1

Proxy Server
1. What is Proxy?
An agent or program that has authority to act for another.

2. What is Squid?
Squid is a free, Internet proxy-caching program.

3. What is Cache?
A hiding place for concealing and preserving, which is inconvenient to carry .

Squid acts as an agent, accepting requests from clients (such as browsers) and passes
them to the appropriate Internet server. It stores data in an on-desk cache. The real benefit of
Squid emerges when the same data is requested multiple times, science a copy of the on-disk
data is requested to the client, speeding up Internet access and save bandwidth. Small amount of
disk space can have a significant impact on bandwidth usage and browsing speed. Squid
development is funded by the National Laboratory of Network Research (NLANR) .
 2

Recommandation:
1. Processor with high speed
2. Required more memory
3. Required more space on HDD

Step 01:
Check RPM for proxy server

# rpm –qa | grep squid

Step 02:
Installed Squid Using RPM command(If not Installed)
# rpm –ivh squid ……….rpm

Step 03:

Squid Configuration :
Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf
-------------------- Start Configuration ------------------------------

#Default: http_port 3128

http_port 8080

#Default: cache_mem 8 MB
cache_mem 50 MB

#Default:
cache_dir ufs /var/spool/squid 100 16 256
#Default:
cache_access_log /var/log/squid/access.log

#Default:
cache_log /var/log/squid/cache.log

#Default:
cache_store_log /var/log/squid/store.log

#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0 ####explanation####
http_access allow localhost
http_access allow ispstaff
http_access deny all

####### If you want to particular site deny ##########

acl GOOD dst 172.16.1.0/24

acl BAD dst 0.0.0.0/0.0.0.0
 3

http_access allow GOOD

http_access deny BAD

###### Source/Destination Domain #######

#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.

#Example : Filtering unwanted destination sites :

acl badDomains dstdomain xxx.com

acl nudeDomains dstdomain abc.com

acl badIP dst 192.172.1.100

http_access deny badDomains

http_access deny nudeDomains

http_access deny badIP

http_access deny all

#### Specific Time Deny #####

#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.

Syntax of access list :

acl aclname time [day-abbreviations] [h1:m1-h2:m2]
day-abbreviations:
S - Sunday
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
A - Saturday
h1:m1 must be less than h2:m2
#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30

http_access allow ispgroup working

http_access deny ispgroup

###### ADMINISTRATIVE PARAMETERS #########

cache_effective_user squid
cache_effective_group squid

--------------------- End Configuration -----------------------------

 4

Step 04:

#### Now create squid cache directory #####

# squid –z

Step 05:

Running Squid :
# service squid start
# service squid stop
# service squid restart
Or
# /etc/rc.d/init.d/squid restart
Step 06:

Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080

Step 07:
Now see the log files :
#tail –f /var/log/squid/cache.log
#tail –f /var/log/squid/access.log
#tail –f /var/log/squid/store.log

Clear Log
# echo “” > /var/log/squid/cache.log
# echo “” > /var/log/squid/access.log
# echo “” > /var/log/squid/store.log

##### End squid proxy configuration #####

If you like more chalanges

Configure Proxy with source files ( .tar, .tar.gz etc)
 5

Step 01: first check RPM package of squid is install if present then uninstall it
by using the folloing commands

#rpm –e –nodeps squid

after some time the whole package of squid will be unstall

Step 02: copy the source file to the /usr/local/src directory

#cp squid-2.5.STABLE10.tar.gz /usr/local/src

Step 03: Add a unprivileged user say squid and group squid make its home directory /usr/local/squid using
useradd command

# useradd –m –d /usr/local/squid squid

Step 05: go to the /usr/local/src directory and untar the sourcr file

# tar –zxvf squid-2.5.STABLE10.tar.gz

Step 05: change the newly created directory

#cd squid-2.5
#./configure
#make
#make install

Step 06 : now configure the Squid configuration file

Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf

-------------------- Start Configuration ------------------------------

#Default: http_port 3128

http_port 8080

#Default: cache_mem 8 MB
cache_mem 50 MB

#Default:
cache_dir ufs /usr/local/squid/cache 100 16 256
########### Here 100MB HDD space 16 directory 256 sub directory############
#Default:
cache_access_log /usr/local/squid/log/access.log

#Default:
cache_log /usr/local/squid/log/cache.log

#Default:
cache_store_log /usr/local/squid/log/store.log
 6

############3Access Controls Configuration ############

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0 ####explanation####
http_access allow localhosts
http_access allow ispstaff
http_access deny all

####### If you want to particular site deny ##########

acl GOOD dst 172.16.1.0/24

acl BAD dst 0.0.0.0/0.0.0.0

http_access allow GOOD

http_access deny BAD

###### Source/Destination Domain #######

#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.

#Example : Filtering unwanted destination sites :

acl badDomains dstdomain xxx.com

acl nudeDomains dstdomain abc.com

acl badIP dst 192.172.1.100

http_access deny badDomains

http_access deny nudeDomains

http_access deny badIP

http_access deny all

#### Specific Time Deny #####

#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.

Syntax of access list :

acl aclname time [day-abbreviations] [h1:m1-h2:m2]
day-abbreviations:
S - Sunday
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
A - Saturday
h1:m1 must be less than h2:m2
 7

#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30

http_access allow ispgroup working

http_access deny ispgroup

###### ADMINISTRATIVE PARAMETERS #########

cache_effective_user squid
cache_effective_group squid

Step 06:

#### Now create squid cache directory #####

# /usr/local/squid/bin/squid –z

Step 07 : starting and stoping squid service

#/usr/local/squid/bin/squid start
#/usr/local/squid/bin/squid stop
#/usr/local/squid/bin/squid restart

Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080

Step 08:
Now see the log files :
#tail –f /usr/local//squid/log/cache.log
#tail –f /usr/local/squid/log/access.log
#tail –f /usr/local/squid/log/store.log

Clear Log

# echo “” > /usr/local//squid/log/cache.log

# echo “” > /usr/local/squid/log/access.log
# echo “” > /usr/local/squid/log/store.log