In today’s digital landscape, businesses and individuals alike rely heavily on the internet for various purposes. However, ensuring privacy, security, and efficiency while accessing online resources can be a challenge. This is where a proxy server comes into play. Acting as a gateway between users and the internet, a proxy server allows for filtering, monitoring, and controlling web traffic. One popular proxy server solution is Squid Proxy, which provides caching, privacy, and security features.
In this comprehensive guide, we will walk you through the process of installing and configuring the Squid Proxy Server on a Rocky Linux or Alma Linux 9 server. We will cover everything from the initial setup to advanced configurations, ensuring that you have a solid understanding of how to leverage Squid Proxy effectively.
Prerequisites
Before we dive into the installation and configuration process, let’s ensure that we have all the necessary prerequisites in place. Here’s what you’ll need:
- A server running either Rocky Linux 9 or Alma Linux 9.
- A non-root user account with sudo privileges.
Make sure your system is up to date by running the following command:
sudo dnf update
Additionally, we will need to install some basic utility packages. While some of them may already be installed, it’s good practice to ensure they are available:
sudo dnf install wget curl nano unzip yum-utils -y
With the prerequisites taken care of, we can now proceed to the installation of Squid Proxy.
Step 1 – Install Squid Proxy
To install Squid Proxy, we need to first enable the Epel repository. Run the following command to install the repository:
sudo dnf install epel-release
Once the repository is installed, we can proceed with the installation of Squid Proxy:
sudo dnf install squid
To verify that Squid Proxy is successfully installed, run the following command:
squid --version
You should see the Squid Cache version and other relevant information.
Next, we need to enable and start the Squid service:
sudo systemctl enable squid --now
To check the status of the service, use the following command:
sudo systemctl status squid
This will display the current status of the Squid service and indicate whether it is running.
Step 2 – Configure Squid Proxy
Now that Squid Proxy is installed, it’s time to configure it to suit your needs. Squid stores its configuration in the file /etc/squid/squid.conf
. Let’s start by taking a look at the content of this file:
sudo grep -vE "^#|^$" /etc/squid/squid.conf
This command filters out all the comments and empty lines, giving you a clear view of the configuration.
2.1 Configure Squid Access Policies
Access Control Lists (ACLs) define who is allowed to use Squid as a proxy on your local network. To configure the ACLs, we can add rules to the configuration file. For example, to allow access for hosts in the subnet 192.168.204.0/24
, add the following ACL rule:
acl newlocalnet src 192.168.204.0/24
To allow access for this ACL, add the following line below the line http_access deny all
:
http_access allow newlocalnet
Remember that Squid reads the configuration file from top to bottom, so the order of rules matters.
2.2 Website Blocking
Squid Proxy allows you to block access to specific websites by creating a list of blocked domains. To do this, create a file to store the domains you want to block:
sudo nano /etc/squid/blocked-sites
Add the websites you want to block to this file, one domain per line. For example:
example.com example.net example.org
Save the file and then open the Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the following lines to the configuration file:
acl blocked_sites dstdomain "/etc/squid/blocked-sites"
http_access deny blocked_sites
This will deny access to any website listed in the blocked-sites
file.
2.3 Block Downloads of Specific Files
In addition to blocking websites, Squid Proxy can also block downloads of specific file types. To achieve this, we need to create a file to store the file extensions we want to block:
sudo nano /etc/squid/blocked-filextensions
In this file, list the file extensions you want to block, one extension per line. For example:
.exe(?.*)?$ .bat(?.*)?$ .tar(?.*)?$ .mp3(?.*)?$ .mp4(?.*)?$
Save the file and open the Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the following lines to the configuration file:
acl blockfiles urlpath_regex -i "/etc/squid/blocked-filextensions" http_access deny blockfiles
This will deny the download of any file with a matching extension.
2.4 Block Websites Using Keywords
Another way to control access to websites is by blocking them based on keywords. To implement this, we need to create a configuration file to store the keywords we want to block:
sudo nano /etc/squid/banned-keywords
In this file, list the keywords you want to block, one keyword per line. For example:
porn gamble ads movie
Save the file and make the following changes in the Squid configuration file:
acl keyword-ban url_regex "/etc/squid/banned-keywords" http_access deny keyword-ban
This will deny access to any website that contains a blocked keyword.
2.5 Mask the Client’s IP Address
To anonymize traffic and protect the client’s IP address, we can configure Squid Proxy to hide it. Add the following lines to the Squid configuration file:
via off forwarded_for off
These lines disable the Via
and X-Forwarded-For
headers, preventing the client’s IP address from being exposed.
