Squid Proxy Server
The Squid server then checks its web cache for the web information requested by the user. It will return any matching information that finds in its cache, and if not, it will go to the web to find it on behalf of the user. Once it finds the information, it will populate its cache with it and also forward it to the user's web browser.
Introduction to SQUID
Two important goals of squid are to:
Reduce Internet bandwidth charges
Limit access to the Web to only authorized users.
Users configure their web browsers to use the Squid proxy server instead of going to the web directly.
As you can see, this reduces the amount of data accessed from the web. Another advantage is that you can configure your firewall to only accept HTTP web traffic from the Squid server and no one else. Squid can then be configured to request usernames and passwords for each user that users its services. This provides simple access control to the Internet.
Start the SQUID service Use the chkconfig to configure Squid to start at boot:
[root@wilshire~]# chkconfig squid on
Use the service command can be used to start/stop/restart Squid after booting
[root@wilshire~]# service squid start [root@wilshire~]# service squid stop root@wilshire~#service squid restart
You can test whether the Squid process is running with the following command; you should get a response of plain old process ID numbers:
[root@wilshire~]# pgrep squid
The /etc/squid/squid.conf File
The main Squid configuration file is squid.conf which we’ll discuss in detail in following sections. Activating Configuration Changes
Like most Linux applications, Squid needs to be restarted in order for changes to the configuration file can take effect.
The Visible Host Name
Older versions of Squid will fail to start if you don’t give your server a hostname. You can set this with the
visible_hostnameparameter in /etc/squid/squid.conf.
Here we set it to the real name of our server
wstsun1. visible_hostname wstsun1
Access control lists
You can limit users’ ability to browse the Internet with access control lists (ACLs). Each ACL line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells squid whether or not to deny or allow traffic that matches the ACL.
Squid matches each web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces the
denystatement and stops reading further.
You will have to be careful not to place a
denystatement in the list that blocks a similar
allowstatement below it.The final http_access statement denies everything, so it is best to place new http_access statements above it.
Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It is best to put new customized entries right after this list to make the file easier to read.
Configure the web browsers to use your squid server
If you don’t have a firewall that supports redirection then you’ll need to:
Configure your firewall to only accept HTTP Internet access from the Squid server Configure your PC browser’s proxy server settings manually to use the squid server using the following methods:
Here’s how to make these changes using Internet Explorer.
Click on the Tools item on the menu bar of the browser.
Click on Internet Options and ―Connections and ―LAN Settings
Configure with the address and TCP port (3128 default) used by your Squid server.
Mozilla / Netscape
How to make these changes using Mozilla.Click on the
Edit item on the menu bar of the browser.
Preferencesand ―Advanced and ―Proxies
Configure with the address and TCP port (3128 default) used by your Squid server under
Manual Proxy Configuration