web analytics

Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux

Written by config on . Posted in CentOS, Linux


Proxy is one of the major component of adding security to the network. It also acts as a Gateway that receives the request from the clients and then validates it, when it is fine it forwards it to the destination server.

Squid is one of the most popular Open Source Proxy server and a Web Cache Daemon.

It has the wide variety of features from:

1. Speeding up a web server by caching repeated requests.

2. Caching Web, DNS, and other lookups.

3. Controlling bandwidth, Access controlling, etc.

This article explains how to setup Squid Proxy server in your RHEL 5 / CentOS 5 in a easy step-by-step procedure.



1. Active Internet Connection via any means.

2. Super user or root access.

Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:

 # yum install squid 

Step 2: Adding Squid to system start up (program starts when system boots up).

# chkconfig --level 35 squid on 

Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.

Step 3: Now to start the Squid Service:

# service squid start 

Step 4: To open the squid configuration file

# vi /etc/squid/squid.conf 

If you see this error on the log file:

“WARNING: Could not determine this machines public hostname.

Please configure one or set ‘visible_hostname’ ”.

This needs to be changed, and do something like this:

visible_hostname yourhost

Step 5: Defining Access Control Lists (ACL)

Access Control Lists are used for purposes like:

1. restrict usages

2. limit web access for host(s).

3. To allow your network to use internet

ACL Syntax:

acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.
Example: This example will allow the localhost to access the internet.

acl localhost src 
http_access allow localhost 

Step 6: Allowing a particular network ip range to access internet

Find these lines in squid.conf file:

# http_access allow localhost  
# http_access deny all

Replace the above two lines like this:

# acl personalnetwork src  
# http_access allow localhost  
# http_access allow personalnetwork  
# http_access deny all 

Step 7: Restart your Squid server

# service squid restart

Note: if you encounter some error for using “/24“ change it to “ / “

and now restart your squid server

Step 8: Blocking Internet access for a particular IP address

# acl block_it src 
# http_access deny block_it 
# acl personalnetwork src 
# http access allow personalnetwork 

The above acl will block internet access only for and the rest will have access.
Step 9: Restricting internet access by time or Working hours

# acl personalnetwork src 
# acl working_hours time M T W H F 13:00-17:00 
# acl block_it src 
# http_access deny block_it 
# http_access allow personalnetwork working_hours 
Step 10: Block particular URL

# acl block_website dst www.facebook.com
# http_access deny block_website

Step 11: Blocking a domain and its sub-domains

# acl blocked_domain dstdomain .google.com 
# http_access deny blocked_domain

Step 12: Blocking a list of websites using a text file

We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal

# touch /etc/squid/black_list.txt 
# chmod 444 /etc/squid/black_list.txt  
# vi /etc/squid/black_list.txt 

Enter the url of the websites need to be blocked like this


Now create a create rules in ACL by opening the config file and type the below rules

# acl black_list url_regex "/etc/squid/black_list.txt" 
# http_access deny black_list 

Also you can block URL’s containing specific words like this:

# acl prevent_word url_regex sex 
# http_access deny prevent_word

Case sensitive words can also be blocked like this ” -i sex ”

Step 13: Block types of files for download

# acl block_type url_regex .*\.exe$ 
# http_access deny block_type 

# acl block_type dstdom_regex \.br$ 
# http_access deny block_type 

Step 14: Prompting Username and Password from clients

# htpasswd -c /etc/squid/squid_pass your_username 

When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file

# chmod o+r /etc/squid/squid_pass 

Now open the config file and add these lines

# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass 
# acl ncsa_user proxy_auth REQUIRED 
# http_access allow ncsa_user 

We hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux Servers.

Tags: , , , , , , , , ,

Trackback from your site.

Comments (1)

  • sateesh


    I created these 2 rules to download for range of ip but still not able to download acl allow_exe url_regex .*\.exe$
    http_access allow allow_exe

    acl allow_tld dstdom_regex \.br$
    http_access allow allow_tld

    Please help on this, or else some other way is there to give download option in centos server 5


Leave a comment