_social_websites name with anyname we want.

Restart squid.service to reflect the changes.

systemctl restart squid

That's it. We have seen how to install and configure Squid proxy on Ubuntu 22.04.