Linux: Squid Proxy Server Profile

Linux: Squid Proxy Server Profile

Definition:

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources, to aiding security by filtering traffic.

Profile:

Packages :

squid*

Service Name:

squid

Default port :

3128

Config File :

/etc/squid/squid.conf

Log file Path:

/var/log/squid

Configuration Steps of Squid Server:

01. Backup the original configuration  file.

# mv /etc/squid/squid.conf /etc/squid/squid.conf.org

Create a new /etc/squid/squid.conf file with the following contents. Edit the Access Control List (ACL) line for mynetwork to define source network for your local network. This is the network where client systems use the Squid server as their web proxy.

# vi    /etc/squid/squid.conf

acl mynetwork src 192.168.1.0/24
http_access allow mynetwork


02. Add the following lines to the top of the /etc/squid/squid.conf file replacing the example IP address  to make the squid as a HTTP Proxy Server.

cache_dir ufs /var/spool/squid 500 16 256

acl my_machine src 192.168.1.11 #Replace with your IP address

http_access allow my_machine

03. Specifying the HTTP Port

# Squid normally listens to port 3128

http_port 8080 3128 ; [ You can use one or more port ]

 

04. Block bad sites

acl blocksites url_regex "/etc/squid/blocksites"

http_access deny blocksites

05. Block File downloads

acl restrictfiles urlpath_regex "/etc/squid/blockfiles"

http_access deny restrictfiles

06. Restrict download speed ACL

#The numbers here are values in bytes;

#we must remember that Squid doesn't consider start/stop bits

#524288/524288 are values for the whole network

#52428/52428 are values for the single IP
                                                                                                                      
acl speedcontrol src 192.168.1.0/24

delay_pools 1

delay_class 1 2

delay_parameters 1 524288/524288 52428/52428

delay_access 1 allow speedcontrol

 

07. Save and exit from the squid.conf file.

Write the bad site names in the file.

# vi /etc/squid/blocksites

.facebook.com

.twitter.com

.youtube.com

.linkedin

.msn.com

.myspace.com

.flickr.com

.google

 

Write the block file list in the file.

# vi /etc/squid/blockfiles

 

\.torrent$

\.mp3.*$

\.mp4.*$

\.3gp.*$

\.[Aa][Vv][Ii]$

\.[Mm][Pp][Gg]$

\.[Mm][Pp][Ee][Gg]$

\.[Mm][Pp]3$

\.[Ff][Ll][Vv].*$

Start the service and enable it on boot:

#  systemctl enable squid

#  systemctl start squid

If firewall is enabled, allow the Squid port.

#  firewall-cmd --add-port=3128/tcp –permanent

#  firewall-cmd --add-port=8080/tcp --permanent

 



Abul Faeze Mohammad Bakabillah (Russell)

Abul Faeze Mohammad Bakabillah (Russell)

I am A. F. M Bakabillah . Working as an ICT Consultant since 2008 in a Project ( IsDB-BISEW IT Scholarship Programme ) . Along with MTCNA and MTCRE I am Also MCP, MCSA, MCSA: Messaging, RHCE, ITIL & CEH Certified . I am experienced in Routing (Static, OSPF & BGP), VPN and Tunneling (IPSec, PPtP, L2TP, EoIP), Firewall (Filter, NAT, Mangle) , Bandwidth Management, PPPoE, Policy Routing.

Comments 0


There are no comments yet.
Your message is required.

linux-runlevels

LINUX Runlevels

sumanbd77 | 03/25/2020 00:30
spoofing

Spoofing

rbillah | 02/09/2020 22:52