Squid Proxy on Cent-OS

Web proxies have been around for quite some time now and have been used by millions of users around the globe. They have a wide range of purposes, most popular being online anonymity, but there are other ways you can take advantage of web proxies. Here are some ideas:

  • Online anonymity
  • Improve online security
  • Improve loading times
  • Block malicious traffic
  • Log your online activity
  • To circumvent regional restrictions
  • In some cases can reduce bandwidth usage

How Proxy Server Works

The proxy server is a computer that is used as an intermediary between the client and other servers from which the client may request resources. A simple example of this is when a client makes online requests (for example want to open a web page), he connects first to the proxy server.

The proxy server then checks its local disk cache and if the data can be found in there, it will return the data to the client, if not cached, it will make the request in the client’s behalf using the proxy IP address (different from the clients) and then return the data to the client. The proxy server will try to cache the new data and will use it for future requests made to the same server.

What is Squid Proxy

Squid is a web proxy that is used by wide range of organizations. It is often used as a caching proxy and improving response times and reducing bandwidth usage.

Lets Get Installing 

Note : This guide is for CentOS

yum -y install squid httpd-tools
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
touch /etc/squid/blacklist.acl


This command will confirm its installed an stopped with the inactive (dead)

systemctl status squid

Now we need to ensure the service starts normally before updating more configuration, so first enable it then start it with the commands below and then check the status:

systemctl enable squid
systemctl start squid
systemctl status squid


Here you can Squid is online and running, this will be on the default port of TCP:3129 if you need a different port that is covered later on in the guide


Right, now you have confirmed Squid works fine, you now need to craft the squid.conf file, this is covered in the next section.

nano /etc/squid/squid.conf

The default configuration file for Squid as it comes out of the box, as you can see it allows lots of  services and network you do not need, so after some tweaking this is my final file:

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
cache_mem 2500 MB
cache_mgr cache@a6n.co.uk
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Changing the port Squid listens on (where required)

# Squid normally listens to port 3128
http_port 8080

Overriding the DNS for Squid (handy for filtering with basic DNS services)

dns_nameservers <dns_Server_1> <dns_server_2>

Once you have made your changes, all you need to do is restart Squid

systemctl restart squid

NextDNS Integration (more advanced)

If you wish to integrate with NextDNS which I have then you need to run this command:

sh -c "$(curl -sL https://nextdns.io/install)"

This will look like this:



Then you will need to set it up as below, which will follow this process:

Installed:
  nextdns-1.41.0-1.x86_64                                                                                                      

Complete!
NextDNS Profile ID: <profile_ID>
Sending your devices name lets you filter analytics and logs by device.
Report device name? [Y|n]: y
Accept DNS request from other network hosts.
Setup as a router? (y/n): n
Make NextDNS CLI cache responses. This improves latency and reduces the amount
of queries sent to NextDNS.
Enable caching? (y/n): y
Instant refresh will force low TTL on responses sent to clients so they rely
on CLI DNS cache. This will allow changes on your NextDNS config to be applied
on your LAN hosts without having to wait for their cache to expire.
Enable instant refresh? (y/n): y
Changes DNS settings of the host automatically when NextDNS is started.
If you say no here, you will have to manually configure DNS to 127.0.0.1.
Automatically setup local host DNS? [Y|n]: y
NextDNS installed and started using systemd init

Congratulations! NextDNS is now installed.

This will look like this:


Then to see what the agent is doing you can use this command to see the active log:

nextdns log

This will look like this: