Web proxies have been around for quite some time now and have been used by millions of users around the globe. They have a wide range of purposes, most popular being online anonymity, but there are other ways you can take advantage of web proxies. Here are some ideas:<\/p>\n
The proxy server is a computer that is used as an intermediary between the client and other servers from which client may request resources. A simple example of this is when a client makes online requests (for example want to open a web page), he connects first to the proxy server.<\/p>\n
The proxy server then checks its local disk cache and if the data can be found in there, it will return the data to the client, if not cached, it will make the request in the client\u2019s behalf using the proxy IP address (different from the clients) and then return the data to the client. The proxy server will try to cache the new data and will use it for future requests made to the same server.<\/p>\n
Squid<\/strong>\u00a0is a web proxy used my wide range of organizations. It is often used as caching proxy and improving response times and reducing bandwidth usage.<\/p>\n For the purpose of this article, I will be installing\u00a0Squid<\/strong>\u00a0on a\u00a0Linode CentOS 7 VPS<\/a>\u00a0and use it as an HTTP proxy server.<\/p>\n Before we start, you should know that\u00a0Squid<\/strong>, does not have any minimum requirements, but the amount of RAM usage may vary depending on the clients browsing the internet through the proxy server.<\/p>\n Squid<\/strong>\u00a0is included in the base repository and thus the installation is simple and straightforward. Before installing it, however, make sure your packages are up to date by running.<\/p>\n Proceed by installing squid, start and enable it on system startup using following commands.<\/p>\n At this point your Squid web proxy should already be running and you can verify the status of the service with.<\/p>\n Here are some important file locations you should be aware of:<\/p>\n A minimum\u00a0 Here, we will show you how to configure squid as an HTTP proxy using only the client IP address for authentication.<\/p>\n If you wish to allow IP address to access the web through your new proxy server, you will need to add new\u00a0acl<\/strong>(access control list<\/strong>) line in the configuration file.<\/p>\n The line you should add is:<\/p>\n Where\u00a0XX.XX.XX.XX<\/strong>\u00a0is the actual client IP address you wish to add. The line should be added in the beginning of the file where the ACLs are defined. It is a good practice to add a comment next to ACL which will describe who uses this IP address.<\/p>\n It is important to note that if Squid is located outside your local network, you should add the public IP address of the client.<\/p>\n You will need to restart Squid so the new changes can take effect.<\/p>\n As you may have seen in the configuration file, only certain ports are allowed for connecting. You can add more by editing the configuration file.<\/p>\n Where\u00a0XXX<\/strong>\u00a0is the actual port you wish to load. Again it is a good idea to leave a comment next to that will describe what the port is going to be used for.<\/p>\n For the changes to take effect, you will need to restart squid once more.<\/p>\n You will most probably want your users to authenticate before using the proxy. For that purpose, you can enable basic http authentication. It is easy and fast to configure.<\/p>\n First you will need\u00a0httpd-tools<\/strong>\u00a0installed.<\/p>\n Now lets create a file that will later store the username for the authentication. Squid runs with user\u00a0\u201csquid\u201d<\/strong>\u00a0so the file should be owned by that user.<\/p>\n Now we will create a new user called\u00a0\u201cproxyclient\u201d<\/strong>\u00a0and setup its password.<\/p>\n Now to configure the autnetication open the configuration file.<\/p>\n After the ports ACLs add the following lines:<\/p>\n Save the file and restart squid so that the new changes can take effect:<\/p>\n Finally we will create one last\u00a0ACL<\/strong>\u00a0that will help us block unwanted websites. First create the file that will store the blacklisted sites.<\/p>\n You can add some domains you wish to block. For example:<\/p>\n The proceding dot tells squid to block all referecnes to that sites including\u00a0www.badsite1<\/strong>,\u00a0subsite.badsite1.com<\/strong>etc.<\/p>\n Now open Squid\u2019s configuration file.<\/p>\n Just after the ports ACLs add the following two lines:<\/p>\n Now save the file and restart squid:<\/p>\n Once everyting configured correctly, now you can configure your local client browser or operating system\u2019s network settings to use your squid HTTP proxy.<\/p>\n In this tutorial you learned how to install, secure and configure a Squid HTTP Proxy server on your own. With the information you just got, you can now add some basic filtering for incoming and outgoing traffic through Squid.<\/p>\n If you wish to go the extra mile, you can even configure squid to block some websites during working hours to prevent distractions. If you have any questions or comments, please post them in the comment section below.<\/p>\nHow to Install Squid on CentOS 7<\/h3>\n
# yum -y update\r\n<\/pre>\n
# yum -y install squid\r\n# systemctl start squid\r\n# systemctl enable squid\r\n<\/pre>\n
# systemctl status squid\r\n<\/pre>\n
Sample Output<\/h5>\n
\u25cf<\/strong> squid.service - Squid caching proxy\r\n Loaded: loaded (\/usr\/lib\/systemd\/system\/squid.service; enabled; vendor preset: disabled)\r\n Active: active (running)<\/strong> since Thu 2018-09-20 10:07:23 UTC; 5min ago\r\n Main PID: 2005 (squid)\r\n CGroup: \/system.slice\/squid.service\r\n \u251c\u25002005 \/usr\/sbin\/squid -f \/etc\/squid\/squid.conf\r\n \u251c\u25002007 (squid-1) -f \/etc\/squid\/squid.conf\r\n \u2514\u25002008 (logfile-daemon) \/var\/log\/squid\/access.log\r\n\r\nSep 20 10:07:23 tecmint systemd[1]: Starting Squid caching proxy...\r\nSep 20 10:07:23 tecmint squid[2005]: Squid Parent: will start 1 kids\r\nSep 20 10:07:23 tecmint squid[2005]: Squid Parent: (squid-1) process 2007 started\r\nSep 20 10:07:23 tecmint systemd[1]: Started Squid caching proxy.\r\n<\/pre>\n
\n
squid.conf<\/code>\u00a0configuration file (without comments in it) looks like this:<\/p>\nacl localnet src 10.0.0.0\/8\t# RFC1918 possible internal network\r\nacl localnet src 172.16.0.0\/12\t# RFC1918 possible internal network\r\nacl localnet src 192.168.0.0\/16\t# RFC1918 possible internal network\r\nacl localnet src fc00::\/7 # RFC 4193 local private network range\r\nacl localnet src fe80::\/10 # RFC 4291 link-local (directly plugged) machines\r\nacl SSL_ports port 443\r\nacl Safe_ports port 80\t\t# http\r\nacl Safe_ports port 21\t\t# ftp\r\nacl Safe_ports port 443\t\t# https\r\nacl Safe_ports port 70\t\t# gopher\r\nacl Safe_ports port 210\t\t# wais\r\nacl Safe_ports port 1025-65535\t# unregistered ports\r\nacl Safe_ports port 280\t\t# http-mgmt\r\nacl Safe_ports port 488\t\t# gss-http\r\nacl Safe_ports port 591\t\t# filemaker\r\nacl Safe_ports port 777\t\t# multiling http\r\nacl CONNECT method CONNECT\r\nhttp_access deny !Safe_ports\r\nhttp_access deny CONNECT !SSL_ports\r\nhttp_access allow localhost manager\r\nhttp_access deny manager\r\nhttp_access allow localnet\r\nhttp_access allow localhost\r\nhttp_access deny all\r\nhttp_port 3128\r\ncoredump_dir \/var\/spool\/squid\r\nrefresh_pattern ^ftp:\t\t1440\t20%\t10080\r\nrefresh_pattern ^gopher:\t1440\t0%\t1440\r\nrefresh_pattern -i (\/cgi-bin\/|\\?) 0\t0%\t0\r\nrefresh_pattern .\t\t0\t20%\t4320\r\n<\/pre>\n
Configuring Squid as an HTTP Proxy<\/h3>\n
Add Squid ACLs<\/h4>\n
# vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
acl localnet src XX.XX.XX.XX\r\n<\/pre>\n
# systemctl restart squid\r\n<\/pre>\n
Open Squid Proxy Ports<\/h4>\n
acl Safe_ports port XXX\r\n<\/pre>\n
# systemctl restart squid\r\n<\/pre>\n
Squid Proxy Client Authentication<\/h4>\n
# yum -y install httpd-tools\r\n<\/pre>\n
# touch \/etc\/squid\/passwd\r\n# chown squid: \/etc\/squid\/passwd<\/pre>\n
# htpasswd \/etc\/squid\/passwd proxyclient<\/strong>\r\n\r\nNew password:\r\nRe-type new password:\r\nAdding password for user proxyclient\r\n<\/pre>\n
# vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
auth_param basic program \/usr\/lib64\/squid\/basic_ncsa_auth \/etc\/squid\/passwd\r\nauth_param basic children 5\r\nauth_param basic realm Squid Basic Authentication\r\nauth_param basic credentialsttl 2 hours\r\nacl auth_users proxy_auth REQUIRED\r\nhttp_access allow auth_users\r\n<\/pre>\n
# systemctl restart squid\r\n<\/pre>\n
Block Websites on Squid Proxy<\/h4>\n
# touch \/etc\/squid\/blacklisted_sites.acl\r\n<\/pre>\n
.badsite1.com\r\n.badsite2.com\r\n<\/pre>\n
# vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
acl bad_urls dstdomain \"\/etc\/squid\/blacklisted_sites.acl\"\r\nhttp_access deny bad_urls\r\n<\/pre>\n
# systemctl restart squid\r\n<\/pre>\n
Conclusion<\/h5>\n