Squid Server Installation With Tor and Privoxy On Linux

cd /usr/src

Go to http://www.squid-cache.org/Versions/ and download latest version of Squid server

wget http://www.squid-cache.org/Versions/v4/squid-4.10.tar.gz

Extract it

tar xvf squid-4.10.tar.gz
cd squid-4.10

Configure

./configure \
--prefix=/usr \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--sharedstatedir=/var/lib \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-default-user=squid \
--with-openssl \
--enable-auth \
--enable-http-violations \
--disable-arch-native

Make and install

make && make install

Install Tor and Privoxy

apt update && apt upgrade -y
apt install tor privoxy

Edit or create Privoxy config file

nano /etc/privoxy/config
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
debug 4096 # Startup banner and warnings
debug 8192 # Errors
user-manual /usr/share/doc/privoxy/user-manual
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
buffer-limit 4096
forward-socks4a / 127.0.0.1:9050 .

Edit or create Tor config file

nano /etc/tor/torrc
SocksPort 9050 # what port to open for local application connections
SocksBindAddress 127.0.0.1 # accept connections only from localhost
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
StrictNodes 1
ExcludeNodes {au}, {ca}, {gb}, {nz}, {us} # exclude Five Eyes countries nodes
NodeFamily {au}, {ca}, {gb}, {nz}, {us} # mark all that nodes as they are administrated by Five Eyes
Sandbox 1

Edit or create Squid config file

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl ftp proto FTP
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
http_port 3128
cache_dir ufs /var/lib/spool 1024 16 256 # comment this line if you don't need cache
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
access_log none
cache_log /dev/null
logfile_rotate 0
never_direct allow all
via off
forwarded_for off
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
request_header_access Referer deny all
request_header_access Location deny all
request_header_access Content-Language deny all
request_header_access User-Agent deny all
request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

Create Squid cache directories

chown -R squid:squid /var/lib/spool
squid -z

Start services

squid && service tor start && service privoxy start

That’s it. You can now browse websites anonymously.

If you want to reset the cache

squid -k shutdown
rm -rf /path/to/dir/cache/
mkdir /path/to/dir/cache/
chown -R squid:squid /path/to/dir/cache/
squid -z

1 thought on “Squid Server Installation With Tor and Privoxy On Linux

Leave a Reply

Your email address will not be published. Required fields are marked *