Friday, August 24, 2012

Turning your server into a proxy using Squid



Squid is a fully-featured HTTP/1.0 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.

 

 

 

Installing Squid

To install squid on CentOS, use yum install command (you must be logged in as root (If you're not familiar with yum and root access, you might want to check the following topic first: 15 most used linux commands and how to use them)):
yum install squid



If you can't install squid using yum, you can download it from http://www1.dk.squid-cache.org/Versions/ using wget command (how to use wget)
Next you have to extract the compressed archive file and change the working directory to the squid directory:
tar -xvzf squid-*-src.tar.gz
cd squid -*

Now enter the following commands in order to configure, compile and install squid
./configure
make
make install


This by default, will install it in "/usr/local/squid".
Type ./configure --help to view all available options.


Configuring Squid

In order to configure squid, we open the squid configuration file located in /etc/squid
vi /etc/squid/squid.conf



By default, squid will listen on port 3128, to make it listen on port 3128, 8080 and port 2083, we add the following:
http_port 3128
http_port 2083
http_port 8080

or if you want to define an IP to listen to instead of all IPs, replace YOUR_SERVER_IP by your server IP:
http_port YOUR_SERVER_IP:3128
http_port YOUR_SERVER_IP:2083
http_port YOUR_SERVER_IP:8080



By default all the http access are denied. The ACL rules must be modified to allow access only to trusted users or all users. This is important if you don't want everyone to use your proxy server and eventually consume resources.

To allow everyone to access and use the proxy server, append the following line to the configuration file:
http_access allow all
(make sure to remove the line http_access deny all for the above to work)


To allow a range of IPs instead of allowing everyone, add the following command
acl my_ranged_ips src 1.2.3.1-1.2.3.254/24
http_access allow my_ranged_ips
http_access deny all

Make sure that http_access deny all is the last statement, this is because the ACLs are checked from top to bottom. Users with IPs in the range of my_ranged_ips will be allowed to use the server, anyone else falls through to the "deny all" and gets a failure message.

Once the configurations are done, restart squid:
service squid restart

To stop squid
service squid stop

To start squid
service squid start


Any comments, questions or suggestions? Post below!