Squid Server Configuration Step By Step on Centos 5

Published June 26, 2010 by Siva

I recently configured squid server in Centos 5. I have shared my documentation with you all. Feedback’s are welcome.

Squid Configuration File:

/etc/squid/squid.conf

Squid Access File Location:

/var/log/squid/access.log

Squid Error File Location:

/var/log/squid/cache.log

Viewing online Access log

tail -f /var/log/squid/access.log |grep  192.168.1.124

Configuration File

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 81 # Apache_new

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl Allow_url dstdomain  “/etc/squid/custom/allowedurls”

acl goodsites dstdomain  “/etc/squid/custom/goodsites”

acl goodsites_ips src “/etc/squid/custom/goodsites_dst_ips”

acl jobsites_ips src “/etc/squid/custom/jobsites_dst_ips”

acl download_ips src “/etc/squid/custom/download_dst_ips”

acl emailallowip src  “/etc/squid/custom/emailallowips_dst_ips” # for Geetha_System

acl allallowip src  “/etc/squid/custom/allallowips_dst_ips”

acl dlds urlpath_regex -i \.gz \.msi \.rm \.asf \.mp4 \.mpa \.cab \.mp3 \.rm \.ram \.mepg \.mpg \.exe \.dll \.chm \.iso \.rar \.zip  \.flv \.torrent

acl jobs dstdomain “/etc/squid/custom/job-sites.acl”

acl social dstdomain “/etc/squid/custom/social-sites.acl”

acl porn dstdomain “/etc/squid/custom/porn-sites.acl”

acl proxy1 dstdomain “/etc/squid/custom/proxy-sites.acl”

acl hack dstdomain “/etc/squid/custom/hack-sites.acl”

acl fileupload dstdomain “/etc/squid/custom/file-upload.acl”

acl email1 dstdomain “/etc/squid/custom/email-sites.acl”

http_access allow localhost

#http_access deny GeneralSites

http_access deny jobs !jobsites_ips

http_access deny social !allallowip

http_access deny porn

http_access deny proxy1

http_access deny hack

http_access deny fileupload !allallowip

http_access deny email1 !emailallowip

http_access deny dlds !download_ips

http_access allow Allow_url

http_access allow goodsites goodsites_ips

http_access allow all

http_access deny all

http_port 3128 transparent

icp_port 3130

cache_mem 16 MB

cache_dir ufs /var/spool/squid 100 16 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

visible_hostname net.minthomes.server

Restarting squid Service

# Service squid restart or /etc/init.d/squid restart

# Service squid reload or /etc/init.d/squid reload

Please contact me, if you facing any issues or clarifications. Thanks

Advertisements

13 comments on “Squid Server Configuration Step By Step on Centos 5

  • can you please explain for what purpose we add this line and also what we need to add in the below files
    acl Allow_url dstdomain “/etc/squid/custom/allowedurls”

    acl goodsites dstdomain “/etc/squid/custom/goodsites”

    acl goodsites_ips src “/etc/squid/custom/goodsites_dst_ips”

    acl jobsites_ips src “/etc/squid/custom/jobsites_dst_ips”

    acl download_ips src “/etc/squid/custom/download_dst_ips”

    acl emailallowip src “/etc/squid/custom/emailallowips_dst_ips” # for Geetha_System

    acl allallowip src “/etc/squid/custom/allallowips_dst_ips”

    acl dlds urlpath_regex -i \.gz \.msi \.rm \.asf \.mp4 \.mpa \.cab \.mp3 \.rm \.ram \.mepg \.mpg \.exe \.dll \.chm \.iso \.rar \.zip \.flv \.torrent

    acl jobs dstdomain “/etc/squid/custom/job-sites.acl”

    acl social dstdomain “/etc/squid/custom/social-sites.acl”

    acl porn dstdomain “/etc/squid/custom/porn-sites.acl”

    acl proxy1 dstdomain “/etc/squid/custom/proxy-sites.acl”

    acl hack dstdomain “/etc/squid/custom/hack-sites.acl”

    acl fileupload dstdomain “/etc/squid/custom/file-upload.acl”

    acl email1 dstdomain “/etc/squid/custom/email-sites.acl”

  • hi sivakumar,

    U R doing an excellent job. I already configured squid but i am not able to control ultra surf

    browser. its becoming a big headache for me, Please send me if is there any solution to block Ultra surf.

    Regards
    A.Ram

    • Ultrasoft is one among the proxy bypass software which cannot be blocked since the IP address of the server changed frequently and also it encrypts the traffic through the secured pipe.
      I think the only way to block it in the squid is to block IP based browsing in the squid proxy
      TO achieve this you should add the below lines in the squid.conf file

      vi /etc/squid/squid.conf

      add the below lines in the top of all access lists

      acl ipacl url_regex http://%5B0-9%5D*\.[0-9]*\.[0-9]*\.[0-9]*
      http_access deny ipacl
      acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
      http_access deny numeric_IPs

      after this Ultrasurf will not be able to connect to their server since it initiate IP based request for that

  • Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: