Install and Configure SQUID Proxy Server on CentOS

Squid Proxy is an open source caching proxy for the web. It supports many protocols such as HTTP, HTTPS, FTP and more.It can also be used for web filtering.

I am accessing the server with root privilege. Before move on to installation,we may need to update the system and packages using the following command.

# yum update -y

Now install squid using the below command. Squid packages are included in default yum repository.

# yum install squid -y

Once it’s installed, run the commands to start the program and check it’s status.

# systemctl start squid
# systemctl status squid
 squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-04-15 12:40:04 IST; 1s ago
  Process: 11814 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 11809 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 11815 (squid)
    Tasks: 3
   Memory: 17.6M
   CGroup: /system.slice/squid.service
           ├─11815 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─11817 (squid-1) -f /etc/squid/squid.conf
           └─11818 (logfile-daemon) /var/log/squid/access.log

Apr 15 12:40:04 server.example.com systemd[1]: Starting Squid caching proxy...
Apr 15 12:40:04 server.example.com squid[11815]: Squid Parent: will start 1 kids
Apr 15 12:40:04 server.example.com squid[11815]: Squid Parent: (squid-1) process 11817 started
Apr 15 12:40:04 server.example.com systemd[1]: Started Squid caching proxy.

By default squid runs on port 3128. You can change the port if you want to start squid on different port. Edit the configuration file of squid ( /etc/squid/squid.conf )and change http_port value.

I changed the port to 9080 and restarted the service using the commands,

# vi /etc/squid/squid.conf 
# systemctl restart squid

Now check the service is up on the given port,

# netstat -tulpn |grep 9080
tcp6       0      0 :::9080                 :::*                    LISTEN      12069/(squid-1) 

We can block single or mutiple websites according to the need. To block a specific site we need to add some rule in /etc/squid/squid.conf .

Open the squid configuration file using vim editor

# vi /etc/squid/squid.conf 

Add the following lines under acl list and http_access list.

acl block-site dstdomain domain name
http_access deny block-site

Save the changes and restart the service using

 # systemctl restart squid

If you need to block multiple websites ,create a file /etc/squid/blocksites.list and put the domains one per line.

domain1.com
domain2.com

Now edit the configuration as like before using vim editor and add the following lines under acl and http_access

acl blockwebsites  dstdomain  "/etc/squid/blocksites.list"
http_access deny  blockwebsites

Restart the service and if you try to access the sites , you will get an access denied message from Squid.

Now you have installed and configured Squid proxy server.