Jump to content

  • Log in with Facebook Log in with Twitter Log In with Steam Log In with Google Sign In
  • Create Account

Tutorial info Visit support topic

  • Added on: Feb 26 2013 05:10 AM
  • Date Updated: Feb 27 2013 07:11 AM
  • Views: 6679

Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux

Proxy is one of the major component of adding security to the network. It also acts as a Gateway that receives the request from the clients and then validates it, when it is fine it forwards it to the destination server.

Squid is one of the most popular Open Source Proxy server and a Web Cache Daemon.

Posted by Jopa on Feb 26 2013 05:10 AM

1. Active Internet Connection via any means.
2. Super user or root access.
Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:


# yum install squid


Step 2: Adding Squid to system start up (program starts when system boots up).


# chkconfig --level 35 squid on


Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.
Step 3: Now to start the Squid Service:


# service squid start


Step 4: To open the squid configuration file


# vi /etc/squid/squid.conf


If you see this error on the log file:
“WARNING: Could not determine this machines public hostname.
Please configure one or set ‘visible_hostname’ ”.
This needs to be changed, and do something like this:
visible_hostname yourhost

Step 5: Defining Access Control Lists (ACL)
Access Control Lists are used for purposes like:
1. restrict usages
2. limit web access for host(s).
3. To allow your network to use internet
ACL Syntax:


acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.


Example: This example will allow the localhost to access the internet.


acl localhost src
http_access allow localhost
Step 6: Allowing a particular network ip range to access internet
Find these lines in squid.conf file:
# http_access allow localhost
# http_access deny all
Replace the above two lines like this:
# acl personalnetwork src
# http_access allow localhost
# http_access allow personalnetwork
# http_access deny all
Step 7: Restart your Squid server
# service squid restart


Note: if you encounter some error for using “/24“ change it to “ / “
and now restart your squid server

Step 8: Blocking Internet access for a particular IP address


# acl block_it src
# http_access deny block_it
# acl personalnetwork src
# http access allow personalnetwork


The above acl will block internet access only for and the rest will have access.

Step 9: Restricting internet access by time or Working hours


# acl personalnetwork src
# acl working_hours time M T W H F 13:00-17:00
# acl block_it src
# http_access deny block_it
# http_access allow personalnetwork working_hours
Step 10: Block particular URL
# acl block_website dst www.facebook.com
# http_access deny block_website
Step 11: Blocking a domain and its sub-domains
# acl blocked_domain dstdomain .google.com
# http_access deny blocked_domain


Step 12: Blocking a list of websites using a text file

We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal


# touch /etc/squid/black_list.txt
# chmod 444 /etc/squid/black_list.txt
# vi /etc/squid/black_list.txt


Enter the url of the websites need to be blocked like this




Now create a create rules in ACL by opening the config file and type the below rules


# acl black_list url_regex "/etc/squid/black_list.txt"
# http_access deny black_list
Also you can block URL’s containing specific words like this:
# acl prevent_word url_regex sex
# http_access deny prevent_word


Case sensitive words can also be blocked like this ” -i sex ”

Step 13: Block types of files for download


# acl block_type url_regex .*\.exe$
# http_access deny block_type

# acl block_type dstdom_regex \.br$
# http_access deny block_type
Step 14: Prompting Username and Password from clients
# htpasswd -c /etc/squid/squid_pass your_username
When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file
# chmod o+r /etc/squid/squid_pass
Now open the config file and add these lines
# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass
# acl ncsa_user proxy_auth REQUIRED
# http_access allow ncsa_user


I hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux :)