Squid Proxy is an open source caching proxy for the web. It supports many protocols such as HTTP, HTTPS, FTP and more.It can also be used for web filtering.
I am accessing the server with root privilege. Before move on to installation,we may need to update the system and packages using the following command.
# yum update -y
Now install squid using the below command. Squid packages are included in default yum repository.
# yum install squid -y
Once it’s installed, run the commands to start the program and check it’s status.
# systemctl start squid # systemctl status squid
squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2019-04-15 12:40:04 IST; 1s ago Process: 11814 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS) Process: 11809 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS) Main PID: 11815 (squid) Tasks: 3 Memory: 17.6M CGroup: /system.slice/squid.service ├─11815 /usr/sbin/squid -f /etc/squid/squid.conf ├─11817 (squid-1) -f /etc/squid/squid.conf └─11818 (logfile-daemon) /var/log/squid/access.log Apr 15 12:40:04 server.example.com systemd: Starting Squid caching proxy... Apr 15 12:40:04 server.example.com squid: Squid Parent: will start 1 kids Apr 15 12:40:04 server.example.com squid: Squid Parent: (squid-1) process 11817 started Apr 15 12:40:04 server.example.com systemd: Started Squid caching proxy.
By default squid runs on port 3128. You can change the port if you want to start squid on different port. Edit the configuration file of squid ( /etc/squid/squid.conf )and change http_port value.
I changed the port to 9080 and restarted the service using the commands,
# vi /etc/squid/squid.conf # systemctl restart squid
Now check the service is up on the given port,
# netstat -tulpn |grep 9080
tcp6 0 0 :::9080 :::* LISTEN 12069/(squid-1)
We can block single or mutiple websites according to the need. To block a specific site we need to add some rule in /etc/squid/squid.conf .
Open the squid configuration file using vim editor
# vi /etc/squid/squid.conf
Add the following lines under acl list and http_access list.
acl block-site dstdomain domain name http_access deny block-site
Save the changes and restart the service using
# systemctl restart squid
If you need to block multiple websites ,create a file /etc/squid/blocksites.list and put the domains one per line.
Now edit the configuration as like before using vim editor and add the following lines under acl and http_access
acl blockwebsites dstdomain "/etc/squid/blocksites.list" http_access deny blockwebsites
Restart the service and if you try to access the sites , you will get an access denied message from Squid.
Now you have installed and configured Squid proxy server.