Home > Linux > Squid Proxy

Squid Proxy

March 30th, 2009 Dhaval Thakar Leave a comment Go to comments

Squid is a caching proxy server.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Read More

Squid is available with major linux distributions like CentOS, Fedora.

To install Squid

yum install squid

To configure Squid.

vi /etc/squid/squid.conf
visible_hostname test.squid

Restart Squid Service

service squid restart

Use your local squid proxy server ip address & port 3128 (squid default port) to configure in internet clients. While accessing internet you’ll get error Access Denied.

To allow internet access to your local lan.

vi /etc/squid/squid.conf
acl myuser src 192.168.1.0/255.255.255.0
http_access allow myuser

To allow all internet sites, blocking few e.g jobs, community.

acl myuser src 192.168.1.0/255.255.255.0
acl deniedsites url_regex “/etc/squid/denied” #list of the sites blocked
http_access deny myuser deniedsites #to block ban sites
http_access allow myuser

To disabled caching for specific sites, you might require to disable caching for few sites e.g intranet site.

acl MYSITES url_regex “/etc/squid/nocache”
no_cache deny MYSITES

Squid with ARP instead ip address.
You may be using DHCP with minimum lease time, in this case you require to filter sites using MAC ADD instead of ip address.

You need to compile Squid from source with –enable-arp-acl (use squid -v & add all existing configuration option.)

acl yahoomailuser arp “/etc/squid/yahoomailuser” #list of the user’s mac add
acl yahoomail url_regex “/etc/squid/yahoomail” #url allowed
http_access allow yahoomailuser yahoomail

Transparent proxy.

vi /etc/squid/squid.con
http_port 192.168.1.1:3128 transparent # squid local ip address

OR

http_port 3128 transparent

Transparent proxy is used when you do not wish to define proxy settings in clients terminal, for that you need to do port redirection using iptables over gateway.

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

Squid with Clamav scanner.

Share and Enjoy:
  • Digg
  • Twitter
  • Facebook
  • Google Bookmarks
  • StumbleUpon
  • Yahoo! Buzz
  • Reddit
  • BlinkList
  • del.icio.us
  • DZone
  • email
  • IndianPad
  • LinkedIn
  • Live
  • Print
  • Technorati
Categories: Linux Tags: , , , ,
  1. vidyadhards
    April 2nd, 2009 at 07:32 | #1
    Reply | Quote

    Hi
    if you are downloading package from yum on your system it will not get compiled with –enable-arp option better you can download custom rpm package.
    Following is the link of squid rpm
    http://people.redhat.com/jskala/squid/squid-3.0.STABLE13-1.el5/i386/squid-3.0.STABLE13-1.el5.i386.rpm

  1. July 22nd, 2009 at 14:54 | #1
    Linux Readers » Blog Archive » Squid with AVScanner -SquidClamav
  2. July 22nd, 2009 at 14:56 | #2
    Linux Readers » Blog Archive » Linux as Internet Gateway
  3. August 21st, 2009 at 16:42 | #3
    Linux Readers » Blog Archive » Squid Realtime Logs -Sqstat