Tags

, ,

Hi friends, today we will learn how to configure and use squid proxy server in Linux.Squid is a most popular open source software that is used as a proxy server in
many organizations. Before geting into the squid let’s know what actually a proxy
server is.

What is a proxy server ?

A proxy server is a dedicated computer system which acts as an intermediary between web browser and the internet. It sits between a server and a client application to fulfill the requests from clients seeking resources from other servers.

Squid proxy server is basically used  for 2 purposes ==>

1. To reduce the high bandwidth charges with its functionability of content caching.

2. To Restrict access to particular contents in a network means it controls everything what a client should access from internet.

Content caching in proxy server

Now let’s get a brief idea about content caching.

Content caching is a temporary storage of content such as imgaes, files, html web pages etc. Squid server use content caching to reduce bandwith charges.

 

Noteworthy points about Squid proxy server ==>

 

– It is a popular proxy server used in linux.

– Port number of squid server is 3128.

– Used in bandwith controlling.

– Used in web access filtering.

– It uses many restriction policies which can be implemented in a network.

-Highly used for the purpose of content caching.

-Configuration file of squid server in linux is /etc/squid/squid.conf.

-Squid is a high-performance HTTP and FTP caching proxy server.

– Squid proxy is used by various organisation and internet providers to reduce bandwidth and to increase response time.

– We can block specific websites, keywords,ip-address, urls and much more with squid server.

-It is widely used for increasing speed of a web server by caching repeated data.

-When a request comes to squid server, it saves a copy of it and then passes it to the server. Now if the same client again requests the same object then squid immediatly serve it. So that’s how it accerlate speed and save bandwidth.

Installation and configuration of squid proxy in Linux

 

Note : This tutorial is applicable for rhel5/6/7, centos5/6/7 and fedora.

Now we are going to install and configure squid server in Linux . I am using a step by step guide to make it easy to understand. So let’s start

Step 1

First of all check packages required for squid.

#rpm -q squid

 

Step 2

Now install squid with YUM package installation tool.

#yum install squid*

                               or

#yum install squid* -y

here * is used to download all the dependency package required for squid.
here y is used to disable manual yes/no check.

 

Step 3

Start the squid service

#service squid start

 

For Rhel 7 ==>

#systemctl restart squid

 

Step 4

 

Now go to configuration file of squid

# vim /etc/squid/squid.conf

 

Step 5

 

For troubleshooting or viewing logs and for the identity of the cache server, we
need to change the visible_hostname  option in the configuration file of squid server.

 

>To check your hostname simply type ==>

#hostname

 

Now in squid configurtion file change visible_hostname as ==>

visible_hostname  yourhostname
e.g. visible_hostname  helpingyouonlne

 

Step 6

 

By default squid works on port 3128 but you can change it in configuration file.

http_port 3128

 

 

So we had done necessary configurations of squid server . Now let’s use
access control list for web access controlling in a network.

Read more :

|1| Telnet server guide in Linux ??

|2| Complete tutorial on SSH server for Rhel5/Rhel6.

|3|Postfix Server in Linux ?

 

Access control list (ACL) in Squid server.

 

First let’s see the syntax of ACL.

 

acl    aclname     acltype    value

 

Let’s understand the syntax ==>

 

acl ==> here acl tells a squid proxy server that it is a access control list used to implement restriction policies.

 

aclname ==> name of acl or rulename (You can use any name. for e.g
myschoolnetwork)

 

acltype ==> It indicates the type of acl. for example src (source) or dst
(destination)

 

value ==> here you insert an ip address, network address or url etc.

 

How ACL’s are used in Squid proxy Server ?

 

In squid server use of ACL is a two line process ==>

 

First ==> acl aclname acltype value
Second ==> http-access allow/deny aclname

 

IN second line we use http_access statement which tells a squid server whether or
not to allow traffic that matches the ACL.

 

Web Access Restriction and controlling in Squid server.

 

Now we will use acl’s to control the web access of a network. For example i
will take the network 192.168.20.0/24 and implement all possible rules to
control the web access of the network of 192.168.20.0.

 

1. How to allow a network 192.168.20.0 to access the internet?

 

First of all go to squid configuration file.

# vim   /etc/squid/squid.conf

 

By default all the rules are denied in the configuration file. So we have to
find follwing lines in the configuration file ==>

 

http_access allow localhost
http_access deny all

 

simply erase or repalce both lines with your desired acl. For e.g. here we have
to allow internet access to network 192.168.20.0, simple use below acl ==>

acl  mynetwork  src  192.168.20.0/24
http_access  allow  mynetwork

 

Save the configuration file and restart the squid service.

 

#service squid restart

                                    or

#systemctl restart squid

 

2. How to allow localhost to access the internet.

 

acl localhost src 127.0.0.1/32
http_access allow localhost

 

3. How to block a particular ip in a network using squid proxy.

 

If i have to block a particular ip for e.g. 192.168.20.5 in the network 192.168.20.0 then,

 

acl blockip src 192.168.20.5
http_access deny blockip
acl mynetwork src 192.168.20.0/24
http_access allow mynetwork

 

So it means the network 192.168.20.0 is able to access the internet except
192.168.20.5

 

Note: Squid proxy implement rules from top to bottom, So carefully write your rules in correct order from top to bottom.

 

4. Time-based rules in Squid proxy server.

 

If you are in a company/school/college environment then you may need to implement time based rules.
Let’s allow access to internet in a company for a particular time(9:00 – 12:00)

 

acl mynetwork src 192.168.1.0/24
acl working_hours time M T W H F A 9:00-12:00
http_access allow mynetwork working_hours

 

here M = Monday, T = Tuesday, W = Wednesday, H = Thursday, F = Friday, A = Saturday, S = Sunday

5. How to block an explicit website using squid proxy.

 

acl adult_site dst http://www.xyz.com
http_access deny adult_site

 

6. How to block all subdomains of a website.

 

If we block a website in squid like yahoo.com then its subdomains like
mail.yahoo.com are not blocked. To block domain including subdomains we have to
use following acl ==>

Acl block_domain dstdomain .yahoo.com
http_access deny block_domain

 

We can also block a list of domain. For this we have to create a file containing
all domain names.

 

#vim /etc/squid/blockeddomains.txt
http://www.xyz.com
http://www.abc.com
http://www.123.com
>save it and give it required permission
#chmod 444 /etc/squid/blockeddomains.txt

 

No go to squid configuration file and create an ACL ==>

 

acl blocklist url_regex “/etc/squid/blockeddomains.txt”
http_access deny blocklist

 

6. how to block downloading of pdf files.

acl block_pdf url_regex .*.pdf$

http_access deny block_pdf

 

7. How to block a particular keyword using squid proxy.

acl badkeyword url_regex adult
http_access deny badkeyword

 

Note: url_regex is a acl type which stands for URL regular expression pattern matching.

 

Squid proxy server client side configuration

 

Client side configuration of squid server is very easy. You have to just configure your web browser to use the squid proxy. Just follow simple step by step guide =>

Open your favourite browser. For example we take google chrome browser.

Go to setting/advanced setting/change proxy setting

click on Lan setting.

Now insert your IP address and port number. In my case, I have entered 192.168.20.4 as my IP address and 3128 as my port number. Now click ok.

squid kjhkd

 

That’s it , now google chrome is configured for squid proxy. Now you can access the internet on google chrome.

 

Conclusion

Today we have learned squid proxy server installation and configuration on a Linux system. I have tried my best to make it simple and easy to understand. If you encounter any problem regarding this article feel free to comment. Do follow us for more Linux articles and share this article on facebook & twitter.