Squid proxy server installation and

configuration in RHEL7
squid proxy server is used to filter web traffic and reducing and fine tuning internet
bandwidth.

Squid Proxy Server Profile

• Packages : squid*
• Service Name: squid
• Default port : 3128
• Config File : /etc/squid/squid.conf
• Log file Path: /var/log/squid

Installation process
[root@server ~]# yum install squid*
Installed:
squid.x86_64 7:3.3.8-12.el7_0
Dependency Installed:
libecap.x86_64 0:0.2.0-8.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-
Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-
Dumper.x86_64 0:2.145-3.el7
perl-Digest.noarch 0:1.17-245.el7 perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-IO-
Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-
PlRPC.noarch 0:0.2020-14.el7
Complete!

Enable and start the Service

[root@server ~]# systemctl enable squid
ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-
user.target.wants/squid.service'
[root@server ~]# systemctl start squid
[root@server ~]# systemctl status squid
squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled)
Active: active (running) since Sun 2016-04-17 13:47:33 IST; 34s ago
Process: 7989 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited,
status=0/SUCCESS)
Process: 7983 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited,
status=0/SUCCESS)
Main PID: 7999 (squid)
CGroup: /system.slice/squid.service
├─7999 /usr/sbin/squid -f /etc/squid/squid.conf
└─8001 (squid-1) -f /etc/squid/squid.conf
Apr 17 13:46:53 server.arkit.co.in squid[7989]: 2016/04/17 13:46:53| WARNING:
Could not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr 17 13:47:13 server.arkit.co.in squid[7989]: 2016/04/17 13:47:13| WARNING:
Could not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr 17 13:47:33 server.arkit.co.in squid[7989]: 2016/04/17 13:47:33| WARNING:
Could not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr 17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: will start 1 kids
Apr 17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: (squid-1) process
8001 started
Apr 17 13:47:33 server.arkit.co.in systemd[1]: Started Squid caching proxy.

Allow firewall port for squid

[root@server ~]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@server ~]# firewall-cmd --reload
success

Default port of squid proxy is 3128 that’s why we have to allow port 3128.

[root@server ~]# vim /etc/squid/squid.conf

To allow Network we have to write below ACL lines

acl localnet src 192.168.4.0/24
http_access allow localnet

To allow ports using ACL

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports

Block bad sites

acl badsites url_regex "/etc/squid/badsites"

add below line before allow statement of localnet

http_access deny badsites

write the bad sites in the file

[root@server ~]# cat /etc/squid/badsites
.facebook.com
Go to Client Side
Change the proxy address in your browser then try to access the website
IE Settings > Internet options > Connections > Lan Settings >

provide IP address and port number

Now see the logs watch the squid logs
/var/log/squid/ log file directory

Use tail command as follows:

~]# tail -f /var/log/squid/access.log