Turning your server into a proxy using Squid

Turning your server into a proxy using Squid
Squid is a fully-featured HTTP/1.0 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.

INSTALLING SQUID

To install squid on CentOS, use yum install command .

yum install squid

 

If you can’t install squid using yum, you can download it from http://www1.dk.squid-cache.org/Versions/ using wget command
Next you have to extract the compressed archive file and change the working directory to the squid directory:
tar -xvzf squid-*-src.tar.gz
cd squid -*

Now enter the following commands in order to configure, compile and install squid

./configure
make
make install

This by default, will install it in “/usr/local/squid”.
Type ./configure –help to view all available options.

CONFIGURING SQUID

In order to configure squid, we open the squid configuration file located in /etc/squid

vi /etc/squid/squid.conf

By default, squid will listen on port 3128, to make it listen on port 3128, 8080 and port 2083, we add the following:

http_port 3128
http_port 2083
http_port 8080

or if you want to define an IP to listen to instead of all IPs, replace YOUR_SERVER_IP byyour server IP:

http_port YOUR_SERVER_IP:3128
http_port YOUR_SERVER_IP:2083
http_port YOUR_SERVER_IP:8080

By default all the http access are denied. The ACL rules must be modified to allow access only to trusted users or all users. This is important if you don’t want everyone to use yourproxy server and eventually consume resources.

To allow everyone to access and use the proxy server, append the following line to the configuration file:

http_access allow all

(make sure to remove the line http_access deny all for the above to work)

To allow a range of IPs instead of allowing everyone, add the following command

acl my_ranged_ips src 1.2.3.1-1.2.3.254/24
http_access allow my_ranged_ips
http_access deny all

Make sure that http_access deny all is the last statement, this is because the ACLs are checked from top to bottom. Users with IPs in the range of my_ranged_ips will be allowed to use the server, anyone else falls through to the “deny all” and gets a failure message.

Once the configurations are done, restart squid:

service squid restart

To stop squid

service squid stop

To start squid

service squid start

Post author

Aloha, I'm Amit Ghosh, a web entrepreneur and avid blogger. Bitten by entrepreneurial bug, I got kicked out from college and ended up being millionaire and running a digital media company named Aeron7 headquartered at Lithuania.