In this tutorial, we will be discussing how to install Squid Proxy Server, which is a widely-used Open Source web proxy. But before we dig deep into it, let's discuss what is a Web proxy server & what are the benefits of using a web proxy.

Web Proxy

A proxy is an intermediary/middle-agent between computer/computers & other resources, mostly the internet. It seeks requests from clients & transfers them to the internet.

Benefits of a Web Proxy

  • It can be used to accelerate the internet as a proxy can build up a cache of frequently used websites, which makes it easier & faster to load up after,
  • Can be used to block/allow websites as required,
  • also can be used to bypass another web proxy. For example, in many organizations, Social networking websites like Facebook, Twitter, Youtube, etc are not allowed. So a web proxy can be used to bypass those restrictions & provide access to restricted websites.

Squid proxy server

It's a caching proxy server that supports HTTP, HTTPS, FTP. It can be used as an accelerating server, thereby decreasing response time & reducing bandwidth. It can also be used for the purpose of Web filtering due to the availability of extensive access controls. In this tutorial, we will be exploring the web filtering part in this tutorial.

Scenario Setup

Firstly, to test or create a squid proxy setup, we will need a squid server & a client machine.

Squid server                                                              Client's Machine

OS : Centos/RHEL 6 or 7                                       OS: Centos/RHEL 6 or 7

Hostname: server.test.com                                   Hostname: client1.test.com

IP Address :192.168.1.100                                      IP Address : 192.168.1.101

Important

Configuration file       /etc/squid/squid.conf

Default port                 3128

( Also Read: Setting up SQUID AUTHENTICATION )


Install Squid Proxy Server

In order to install, use the following command

# yum install squid -y


Configuration

We need to create an ACL rule (Access Control List), which is the list or rule with a list of access control entries. Some acl rules are already written in the configuration file by default in the configuration file,

acl localhost src 127.0.0.1/32
http_access allow localhost                                               (some lines below the above line)

So, this is what an acl rule looks like. Let's see what this means,

firstly,acl this is declaring that a new acl is starting

then, localhost is the name of acl created

src is used in case acl is for local IP address , srcdomain is used for declaring Localdomain, dst for public IP & dstdomain for public domain name

and lastly,127.0.01/32 declares the IP Address on which the acl is to be applied, in this case, its localhost or 127.0.0.1

Next line i.e. http_access allow localhost, means

http_access will initiate an action based on the next word

allow/deny will either allow or deny access

and, localhost again is the name of acl as declared above.

So, basically that how we create an ACL/rule in the squid proxy server.

Now, let's restart our server (with the default config file) & configure the client machine to see if the proxy is working properly.

# service squid restart
# chkconfig squid on

Note  Its always wise to have a backup of the original configuration file when starting to make changes. So, create a backup a backup of before starting.


 Configuration on Client Side

Open Firefox Browser &

  • Open Edit menu ---> Preferences ---> Advanced ----> Settings
  • Check the box ' Manual proxy configuration' & enter the IP Address & Port Number of the squid proxy server.

In our case, it's 192.168.1.100 & 3128.

  • Click OK

& that's all we need to configure on the Client's side.

Then we check out if its works. Open a website (for example Facebook.com), if a proxy server is working properly you will be greeted with an error ' Access Denied’. That’s because by default internet access is denied for all in the server.

Now, let's check logs in the server, to see if a request was received by a proxy server or not,

tail -f /var/log/squid/access.log

and it should show you all the received requests from client to server.


Restricting access to websites

In order to restrict access to a website, open configuration file & then create a new acl

acl blacksite .facebook.com

and deny access to the acl

Note Also set http_access deny all to http_access allow all , otherwise we won't be able to access the internet.

Now, restart your squid proxy server to apply changes or we can also use squid -k reconfigure to implement changes to the server without restarting the server.

then, we will access the client’s machine and open Facebook but you won't be able to access it at all. As for other websites you can access them just fine.

 

So, this completes part 1 of the tutorial on how to install squid proxy. In part 2 of tutorial ,we will discuss how to block multiple websites, creating time-based acl & also using cache to speed up browsing.

If you have any comments/suggestions feel free to mention them below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter

Linux TechLab is thankful for your continued support.