Linux: Squid Proxy Server Profile
By Abul Faeze Mohammad Bakabillah (Russell) post at Nov 28, 2019
By Abul Faeze Mohammad Bakabillah (Russell) post at Nov 28, 2019
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources, to aiding security by filtering traffic.
Packages : |
squid* |
Service Name: |
squid |
Default port : |
3128 |
Config File : |
/etc/squid/squid.conf |
Log file Path: |
/var/log/squid |
# mv /etc/squid/squid.conf /etc/squid/squid.conf.org
Create a new /etc/squid/squid.conf file with the following contents. Edit the Access Control List (ACL) line for mynetwork to define source network for your local network. This is the network where client systems use the Squid server as their web proxy.
# vi /etc/squid/squid.conf
acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
cache_dir ufs /var/spool/squid 500 16 256
acl my_machine src 192.168.1.11 #Replace with your IP address
http_access allow my_machine
# Squid normally listens to port 3128
http_port 8080 3128 ; [ You can use one or more port ]
acl blocksites url_regex "/etc/squid/blocksites"
http_access deny blocksites
acl restrictfiles urlpath_regex "/etc/squid/blockfiles"
http_access deny restrictfiles
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#524288/524288 are values for the whole network
#52428/52428 are values for the single IP
acl speedcontrol src 192.168.1.0/24
delay_pools 1
delay_class 1 2
delay_parameters 1 524288/524288 52428/52428
delay_access 1 allow speedcontrol
# vi /etc/squid/blocksites
.facebook.com
.twitter.com
.youtube.com
.msn.com
.myspace.com
.flickr.com
# vi /etc/squid/blockfiles
\.torrent$
\.mp3.*$
\.mp4.*$
\.3gp.*$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Ff][Ll][Vv].*$
# systemctl enable squid
# systemctl start squid
# firewall-cmd --add-port=3128/tcp –permanent
# firewall-cmd --add-port=8080/tcp --permanent