Home Linux CentOS Install & Configure Squid Proxy Server in RHEL7/CentOS7

Install & Configure Squid Proxy Server in RHEL7/CentOS7

What is a Proxy Server? What is Squid proxy??
How to install and configure squid proxy??

What is Proxy Server?

A word ‘Proxy‘ means to represent someone else. A Proxy server acts as intermediatory between client and the server. When the client makes a request to proxy it may be to establish a connection, web page and other resources from another server.

Proxy ServerProxy Server

What is Squid Proxy?

Squid is used as a web proxy and caches the service like HTTPS, HTTP and FTP and more. When clint regularly visit the same websites, it caches the data and reduces the bandwidth in the network.

Uses:

1. Caches the frequently requested websites.
2. Reduces the Network Bandwidth.
3. Improves response times of Web Server.

Installation

Before installing Squid, make sure packages are up to date. You should have root user access or sudo privileges to perform installation.

[arun@example ~]$ sudo yum -y update

Now, run the following command to install the squid

[arun@example ~]$ sudo yum install squid -y

Squid packages are installed and start the squid service and also enable it on the boot.

[arun@example ~]$ sudo systemctl start squid
[arun@example ~]$ sudo systemctl enable squid

To check the status of the squid service run following command

[arun@example ~]$ sudo systemctl status squid 
squid service statusSquid Service Status

How to check the version of squid ?
Run the command:

 [arun@example ~]$ sudo  squid -v

Squid configuration, access log and cache file locations are:
1. Configuration file: /etc/squid/squid.conf
2. Access Log file : /var/log/squid/access.log
3. Cache log file : /var/log/squid/cache.log

Configuration

1. Allow Internet Access to specific IP or IP range through the Squid Proxy Server

To allow the internet to only specific IP or IP range, need to add the new ACL (Access Control List) line in the configuration.

sample output of the /etc/squid/squid.conf file is shown below.

Squid.conf file OutputSquid.conf file output

For example, we want to allow IP range 192.168.100.101 to 192.168.100.255. Add new line at the end of the ACLs list like this:

acl localnet src 192.168.100.100/24
New ACL for Squid Proxy ServerNew ACL for Squid Proxy Server

 

After saving the configuration file, restart the squid service to take effect the applied changes.

 [arun@example ~]$ sudo systemctl restart squid 

NOTE:
1. When many entries are added in the configuration file, it would be difficult to remember which IP address belongs to which user. So for this, use a comment at the end of the entry to remember in the future.
2. If Squid Proxy Server is outside of the Network, then need to use the public IP of the Client.

2. Change Squid Listening Port

Squid runs by default on port 3128. You can also change this port by editing the line started with http_port in /etc/squid/squid.conf file. Replace the default port to your preferred port number and restart the squid service to apply the changes.

Change Squid Listening PortChange Squid Listening Port

3. Allow Only the Specific Port for the HTTP Requests

In the Squid configuration, only some ports are allowed by default. You can add the new entry Safe ports ACL list to open the specific port for the HTTPS requests.

ACl Allow Ports in SquidACl Allow Ports in Squid

For example, want to allow 145 port from squid proxy server.

 acl Safe_ports port 145

Restart the squid service after any changes applied in the configuration file.

[arun@example ~]$ sudo systemctl restart squid 

4. User Based Authentication on Squid

If want to authenticate the user before using the proxy server, can use basic HTTP authentication and need to install the httpd-tools.

[arun@example ~]$ sudo yum -y install httpd-tools

Now, create a new file to store the user for authentication purposes and also change the owner of the file to squid. So squid server can access it.

[arun@example ~]$ sudo touch /etc/squid/passwd
[arun@example ~]$ sudo chown squid /etc/squid/passwd

Next step is to create a user for the proxy. Here we are adding user ‘proxyarun‘ to the /etc/squid/passwd file using the htpasswd tool.

[arun@example ~]$ sudo htpasswd /etc/squid/passwd proxyarun
User Based Authentication in SquidUser Based Authentication in Squid

A user ‘proxyarun’ is created for the authentication. Now go to the configuration file /etc/squid/passwd and add the following lines under the ports ACL.

 auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
 auth_param basic children 5
 auth_param basic realm Squid Basic Authentication
 auth_param basic credentialsttl 2 hours
 acl auth_users proxy_auth REQUIRED
 http_access allow auth_users
Squid configuration for user authenticationSquid configuration for user authentication

After adding these lines, restart the squid service to take affect the changes.

[arun@example ~]$ sudo systemctl restart squid 

When you will use the proxy server, it will ask for the authentication, if it is successful then you can use it otherwise it will through the error on the page.

5. Block Specific Websites Using Squid

To block a specific website, we need to create the new file which will store the list of blocked websites. Here we have created the file name ‘block_websites’. Need to enter only one website per line.

[arun@example ~]$ sudo touch /etc/squid/block_websites
Squid Blocked Websites listSquid Blocked Websites list

After that add the following lines below the Ports ACLs.

Squid Blocked Websites list

 acl bad_urls dstdomain "/etc/squid/block_websites"
 http_access deny bad_urls
Added rule to block websites in Squid

Save the file and restart the squid service.

[arun@example ~]$ sudo systemctl restart squid 

You can check the website listed in block_website is blocked by the squid server.

Key Points:

1.You learned how to install, configured and secured squid proxy server.
2. Learned how to allow specific IP to use squid.
3. Open some ports.
4. Block websites.

Congratulations !!! You have successfully learned to install, configure the squid proxy. If you have any questions, please post them in a comment section.

LEAVE A REPLY

Please enter your comment!
Please enter your name here