How install & configure Squid Proxy Server on CentOS

Install

To install Squid Proxy Server use next commands:

# update server
$ yum update

# install squid package
$ yum install squid*

# start & enable squid service
$ systemctl start squid
$ systemctl enable squid

# check squid service status
$ systemctl status squid

Configure

Configuration file path: /etc/squid/squid.conf

Comment out all local Access Control List (acl) entries.

To allow proxy access by whitelist IP address add next lines:

# Single IP
acl localnet src 192.168.0.1

# or IP range by mask
acl localnet src 192.168.7.0/24

# allow it
http_access allow localnet

To allow proxy access via user/password follow next instructions:

# install a package if not exists
yum install httpd-tools

# create empty file where squid users' passwords will be stored
$ touch /etc/squid/passwd

# change owner to be accessible for service
$ chown squid /etc/squid/passwd

# add new user & set a password
$ htpasswd /etc/squid/passwd <my_user>

# modify configuration file
$ vim /etc/squid/squid.conf

# by adding next lines:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic utf8 on
auth_param basic realm Please enter your credentials for the Proxy Server!
auth_param basic casesensitive on
acl auth_access proxy_auth REQUIRED
http_access allow auth_access

Configure port

# change next param
http_port 3128

Deny access to some websites

# Create a file which will contain disabled websites list, each per new line
touch /var/log/squid/badsites.lst

# Deny blacklisted websites
acl badsites url_regext "/var/log/squid/badsites.lst"
http_access deny badsites 

Notes

Do not forget restart squid proxy service on each configuration file modification:

$ systemctl restart squid

Tail the access log file:

$ tail -f /var/log/squid/access.log

Brief configuration setup for Ubuntu:

// install packages
$ sudo apt update
$ sudo apt install apache2-utils
$ sudo apt install squid

// configuration of /etc/squid/squid.conf
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic utf8 on
auth_param basic realm Please enter your credentials for the Proxy Server!
auth_param basic casesensitive on
acl auth_access proxy_auth REQUIRED
http_access allow auth_access

Be aware of the path for basic_ncsa_auth – it might be located in /etc/lib64/.. or in /etc/lib/..

Crucial: and if you use http_access deny all directive, it must be placed after all other http_access .. directives!

@source:
http://www.squid-cache.org/
https://wiki.squid-cache.org/ConfigExamples

Leave a Reply