Jump to content
Sign in to follow this  

Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux

Recommended Posts


1. Active Internet Connection via any means.

2. Super user or root access.


Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:


# yum install squid


Step 2: Adding Squid to system start up (program starts when system boots up).


# chkconfig --level 35 squid on


Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.

Step 3: Now to start the Squid Service:


# service squid start


Step 4: To open the squid configuration file


# vi /etc/squid/squid.conf


If you see this error on the log file:

“WARNING: Could not determine this machines public hostname.

Please configure one or set ‘visible_hostname’ ”.

This needs to be changed, and do something like this:

visible_hostname yourhost


Step 5: Defining Access Control Lists (ACL)

Access Control Lists are used for purposes like:

1. restrict usages

2. limit web access for host(s).

3. To allow your network to use internet

ACL Syntax:


acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.


Example: This example will allow the localhost to access the internet.


acl localhost src
http_access allow localhost
Step 6: Allowing a particular network ip range to access internet
Find these lines in squid.conf file:
# http_access allow localhost
# http_access deny all
Replace the above two lines like this:
# acl personalnetwork src
# http_access allow localhost
# http_access allow personalnetwork
# http_access deny all
Step 7: Restart your Squid server
# service squid restart


Note: if you encounter some error for using “/24“ change it to “ / “

and now restart your squid server


Step 8: Blocking Internet access for a particular IP address


# acl block_it src
# http_access deny block_it
# acl personalnetwork src
# http access allow personalnetwork


The above acl will block internet access only for and the rest will have access.


Step 9: Restricting internet access by time or Working hours


# acl personalnetwork src
# acl working_hours time M T W H F 13:00-17:00
# acl block_it src
# http_access deny block_it
# http_access allow personalnetwork working_hours
Step 10: Block particular URL
# acl block_website dst www.facebook.com
# http_access deny block_website
Step 11: Blocking a domain and its sub-domains
# acl blocked_domain dstdomain .google.com
# http_access deny blocked_domain


Step 12: Blocking a list of websites using a text file


We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal


# touch /etc/squid/black_list.txt
# chmod 444 /etc/squid/black_list.txt
# vi /etc/squid/black_list.txt


Enter the url of the websites need to be blocked like this




Now create a create rules in ACL by opening the config file and type the below rules


# acl black_list url_regex "/etc/squid/black_list.txt"
# http_access deny black_list
Also you can block URL’s containing specific words like this:
# acl prevent_word url_regex sex
# http_access deny prevent_word


Case sensitive words can also be blocked like this ” -i sex ”


Step 13: Block types of files for download


# acl block_type url_regex .*\.exe$
# http_access deny block_type

# acl block_type dstdom_regex \.br$
# http_access deny block_type
Step 14: Prompting Username and Password from clients
# htpasswd -c /etc/squid/squid_pass your_username
When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file
# chmod o+r /etc/squid/squid_pass
Now open the config file and add these lines
# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass
# acl ncsa_user proxy_auth REQUIRED
# http_access allow ncsa_user


I hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux :)

Edited by Fearless News

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this