Proxy is one of the major component of adding security to the network. It also acts as a Gateway that receives the request from the clients and then validates it, when it is fine it forwards it to the destination server.
Squid is one of the most popular Open Source Proxy server and a Web Cache Daemon.
It has the wide variety of features from:
1. Speeding up a web server by caching repeated requests.
2. Caching Web, DNS, and other lookups.
3. Controlling bandwidth, Access controlling, etc.
This article explains how to setup Squid Proxy server in your RHEL 5 / CentOS 5 in a easy step-by-step procedure.
1. Active Internet Connection via any means.
2. Super user or root access.
Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:
# yum install squid
Step 2: Adding Squid to system start up (program starts when system boots up).
# chkconfig --level 35 squid on
Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.
Step 3: Now to start the Squid Service:
# service squid start
Step 4: To open the squid configuration file
# vi /etc/squid/squid.conf
If you see this error on the log file:
“WARNING: Could not determine this machines public hostname.
Please configure one or set ‘visible_hostname’ ”.
This needs to be changed, and do something like this:
Step 5: Defining Access Control Lists (ACL)
Access Control Lists are used for purposes like:
1. restrict usages
2. limit web access for host(s).
3. To allow your network to use internet
acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.
Example: This example will allow the localhost to access the internet.
acl localhost src 127.0.0.1/40 http_access allow localhost
Step 6: Allowing a particular network ip range to access internet
Find these lines in squid.conf file:
# http_access allow localhost # http_access deny all
Replace the above two lines like this:
# acl personalnetwork src 10.10.1.0/24 # http_access allow localhost # http_access allow personalnetwork # http_access deny all
Step 7: Restart your Squid server
# service squid restart
Note: if you encounter some error for using “/24“ change it to “ /255.255.255.0 “
and now restart your squid server
Step 8: Blocking Internet access for a particular IP address
# acl block_it src 10.10.1.20 # http_access deny block_it # acl personalnetwork src 10.10.1.0/24 # http access allow personalnetwork
The above acl will block internet access only for 10.10.1.20 and the rest will have access.
Step 9: Restricting internet access by time or Working hours
# acl personalnetwork src 10.10.1.0/24 # acl working_hours time M T W H F 13:00-17:00 # acl block_it src 10.10.1.20 # http_access deny block_it # http_access allow personalnetwork working_hours Step 10: Block particular URL
# acl block_website dst www.facebook.com
# http_access deny block_website
Step 11: Blocking a domain and its sub-domains
# acl blocked_domain dstdomain .google.com # http_access deny blocked_domain
Step 12: Blocking a list of websites using a text file
We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal
# touch /etc/squid/black_list.txt # chmod 444 /etc/squid/black_list.txt # vi /etc/squid/black_list.txt
Enter the url of the websites need to be blocked like this
Now create a create rules in ACL by opening the config file and type the below rules
# acl black_list url_regex "/etc/squid/black_list.txt" # http_access deny black_list
Also you can block URL’s containing specific words like this:
# acl prevent_word url_regex sex # http_access deny prevent_word
Case sensitive words can also be blocked like this ” -i sex ”
Step 13: Block types of files for download
# acl block_type url_regex .*\.exe$ # http_access deny block_type # acl block_type dstdom_regex \.br$ # http_access deny block_type
Step 14: Prompting Username and Password from clients
# htpasswd -c /etc/squid/squid_pass your_username
When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file
# chmod o+r /etc/squid/squid_pass
Now open the config file and add these lines
# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass # acl ncsa_user proxy_auth REQUIRED # http_access allow ncsa_user
We hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux Servers.
Trackback from your site.