This is an old revision of the document!
Squid Proxy
General Information
Squid is “a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.”
Official Site: http://www.squid-cache.org/
Checklist
- Distro: Enterprise Linux 6.x
Install Squid
Squid is available in CentOS base repos.
yum install squid
- Main Config: /etc/squid/squid.conf
- Log file: /var/log/squid/access.log
Configure
Config: /etc/squid/squid.conf
Modify “localnet” acl lines to only the networks you want talking to Squid
acl localnet src 10.1.2.0/24 # my network
Delete/Add to the “Safe_Ports” acl to only accept certain types of traffic
acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 443
Change Squid listening port (if needed)
# Default Squid listen port 3128 http_port 3128
Uncomment the “cache_dir” line to create a space on disk to cache files
cache_dir ufs /var/spool/squid 512 16 256
- The “512” means use 512 MB of space for cached content. This can be increased for busier proxies. (default is 100MB)
Run Squid
Start squid
service squid start
Enable on boot
chkconfig squid on
View Access Log for proxy TCP Hits and Misses
tail -f /var/log/squid/access.log
Point Clients to Squid
You can configure web browsers to go through Squid to take advantage of cached content.
- Firefox
- Options > Preferences > Advanced > Network tab > Connection Settings
- Select “Manual proxy configuration”
- HTTP Proxy: <server-ip>
- Port: <squid-listening-port>
- Click Ok
Web Filter
Squid can also be used as a web filter.
- Create a file of sites to reference
vim /etc/squid/blocked-sites.conf # Blocked Websites www.google.com
- Create a new acl in the main squid config
vim /etc/squid/squid.conf # Blocked Sites ACL acl blockedsites dstdomain "/etc/squid/blocked-sites.conf" # Deny access to the blockedsites ACL http_access deny blockedsites
- Reload Squid for changes to take affect
service squid reload