SQUID: Configure the Squid proxy server.

Share this link

Presentation

The Squid proxy server is mainly used as a gateway between users and the Internet, providing the following functions:

  • cache user requests to Internet: if two users access the same website, only the first one will trigger the load of static objects, the other one getting them from disk managed by Squid (gain in speed and bandwidth),
  • restrict access to Internet: ACL (Access Control List) can be defined to restrict IP addresses allowed to go through the proxy,
  • log user requests to Internet: Squid log files can record all requests going through it.

Although this is not the purpose of this tutorial, Squid can also be used as a content accelerator. In this case, it is located in front of a webserver to speed up all requests for static objects. This is the reverse proxy role.

By default the Squid proxy listens to the 3128 tcp port and uses two network interfaces: one connected to the local network (here eth0) and one connected to the outside world (here eth1).

This means that all the users needing access to the Internet will have to set up their browser configuration to point to the Squid IP address and the 3128 port (various ways exist to do that automatically but it’s not the purpose of this tutorial).

The Squid proxy default gateway should be pointing to the Internet.

Installation procedure

Install the Squid package:

# yum install -y squid

Edit the /etc/squid/squid.conf file and uncomment the line starting with the #cache_dir string:

cache_dir ufs /var/spool/squid 100 16 256

Note: ufs means the Squid storage space, /var/spool/squid represents the directory where the cache will be stored, 100 means the cache size (here 100MB), 16 and 256 are respectively the number of subdirectories of first and second level to create. Normally, only the 100MB parameter needs to be adjusted to the size allocated to the cache.

Then, in the same file, search for the INSERT YOUR OWN RULE string. Paste the following lines without forgetting to replace the X.Y.Z.0/N string with your local network addressing:

acl MyNetwork src X.Y.Z.0/N
http_access allow MyNetwork

Optionally, still in the same file, use the visible_hostname directive to define the full name of the Squid server (useful in error messages):

visible_hostname squid.example.com

Optionally, to change the port to which the Squid proxy is listening, modify the parameter of the http_port directive:

http_port 8080

Note: An additional change to the firewall configuration will be needed to allow access to the 8080 port.

Add the following rule to the firewall:

# iptables -I INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT

Note: Here it is mandatory to specified which network interface (here eth0) can connect to the Squid proxy, otherwise outsiders could access to internal resources!

Save the firewall configuration:

# service iptables save

Edit the /etc/sysctl.conf file and allow IP forwarding on the Squid server:

net.ipv4.ip_forward = 1

Activate the change:

# sysctl -p

Activate the squid service at boot:

# chkconfig squid on

Start the squid service:

# service squid start
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz

RHCSA7: Task of the day

Allowed time: 8 minutes.
Find all files bigger than 100MB and write their names into the /root/results.txt file.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a block backstore of 100MB called lv_iscsi with basic authentication, ext4 filesystem and standard firewall configuration.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...

Recent Comments