Squid Proxy Server

The Squid server then checks its web cache for the web information requested by the user. It will return any matching information that finds in its cache, and if not, it will go to the web to find it on behalf of the user. Once it finds the information, it will populate its cache with it and also forward it to the user's web browser.

Introduction to SQUID

Two important goals of squid are to:

  • Reduce Internet bandwidth charges

  • Limit access to the Web to only authorized users.

Users configure their web browsers to use the Squid proxy server instead of going to the web directly.

As you can see, this reduces the amount of data accessed from the web. Another advantage is that you can configure your firewall to only accept HTTP web traffic from the Squid server and no one else. Squid can then be configured to request usernames and passwords for each user that users its services. This provides simple access control to the Internet.

Configuring SQUID

Start the SQUID service Use the chkconfig to configure Squid to start at boot:

[root@wilshire~]# chkconfig squid on

Use the service command can be used to start/stop/restart Squid after booting

[root@wilshire~]# service squid start [root@wilshire~]# service squid
stop root@wilshire~#service squid restart

You can test whether the Squid process is running with the following command; you should get a response of plain old process ID numbers:

[root@wilshire~]# pgrep squid

The /etc/squid/squid.conf File

  • The main Squid configuration file is squid.conf which we’ll discuss in detail in following sections. Activating Configuration Changes

  • Like most Linux applications, Squid needs to be restarted in order for changes to the configuration file can take effect.

The Visible Host Name

  • Older versions of Squid will fail to start if you don’t give your server a hostname. You can set this with the visible_hostname parameter in /etc/squid/squid.conf.

  • Here we set it to the real name of our server wstsun1. visible_hostname wstsun1

Access control lists

  • You can limit users’ ability to browse the Internet with access control lists (ACLs). Each ACL line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells squid whether or not to deny or allow traffic that matches the ACL.

  • Squid matches each web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces the allow or deny statement and stops reading further.

  • You will have to be careful not to place a deny statement in the list that blocks a similar allow statement below it.The final http_access statement denies everything, so it is best to place new http_access statements above it.

  • Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It is best to put new customized entries right after this list to make the file easier to read.

Configure the web browsers to use your squid server

If you don’t have a firewall that supports redirection then you’ll need to:

Configure your firewall to only accept HTTP Internet access from the Squid server Configure your PC browser’s proxy server settings manually to use the squid server using the following methods:

Internet Explorer

Here’s how to make these changes using Internet Explorer.

  1. Click on the Tools item on the menu bar of the browser.

  2. Click on Internet Options and ―Connections and ―LAN Settings

  3. Configure with the address and TCP port (3128 default) used by your Squid server.

Mozilla / Netscape

How to make these changes using Mozilla.Click on the Edit item on the menu bar of the browser.

  1. Click on Preferences and ―Advanced and ―Proxies

  2. Configure with the address and TCP port (3128 default) used by your Squid server under Manual Proxy Configuration

Subscribe For More Content