Squid Proxy on Cent-OS


Web proxies have been around for quite some time now and have been used by millions of users around the globe. They have a wide range of purposes, most popular being online anonymity, but there are other ways you can take advantage of web proxies. Here are some ideas:





  • Online anonymity
  • Improve online security
  • Improve loading times
  • Block malicious traffic
  • Log your online activity
  • To circumvent regional restrictions
  • In some cases can reduce bandwidth usage




How Proxy Server Works





The proxy server is a computer that is used as an intermediary between the client and other servers from which the client may request resources. A simple example of this is when a client makes online requests (for example want to open a web page), he connects first to the proxy server.





The proxy server then checks its local disk cache and if the data can be found in there, it will return the data to the client, if not cached, it will make the request in the client’s behalf using the proxy IP address (different from the clients) and then return the data to the client. The proxy server will try to cache the new data and will use it for future requests made to the same server.





What is Squid Proxy





Squid is a web proxy that used my wide range of organizations. It is often used as a caching proxy and improving response times and reducing bandwidth usage.





yum -y update





<p value="<amp-fit-text layout="fixed-height" min-font-size="6" max-font-size="72" height="80">yum -y install squid<br>systemctl start squid<br>systemctl enable squid<br>systemctl stop firewalld<br>systemctl disable firewalld<br><br>systemctl status squidyum -y install squid
systemctl start squid
systemctl enable squid
systemctl stop firewalld
systemctl disable firewalld

systemctl status squid





● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-09-20 10:07:23 UTC; 5min ago
Main PID: 2005 (squid)
CGroup: /system.slice/squid.service
├─2005 /usr/sbin/squid -f /etc/squid/squid.conf
├─2007 (squid-1) -f /etc/squid/squid.conf
└─2008 (logfile-daemon) /var/log/squid/access.log





Sep 20 10:07:23 tecmint systemd[1]: Starting Squid caching proxy…
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: will start 1 kids
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: (squid-1) process 2007 started
Sep 20 10:07:23 tecmint systemd[1]: Started Squid caching proxy.





vim /etc/squid/squid.conf





acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
cache_mem 2500 MB
cache_mgr lee@a6n.co.uk
http_port 8080
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320





systemctl restart squid