Friday, 29 January 2016



What is Squid Server?



SQUID is a Proxy server and also used for web filtering. Its widely used for increasing web server speed by caching repeated data.
This article will help you to Install and Configure SQUID Proxy Server on CentOS/RHEL Linux systems.

Squid Proxy Server quick key points

  • Packages – squid*.rpm
  • Port Numbers – 3128 (default)
  • Configuration File – /etc/squid/squid.conf
  • Service / Daemon – squid

1. Install Squid

Squid can be easily install using yum command line tool.
# yum install squid
 
check the previous tutorial for yum Installation 

2. Setup Port and Start Service

Squid by default run on port 3128. If you want to start squid on different port, Edit squid configuration file and change http_port value. For example we are changing squid to run on port 8080.
# vim /etc/squid/squid.conf
http_port 8080

Start/Restart Squid service.
# service squid restart

3. Configure SQUID to Block Specific Website 

 

Add below rules to block specific website before any allow all rules. Below example will block yahoo.com and www.rediff.com.
acl blocksite1 dstdomain yahoo.com
acl blocksite2 dstdomain www.rediff.com
http_access deny blocksite1
http_access deny blocksite2
If you have a long list of domain names,
 Create a file /etc/squid/blockwebsites.lst and put domain names one per line and add below rule in squid configuration file.
acl blocksitelist dstdomain "/etc/squid/blockwebsites.lst"
http_access deny blocksitelist
 
blockwebsites.lst file content example:

# cat /etc/squid/blockwebsites.lst
yahoo.com
www.rediff.com

4. Configure Squid to Block Specific Keyword

Add below rules to block specific website before any allow all rules. Below example will block all pages having keyword yahoo or gmail.
acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
http_access deny blockkeyword1
http_access deny blockkeyword2
If you have a long list of keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rule in squid configuration file.
acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist
blockkeywords.lst file content example:
# cat /etc/squid/blockkeywords.lst
yahoo
gmail
facebook
Congratulation’s you have successfully install and configured Squid proxy server.


Setting Maximum Download Size

Squid can be used to control the maximum downloadable file size. We want to restrict maximum download size to 50 MB for hosts 10.10.10.200 and 10.10.10.201. We have already created the ACL 'custom-denied-list' previously to isolate the traffic from these sources. Now we will use the same access list to restrict download size.
# vim /etc/squid/squid.conf
1
reply_body_max_size 50 MB custom-denied-list
# squid -k reconfigure 

MAC based filtering is useful for networks using DHCP to assign ip addresses to systems. As we know MAC is hard coded on NIC and can’t be changed but IP addresses assigned by DHCP may change on next ip assignment. This tutorial will help you to how to Configure Squid Proxy Server Mac Address Based Filtering.

If you do not have Squid installed, Go to below link for installing squid on CentOS/RHEL/Fedora systems.
Install and Configure SQUID Proxy Server on CentOS/RHEL Linux
ACL rules are need to add in squid configuration file /etc/squid/squid.conf. Remember that squid Squid always applied first matching rules from top to down order and ignore other after matching any rule

1. Block All Sites For Single MAC Address

Following configuration will block all the sites to system having MAC address 01:23:45:AB:CD:EF.
Squid ACL Rule:
acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny pcmac1

2. Block Single Site for Single MAC Address

Following configuration will block www.example.com site to system having MAC address 01:23:45:AB:CD:EF.
Squid ACL Rule:
acl blocksite1 dstdomain www.example.com
acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny blocksite1 pcmac1 

3. Block All Sites for Multiple MAC Addresses

Following configuration will block all the sites to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.
MAC Addresses List
# cat /etc/squid/mac-addrs.lst
01:23:45:AB:CD:EF
AB:CD:EF:01:23:45
Squid ACL Rule:
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny pcmacs

4. Block Single Site for Multiple MAC Addresses

Following configuration will block www.example.com to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.
MAC Addresses List
# cat /etc/squid/mac-addrs.lst
01:23:45:AB:CD:EF
AB:CD:EF:01:23:45
Squid ACL Rule:
acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny blocksite1 pcmacs

5. Allow Specific Site for Single MAC Address

Following configuration will allow www.example.com to system having MAC address 01:23:45:AB:CD:EF and deny other sites.
Squid ACL Rule:
acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain www.example.in
http_access allow allowsite1 pcmac1
http_access deny pcmac1

6. Allow Multiple Sites for Single MAC Address

Following configuration will allow all sites added in /etc/squid/allowsites.lst to system having MAC address 01:23:45:AB:CD:EF and deny other sites.
Allowed Sites List
# cat /etc/squid/allowsites.lst
www.google.co.in
yahoo.com
in.yahoo.com
Squid ACL Rule:
acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsite1 pcmac1
http_access deny pcmac1

7. Allow Specific Site for Multiple MAC Addresses

Following configuration will allow www.example.com to systems having MAC address 01:23:45:AB:CD:EF and and AB:CD:EF:01:23:45 and deny other sites.
MAC Addresses List
# cat /etc/squid/mac-addrs.lst
01:23:45:AB:CD:EF
AB:CD:EF:01:23:45
Squid ACL Rule:
acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access allow blocksite1 pcmacs
http_access deny pcmacs

8. Allow Multiple Sites for Multiple MAC Addresses

Following configuration will allow all the sites listed in /etc/squid/allowsites.lst to all systems having MAC address listed in /etc/squid/mac-addrs.lst and deny other sites.
MAC Addresses List
# cat /etc/squid/mac-addrs.lst
01:23:45:AB:CD:EF
AB:CD:EF:01:23:45
Allowed Sites List
# cat /etc/squid/allowsites.lst
www.google.co.in
yahoo.com
in.yahoo.com
Squid ACL Rule:
acl pcmacs arp "/etc/squid/mac-addrs.lst"
acl allowsites dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsites pcmacs
http_access deny pcmacs 
 
 
 

Squid Acl options

 
1> src      : source Ip Address
2> url_regx : Words in a Destination Web Address
3> dstdomain: Destination Web Address 

Squid restart vs. Squid reconfigure

Whenever Squid configuration is modified, Squid service needs to be restarted. Depending on the number of active connections, restarting the service may take a a while, sometimes several minutes. LAN users will not be able to access the Internet during this time. To avoid such service interruption, we can use the following command instead of

 "service squid restart".
# squid -k reconfigure

This command will allow Squid to run with updated parameters without restarting itself.
 

Popular Posts

Recent Posts

Unordered List

Categories

Text Widget

Powered by Blogger.

Home - PageNavi (show/hide)

Ads

Pages