Configuring Squid Proxy Server

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

1. Check the necessary RPM
#rpm –q squid

if it's not installed first install it
#yum install squid

2. Set the default gateway and the DNS on the proxy server, so it has a direct connection as an internet.
#system-config-network-tui

3. Give the information about your local network on the proxy server.
#nano /etc/squid/squid.conf
Press CTRL + W
Search – our_networks

4. Uncomment this lines
#acl our_networks src 192.168.1.0/24 192.168.2.0/24 //Remove # mark
#http_access allow our_networks //Remove # mark
5. Save (CTRL + O) and Exit (CTRL + X) file

6. Start the proxy service
#service squid start
#chkconfig squid on

Settings up proxy clients

The proxy client is an application that required internet through the proxy server
EX – Internet Explorer, Mozilla Firefox

Fire Fox
Edit --> Preferences --> Advanced --> Network --> Settings --> manually proxy configuration
http proxy : 192.168.2.101 port : 3128 // proxy server IP and port number

Now clients have to access internet through proxy………

Controlling web access through proxy


1. Open the following file
#nano /ect/squid/squid.conf
Press CTRL + W
Search – # http_access deny all

Put all the rules that you want to control web access through proxy under the above comment. All the block rules must come before the allow rules

To block unwanted website
acl blockweb dstdomain .facebook.com .yahoo.com .google.com
http_access deny blockweb

To block unwanted file download
acl blockfile urlpath_regex –i exe$ mp3$ avi$ rar$
http_access deny blockfile

To allow POP3/ SMTP to access mail through proxy server
acl allowmail proto POP3 SMTP
http_access allow allowmail

2. Save (CTRL + O) and exit (CTRL +X) the file

3. Reload squid service
#service squid reload
---------------------------------------------------------
List of acl tags and examples
http://wiki.squid-cache.org
---------------------------------------------------------

14 comments:

Post a Comment