Jump to content

Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux

Jopa

By Jopa
in Tutorials

 Share

Recommended Posts

Jopa Newbie

Jopa

Posted
Posted (edited)

Requirements:

1. Active Internet Connection via any means.

2. Super user or root access.

Procedure:

Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:

 

# yum install squid
 
 

 

Step 2: Adding Squid to system start up (program starts when system boots up).

 

# chkconfig --level 35 squid on
 
 

 

Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.

Step 3: Now to start the Squid Service:

 

# service squid start
 
 

 

Step 4: To open the squid configuration file

 

# vi /etc/squid/squid.conf
 
 

 

If you see this error on the log file:

“WARNING: Could not determine this machines public hostname.

Please configure one or set ‘visible_hostname’ ”.

This needs to be changed, and do something like this:

visible_hostname yourhost

 

Step 5: Defining Access Control Lists (ACL)

Access Control Lists are used for purposes like:

1. restrict usages

2. limit web access for host(s).

3. To allow your network to use internet

ACL Syntax:



 

acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.
 
 

 

Example: This example will allow the localhost to access the internet.



 

acl localhost src 127.0.0.1/40
http_access allow localhost
Step 6: Allowing a particular network ip range to access internet
Find these lines in squid.conf file:
# http_access allow localhost
# http_access deny all
Replace the above two lines like this:
# acl personalnetwork src 10.10.1.0/24
# http_access allow localhost
# http_access allow personalnetwork
# http_access deny all
Step 7: Restart your Squid server
# service squid restart
 
 

 

Note: if you encounter some error for using “/24“ change it to “ /255.255.255.0 “

and now restart your squid server

 

Step 8: Blocking Internet access for a particular IP address

 

# acl block_it src 10.10.1.20
# http_access deny block_it
# acl personalnetwork src 10.10.1.0/24
# http access allow personalnetwork
 
 

 

The above acl will block internet access only for 10.10.1.20 and the rest will have access.

 

Step 9: Restricting internet access by time or Working hours



 

# acl personalnetwork src 10.10.1.0/24
# acl working_hours time M T W H F 13:00-17:00
# acl block_it src 10.10.1.20
# http_access deny block_it
# http_access allow personalnetwork working_hours
Step 10: Block particular URL
# acl block_website dst www.facebook.com
# http_access deny block_website
Step 11: Blocking a domain and its sub-domains
# acl blocked_domain dstdomain .google.com
# http_access deny blocked_domain
 
 

 

Step 12: Blocking a list of websites using a text file

 

We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal

 

# touch /etc/squid/black_list.txt
# chmod 444 /etc/squid/black_list.txt
# vi /etc/squid/black_list.txt
 
 

 

Enter the url of the websites need to be blocked like this

 

www.xxx.com
www.yyy.com
 
 

 

Now create a create rules in ACL by opening the config file and type the below rules



 

# acl black_list url_regex "/etc/squid/black_list.txt"
# http_access deny black_list
Also you can block URL’s containing specific words like this:
# acl prevent_word url_regex sex
# http_access deny prevent_word
 
 

 

Case sensitive words can also be blocked like this ” -i sex ”

 

Step 13: Block types of files for download



 

# acl block_type url_regex .*\.exe$
# http_access deny block_type

# acl block_type dstdom_regex \.br$
# http_access deny block_type
Step 14: Prompting Username and Password from clients
# htpasswd -c /etc/squid/squid_pass your_username
When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file
# chmod o+r /etc/squid/squid_pass
Now open the config file and add these lines
# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass
# acl ncsa_user proxy_auth REQUIRED
# http_access allow ncsa_user
 
 

 

I hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux :)

Edited by Fearless News
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept