Jump to content
Sign in to follow this  
Jopa

Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux

Recommended Posts

Requirements:

1. Active Internet Connection via any means.

2. Super user or root access.

Procedure:

Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command:

 

# yum install squid
 
 

 

Step 2: Adding Squid to system start up (program starts when system boots up).

 

# chkconfig --level 35 squid on
 
 

 

Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode.

Step 3: Now to start the Squid Service:

 

# service squid start
 
 

 

Step 4: To open the squid configuration file

 

# vi /etc/squid/squid.conf
 
 

 

If you see this error on the log file:

“WARNING: Could not determine this machines public hostname.

Please configure one or set ‘visible_hostname’ ”.

This needs to be changed, and do something like this:

visible_hostname yourhost

 

Step 5: Defining Access Control Lists (ACL)

Access Control Lists are used for purposes like:

1. restrict usages

2. limit web access for host(s).

3. To allow your network to use internet

ACL Syntax:



 

acl aclname acltype value
aclname = rulename (something like personalnetwork )
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = this could be ip address, networks, URLs , etc.
 
 

 

Example: This example will allow the localhost to access the internet.



 

acl localhost src 127.0.0.1/40
http_access allow localhost
Step 6: Allowing a particular network ip range to access internet
Find these lines in squid.conf file:
# http_access allow localhost
# http_access deny all
Replace the above two lines like this:
# acl personalnetwork src 10.10.1.0/24
# http_access allow localhost
# http_access allow personalnetwork
# http_access deny all
Step 7: Restart your Squid server
# service squid restart
 
 

 

Note: if you encounter some error for using “/24“ change it to “ /255.255.255.0 “

and now restart your squid server

 

Step 8: Blocking Internet access for a particular IP address

 

# acl block_it src 10.10.1.20
# http_access deny block_it
# acl personalnetwork src 10.10.1.0/24
# http access allow personalnetwork
 
 

 

The above acl will block internet access only for 10.10.1.20 and the rest will have access.

 

Step 9: Restricting internet access by time or Working hours



 

# acl personalnetwork src 10.10.1.0/24
# acl working_hours time M T W H F 13:00-17:00
# acl block_it src 10.10.1.20
# http_access deny block_it
# http_access allow personalnetwork working_hours
Step 10: Block particular URL
# acl block_website dst www.facebook.com
# http_access deny block_website
Step 11: Blocking a domain and its sub-domains
# acl blocked_domain dstdomain .google.com
# http_access deny blocked_domain
 
 

 

Step 12: Blocking a list of websites using a text file

 

We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal

 

# touch /etc/squid/black_list.txt
# chmod 444 /etc/squid/black_list.txt
# vi /etc/squid/black_list.txt
 
 

 

Enter the url of the websites need to be blocked like this

 

www.xxx.com
www.yyy.com
 
 

 

Now create a create rules in ACL by opening the config file and type the below rules



 

# acl black_list url_regex "/etc/squid/black_list.txt"
# http_access deny black_list
Also you can block URL’s containing specific words like this:
# acl prevent_word url_regex sex
# http_access deny prevent_word
 
 

 

Case sensitive words can also be blocked like this ” -i sex ”

 

Step 13: Block types of files for download



 

# acl block_type url_regex .*\.exe$
# http_access deny block_type

# acl block_type dstdom_regex \.br$
# http_access deny block_type
Step 14: Prompting Username and Password from clients
# htpasswd -c /etc/squid/squid_pass your_username
When it prompts for the password enter a new password that you would like to authenticate.
Now set permissions for this file
# chmod o+r /etc/squid/squid_pass
Now open the config file and add these lines
# auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass
# acl ncsa_user proxy_auth REQUIRED
# http_access allow ncsa_user
 
 

 

I hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux :)

Edited by Fearless News

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×