Proxy servers operate as an intermediary between a local network and Internet. Requests from local clients for web services can be handled by the proxy server. Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. As it stores data from frequently used Web pages and files, it can often give your users the data they need without their systems having to look to the Internet.
From squid web proxy server you can control what should be access on your network from internet. It could be act as a filter that could filter everything from porn site to advertise , videos.
In our example we will configure squid web proxy server and filter sites and deny permission to specific host from accessing internet.
Configure squid web proxy server
squid rpm is required to configure squid web proxy server check it for install if not found install it.
check the hostname and ip address of server it will be use in editing of squid.conf
Main Squid configuration file is squid.conf in the /etc/squid/ directory. This file contains over 4000 lines in , but only a few are active by default. Most of this file is filled with comments that describe most directives and associated options. To make editing easier use show line numbers options and locate desire tag from line number. We suggest you not to cram line number use them only to locate the desire tag as a simple enter can change the number of all lines in file.
open /etc/squid/squid.conf for editing
show hidden line with : set nu option on vi command mode
You need to add three lines to the squid.conf file in the /etc/squid/ directory before activating Squid
First editing is about hostname locate visible_hostname tag near about line no 2835
Go in the end of this tag near about line no and add the hostname which you have checked in pervious command
By default squid works on port no 3128 but can change this. Port tag is located near line no 73
For our example we using the default port.
Next editing is to create access control list. Access control tag is located near the line no 2226
We will create three access list.
- First to block host with ip address 192.168.1.7 from accessing internet.
- Second to block a particular site.
- Third to allow our lab network for accessing internet.
Go in the end of access control tag near about line 2410 and create access list as show here
Final editing is to implement whatever access list you have configured in access list tag go to http access tag near line no 2482
In the end of this tag near line no 2529 apply the configured access list
Be very careful about the order of access list alway put http_access deny all line in the end of all line. Whatever access list defined below the http_access deny all line will never be checked.
You have made necessary changed in squid.conf now save it and return to command prompt.
We have created a access list web_deny to filter the web traffic. We have set http_access deny web_deny tag in squid.conf. Now you can add the url of those websites in this file which you want block.
Now create /etc/squid/web_deny file.
for testing purpose in our example we are blocking www.google.com
you can add any sites url in this file which you want to block.
You have completed all necessary steps now start the squid service.
Squid client configuration
On client set the ip configuration. Set proxy servers ip 192.168.1.3 to default getway and dns server ip on client system.
Now open the web browser and set the port number and ip address of proxy server in connection tab
If you can successful retrieve website mean squid is working correctly
Now try to open www.google.com
Now go system which ip address is 192.168.1.7 and try to access after doing same setting