====== Squid Proxy ======
**General Information**
Squid is "a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages."
Links:
* Official Site: http://www.squid-cache.org/
* Squid Logs: http://wiki.squid-cache.org/SquidFaq/SquidLogs
**Checklist**
* Distro(s): Enterprise Linux 6
----
====== Install Squid ======
Squid is available in CentOS base repos.
yum install squid
* Main Config: /etc/squid/squid.conf
* Log file: /var/log/squid/access.log
----
====== Configure ======
Config: /etc/squid/squid.conf
Modify "localnet" acl lines to only the networks you want talking to Squid
acl localnet src 10.1.2.0/24 # my network
Delete/Add to the "Safe_Ports" acl to only accept certain types of traffic
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
Change Squid listening port (if needed)
# Default Squid listen port 3128
http_port 3128
Uncomment the "cache_dir" line to create a space on disk to cache files
cache_dir ufs /var/spool/squid 512 16 256
* The "512" means use 512 MB of space for cached content. This can be increased for busier proxies. (default is 100MB)
----
====== Run Squid ======
Start squid
service squid start
Enable on boot
chkconfig squid on
View Access Log for proxy TCP Hits and Misses
tail -f /var/log/squid/access.log
----
====== Point Clients to Squid ======
You can configure web browsers to go through Squid to take advantage of cached content.
* Firefox
* Options > Preferences > Advanced > Network tab > Connection Settings
* Select "Manual proxy configuration"
* HTTP Proxy:
* Port:
* Click Ok
----
====== Web Filter ======
Squid can also be used as a web filter.
===== Block Domains =====
- Create a file of sites to reference
- vim /etc/squid/blocked-sites.conf
# Blocked Websites
www.google.com
- Create a new acl in the main squid config
- vim /etc/squid/squid.conf
## Blocked Sites ##
acl blockedsites dstdomain "/etc/squid/blocked-sites.conf"
http_access deny blockedsites
- Reload Squid for changes to take affect
- service squid reload
===== Block Key Words =====
* Create file of key words
* vim /etc/squid/blocked-keywords.conf
# Blocked key words
gaming
* Create a new ACL in the main squid config
* vim /etc/squid/squid.conf
## Block keywords ##
acl blockedkeywords url_regex -i "/etc/squid/blocked-keywords.conf"
http_access deny blockedkeywords
----