2.6 Change Squid Proxy Port
By default, Squid Proxy listens on port 3128. If you wish to change the port, you can do so by modifying the Squid configuration file. Open the file for editing:
sudo nano /etc/squid/squid.conf
Locate the line http_port 3128
and replace it with the desired port number. For example:
http_port 7035
Save the file and validate the configuration:
sudo squid -k parse
This command checks the configuration file for any errors.
Finally, restart the Squid service for the changes to take effect:
sudo systemctl restart squid
2.7 Configure Firewall / SELinux
If you are using the default port (3128), you need to allow it through the firewall:
sudo firewall-cmd --add-service=squid --permanent sudo firewall-cmd --reload
If you have enabled a custom port, use the following commands instead. Replace [port_number]
with your custom port number:
sudo firewall-cmd --permanent --add-port=[port_number]/tcp sudo firewall-cmd --reload
You also need to enable the custom port in SELinux using the following command:
sudo semanage port -a -t squid_port_t -p tcp [port_number]
With the Squid Proxy server configured to your specifications, it’s time to set up basic authentication for added security.
Step 3 – Setup Basic Authentication for Squid
To configure Squid Proxy to accept authentication, we will use the htpasswd
utility from the Apache tools package. Install the package by running the following command:
sudo dnf install httpd-tools
Next, create a username and password pair using the following command:
sudo htpasswd -c /etc/squid/squid_passwd shapehost
You will be prompted to enter and confirm the password.
To ensure that Squid can read the password file, change the ownership of the file to the Squid user:
sudo chown squid /etc/squid/squid_passwd
Now that we have set up the password file, we need to configure Squid to use it for authentication. Open the Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the following lines to the configuration file:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users
These lines configure Squid to use the basic_ncsa_auth
helper program and specify the location of the password file.
To enable the authentication, restart the Squid service:
sudo systemctl restart squid
With basic authentication in place, only users with valid credentials will be able to access the Squid Proxy server.
Step 4 – Configure Squid Proxy Clients
Now that Squid Proxy is up and running, let’s explore how to configure clients to connect to the proxy server.
4.1 System-wide Proxy Configuration
To configure Squid Proxy to work across your system, you can create a file that defines the proxy configuration. Open the file for editing:
sudo nano /etc/profile.d/squid.sh
Add the following lines to the file, replacing 192.168.205.10:7035
with the IP address and port of your Squid Proxy server:
PROXY_URL="192.168.205.10:7035"
HTTP_PROXY=$PROXY_URL
HTTPS_PROXY=$PROXY_URL
FTP_PROXY=$PROXY_URL
http_proxy=$PROXY_URL
https_proxy=$PROXY_URL
ftp_proxy=$PROXY_URL
export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy
Save the file and source it to apply the changes:
source /etc/profile.d/squid.sh
To verify the configuration, you can use the wget
command to make a request to a website:
wget google.com
If the request goes through successfully, it means the proxy configuration is working.
4.2 Proxy Setting on the Browser
To configure Squid Proxy on web browsers like Firefox or Chrome, you can use browser extensions that support proxy settings. One popular extension for Firefox is “FoxyProxy Standard,” and for Chrome, you can use “Proxy SwitchOmega.”
Let’s take a look at how to configure Squid Proxy using the FoxyProxy Standard extension for Firefox.
- Install the FoxyProxy Standard extension from the Firefox Add-ons store.
- Once installed, open the extension options by clicking on the FoxyProxy icon in the Firefox toolbar and selecting “Options.”
- In the FoxyProxy options, click on the “Add” button to create a new proxy configuration.
- Enter a name for the proxy configuration, the IP address and port of your Squid Proxy server, and any authentication details if required.
- Enable the option “Do not use for localhost and intranet/private IP addresses” to prevent conflicts with local resources.
- Click “Save” to save the configuration.
With the proxy configuration set up, you can now browse the web using the Squid Proxy server.
4.3 Using Squidclient
If you prefer to test the Squid Proxy server from the command line, you can use the squidclient
command. This command allows you to make web requests and view the response. Here’s an example of how to use it:
squidclient https://google.com
This will make a request to https://google.com
through the Squid Proxy server and display the response.
Conclusion
You have now successfully installed and configured the Squid Proxy Server on your Rocky Linux or Alma Linux 9 server. By following this guide, you have learned how to set up access policies, block websites and downloads, mask client IP addresses, change the Squid Proxy port, configure basic authentication, and set up proxy clients.
Squid Proxy provides a powerful and flexible solution for managing web traffic, enhancing security, and improving performance. Whether you are a business looking to protect your network or an individual seeking a more secure browsing experience, Squid Proxy can help.
For businesses in need of reliable cloud hosting solutions, Shape.host offers Linux SSD VPS services. With Shape.host, you can enjoy scalable and secure hosting infrastructure, backed by expert support. Visit Shape.host to learn more about their services.