Network administrations

How to configure squid server in Linux

Proxy servers operate as an intermediary between a local network and Internet. Requests from local clients for web services can be handled by the proxy server. Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. As it stores data from frequently used Web pages and files, it can often give your users the data they need without their systems having to look to the Internet.

From squid web proxy server you can control what should be access on your network from internet. It could be act as a filter that could filter everything from porn site to advertise , videos.

In our example we will configure squid web proxy server and filter sites and deny permission to specific host from accessing internet.

Configure squid web proxy server

squid rpm is required to configure squid web proxy server check it for install if not found install it.
sqid rpm
check the hostname and ip address of server it will be use in editing of squid.conf
hostname

Main Squid configuration file is squid.conf in the /etc/squid/ directory. This file contains over 4000 lines in , but only a few are active by default. Most of this file is filled with comments that describe most directives and associated options. To make editing easier use show line numbers options and locate desire tag from line number. We suggest you not to cram line number use them only to locate the desire tag as a simple enter can change the number of all lines in file.

open /etc/squid/squid.conf for editing
vi squid.conf
show hidden line with : set nu option on vi command mode

You need to add three lines to the squid.conf file in the /etc/squid/ directory before activating Squid

First editing is about hostname locate visible_hostname tag near about line no 2835
visible_hostname tag
Go in the end of this tag near about line no and add the hostname which you have checked in pervious command
visible hostname

By default squid works on port no 3128 but can change this. Port tag is located near line no 73
port number tag
For our example we using the default port.

Next editing is to create access control list. Access control tag is located near the line no 2226
access control tag

We will create three access list.

  • First to block host with ip address 192.168.1.7 from accessing internet.
  • Second to block a particular site.
  • Third to allow our lab network for accessing internet.

Go in the end of access control tag near about line 2410 and create access list as show here
access list tag in squid.conf

Final editing is to implement whatever access list you have configured in access list tag go to http access tag near line no 2482
http access tag
In the end of this tag near line no 2529 apply the configured access list
http access

Be very careful about the order of access list alway put http_access deny all line in the end of all line. Whatever access list defined below the http_access deny all line will never be checked.

You have made necessary changed in squid.conf now save it and return to command prompt.

We have created a access list web_deny to filter the web traffic. We have set http_access deny web_deny tag in squid.conf. Now you can add the url of those websites in this file which you want block.

Now create /etc/squid/web_deny file.
vi web_deny
for testing purpose in our example we are blocking www.google.com
editing in web deny
you can add any sites url in this file which you want to block.

You have completed all necessary steps now start the squid service.
service squid restart

Squid client configuration

On client set the ip configuration. Set proxy servers ip 192.168.1.3 to default getway and dns server ip on client system.

ip setting

Now open the web browser and set the port number and ip address of proxy server in connection tab
internet explorer setting
If you can successful retrieve website mean squid is working correctly
web page

Now try to open www.google.com
deny web access

Now go system which ip address is 192.168.1.7 and try to access after doing same setting
deny host in squid

Written by Admin

Follow us

Contact us

Write for us

We are always on the lookout for new talent and ideas. We provide you a platform to share your ideas and knowledge with the world while developing a name for yourself as an expert in your field. We encourage you to learn more and submit a article!

Advertise With us

Reach millions of global audience including network administrator and system admin. Advertising on ComputerNetworkingNotes.com will allow your company to tap into one of the largest online communities of computer networking.

Report an issue

We greatly appreciate our visitors helping us to find issues with the site. we will investigate your report and use the information you provide to improve our site.

Other reason

We love to hear from you! Regardless of the type of feedback, we are always ready to assist you.