linux_wiki:squid_proxy

This is an old revision of the document!


Squid Proxy

General Information

Squid is “a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.”

Links:

Checklist

  • Distro: Enterprise Linux 6.x

Install Squid

Squid is available in CentOS base repos.

yum install squid
  • Main Config: /etc/squid/squid.conf
  • Log file: /var/log/squid/access.log

Configure

Config: /etc/squid/squid.conf

Modify “localnet” acl lines to only the networks you want talking to Squid

acl localnet src 10.1.2.0/24 # my network

Delete/Add to the “Safe_Ports” acl to only accept certain types of traffic

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443

Change Squid listening port (if needed)

# Default Squid listen port 3128
http_port 3128

Uncomment the “cache_dir” line to create a space on disk to cache files

cache_dir ufs /var/spool/squid 512 16 256
  • The “512” means use 512 MB of space for cached content. This can be increased for busier proxies. (default is 100MB)

Run Squid

Start squid

service squid start

Enable on boot

chkconfig squid on

View Access Log for proxy TCP Hits and Misses

tail -f /var/log/squid/access.log

Point Clients to Squid

You can configure web browsers to go through Squid to take advantage of cached content.

  • Firefox
    • Options > Preferences > Advanced > Network tab > Connection Settings
    • Select “Manual proxy configuration”
    • HTTP Proxy: <server-ip>
    • Port: <squid-listening-port>
    • Click Ok

Web Filter

Squid can also be used as a web filter.

  1. Create a file of sites to reference
    1. vim /etc/squid/blocked-sites.conf
       
      # Blocked Websites
      www.google.com
  2. Create a new acl in the main squid config
    1. vim /etc/squid/squid.conf
       
      ## Blocked Sites ##
      acl blockedsites dstdomain "/etc/squid/blocked-sites.conf"
      http_access deny blockedsites
  3. Reload Squid for changes to take affect
    1. service squid reload
  • Create file of key words
    • vim /etc/squid/blocked-keywords.conf
       
      # Blocked key words
      gaming
  • Create a new ACL in the main squid config
    • vim /etc/squid/squid.conf
      ## Block keywords ##
      acl blockedkeywords url_regex -i "/etc/squid/blocked-keywords.conf"
      http_access deny blockedkeywords

  • linux_wiki/squid_proxy.1446956616.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)