Introduction

System administrators use the Squid Proxy to augment their content delivery. Squid Proxy specifically allows a server to cache frequently visited web pages.

How? When a user seeks a web page or file, the request goes to the proxy server — the intermediary device between the desktop computer and the internet. The proxy server pulls the resource and relays it to the user, by caching the new data and using it for future requests made to the same server.

In this guide, you will learn how to set up, configure, and install a Squid Proxy server on CentOS 7.

tutorial on installing squid proxy server on CentoS

Prerequisites

Steps For Installing Squid Proxy on CentOS

Step 1: Refresh CentOS Software Repositories

Ensure that you are working with the latest software version by updating your repositories.

Launch a terminal window, and enter the following:

sudo yum -y update

Step 2: Install Squid Package on CentOS

To install Squid, type:

yum -y install squid

Now start Squid by entering the following command:

systemctl start squid

To set up an automatic start at boot:

systemctl enable squid

Review the status of the service, use:

systemctl status squid

In this example, we see that the state is ‘Active.’

squid is active and running on CentOS

Configuring the Squid Proxy Server

The Squid configuration file is found at /etc/squid/squid.conf.

1. Open the file in your perfered text editor (vim was used in this example}:

sudo vi /etc/squid/squid.conf

2. Navigate to find the http_port option. Typically, this is set to listen on Port 3218. This port usually carries TCP traffic. If your system is configured for traffic on another port, change it here.

http port 3128 selected

You may also set the proxy mode to transparent if you’d like to prevent Squid from modifying your requests and responses.

Change it as follows:

http_port 1234 transparent

3. Navigate to the http_acacess deny all option.

It is currently configured to block all HTTP traffic, and no web traffic is allowed.

http deny all traffic

Change this to the following:

http_access allow all

4. Restart the Squid service by entering:

sudo systemctl restart squid

Configure Squid Client

The Squid proxy server is now configured. To configure the client server switch to your client machine and open your web browser.

If you’re using Firefox, you can find the proxy settings under:

Menu > Options > Network Settings > Settings

Select the radio button for Manual proxy configuration.

configure proxy access to the internet with manual proxy selected

Use the IP address for the system hosting your Squid proxy.

To test, you can visit https://whatismyipaddress.com/ip-lookup. Your IP address appears as the proxy server’s IP address.

Create an Access Control List (ACL)

For connections outside the proxy server’s local network, you need to configure the Access Control Lists (ACL). This may be necessary if you get a ‘refused to connect’ error.

Access Control Lists displaying site cant be reached

To solve this problem, simply add to your list of safe ports with a new ACL entry.


After each of the following steps, you should save and exit, then restart the Squid service to apply the new configuration.


Edit the /etc/squid/squid.conf file once again. Add a new line as follows:

acl localnet src 192.166.0.10

This will create a rule that only allows the system at this IP address to connect.

Comment the line to identify the rule. Text after the # sign is ignored by Squid.

acl localnet src 192.166.0.10 # test computer

You can specify a range of IP address as follows:

acl localnet src 192.166.0.10/30

Open Squid Proxy Ports

To open a specific port, add the following:

acl Safe_ports port 123 # Custom port

To save changes, restart Squid:

systemctl restart squid

Setup Proxy Authentication

Squid offers basic authentication alongside supporting other types of authentication.

First install httpd-tools with the following command:

yum -y install httpd-tools

With the tool installed, create the new file:

touch /etc/squid/passwd && chown squid /etc/squid/passwd

To create the password, use this command:

htpasswd /etc/squid/passwd newuser

Exchange the newuser with your user name.

The system will prompt you to enter and confirm a password for ‘newuser.’

Restart the proxy service and re-open your browser by inserting:

systemctl restart squid

Edit the /etc/squid/squid.conf file, and add the following command lines:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd

auth_param basic children 5

auth_param basic realm Squid Basic Authentication

auth_param basic credentialsttl 2 hours

acl auth_users proxy_auth REQUIRED

http_access allow auth_users

From now on when you connect to the Linux proxy server, you will see a prompt for your username and password. Any unauthenticated person will be stopped by an error message.

How to Block Websites With Squid Proxy

1. Create and edit a new text file /etc/squid/blocked.acl by entering:

sudo vi /etc/squid/blocked.acl

2. In this file, add the websites to be blocked, starting with a dot:

.facebook.com

.twitter.com

The dot specifies to block all subsites of the main site.

3. Open the /etc/squid/squid.conf file again:

sudo vi /etc/squid/squid.conf

4. Add the following lines just above your ACL list:

acl blocked_websites dstdomain “/etc/squid/blocked.acl”
http_access deny blocked_websites

Conclusion

This tutorial showed you how to install, configure and secure a Squid HTTP Proxy server.

Squid improves processing time and streamlines bandwidth use quickly through its unique caching power. In its accelerator mode, your server can work with impressive speed and significantly enhance your network’s performance, giving your system a competitive edge.