Ubuntu Install Squid

How to install Squid proxy to block ads instead of relying on browser’s ad block which I do not trust fully.

Pros
- Full control of the domains you wish to block/unblock.
- Webpages loads faster.
- Lower CPU utilisation.
- Probably longer battery life too.
Cons
- Manually adding new ads domain.

I installed Ubuntu Server 20.04 in VirtualBox in my MacBook. You can have the Ubuntu installed in another machine or in the cloud, it is entirely up to you. Squid is very lightweight and I ran it with 1 processor with 512MB RAM. Run the commands below to install squid.

sudo apt update
sudo apt upgrade -y
sudo apt install -y squid apache2-utils

Execute the commands below to create a new user for the proxy authentication. Example below I am creating a user “oofnivek”

sudo touch /etc/squid/passwd
sudo chown proxy: /etc/squid/passwd
sudo htpasswd /etc/squid/passwd oofnivek

Edit “/etc/squid/squid.conf” file and set the settings like below. This will prevents sites detecting that you are passing through a proxy.

forwarded_for delete
via off
request_header_access Cache-Control deny all
Image for post
Image for post

Still within the same config file. Add these below the acl ports.

# black listed sites
acl bad_sites dstdomain "/etc/squid/bad-sites.acl"
http_access deny bad_sites
# authentication
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
Image for post
Image for post

Create a file “/etc/squid/bad-sites.acl” to store all the domains you want to block. You can copy my settings below or you can start fresh and slowly add it in.

Beginning with . means blocking all subdomains under that top level domain. To block only specific subdomain, specify the subdomain with domain.

.2o7.net
.addthis.com
.addthisedge.com
.adform.net
.adnxs.com
.adobedtm.com
.adscale.de
adservice.google.com
adservice.google.com.sg
.amazon-adsystem.com
.casalemedia.com
.chartbeat.com
.chartbeat.net
.criteo.com
.crwdcntrl.net
.cxense.com
.demdex.net
.districtm.io
.doubleclick.net
.effectivemeasure.net
.googlesyndication.com
.googletagservices.com
.imrworldwide.com
.moatads.com
.newrelic.com
.nr-data.net
.omnitagjs.com
.ooyala.com
.outbrain.com
.outbrainimg.com
.pubmatic.com
.rubiconproject.com
.scorecardresearch.com
.smartadserver.com
.yieldlove-ad-serving.net
.youbora.com

Lastly, restart Squid for the settings to take effect.

sudo systemctl restart squid

Firefox has a browser only network settings instead of setting it for the entire operating system. Key in the IP of the Ubuntu 20.04 Squid proxy and the default port 3128.

Image for post
Image for post

Optional

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1

< Back to all the stories I had written

Written by

A software engineer, a rock climbing, diving & rollerblading enthusiast, a husband, a father.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store