Today we’re going to install a SQUID transparent proxy server in just a few commands – Setting up a Squid server can be a a challenge especially if this is your first time, this solution is perfect if you have limited knowledge of Squid or just need a web filter / caching server / proxy in a minute.
So let’s get started!
What you will need to do this tutorial:
- A VPS or Dedicated server that is running CentOS 6.x, don’t worry this script is architecture independent, x86 or 64 will be fine.
- About 5 minutes of time and an already primed session of Pu tty ready to go
Need a VPS? I highly recommend DigitalOcean if you are shopping around, pretty quick support and their entire website is perfectly automated. It’s a very impressive place to hang out!
Okay, let’s begin!
In your ready to go putty session run the following commands:
yum install -y git cd /opt && git clone git://github.com/xaviertidus/Squidinst.git cd Squidinst && bash install.centos6.sh
Test it out!
Your proxy should already be good to go and there are a few ways you can test it out:
Internet Explorer – Internet Options -> LAN Settings
Just enter in the hostname or ip address of your squid proxy and the port Squid is listening on, if you didn’t change our script or any settings after install it will be port 53535.
You can also just set the default gateway on your computer to the Squid server’s IP address or hostname, because in our script we also routed all traffic to port 80 to Squid 53535, and SSL traffic on port 445 is just passed out to the WWW.
The next steps
We included a few extra (and empty) configuration files, these are so you can set security options without having to edit the squid.config file!
Here is the list of the files and a brief explanation of what they are intended to do, for each file, you should only enter 1 item per line in the file without leading / trailing spaces and no blank lines in the files (top, middle or bottom!).
These are clients (IPs or Hostnames) that are exempt from all filtering and caching, its always a good idea to have the ability to exemplify a client from these rules so you can test problems without bringing down the whole system.
This is where you can specify clients that are blocked from using this service. In our configuration file we have allowed all the typical local IP address ranges for access to the Squid server as this is a pretty normal configuration, however if you have a few IPs or clients within this range that you wish to block, entering them in here is how you can achieve this.
This is a list of websites that you wish to block people from accessing, you can also specify IP addresses in here, however generally you block specific IP addresses for a specific reason so we have another file for this purpose just to make your configuration a bit cleaner!
As previously mentioned, this is where you can specify IP addresses that the clients should be denied access to.
This is where you can specify keywords that could be found in the web address / query string of content that you wish to block / prevent on your network.
May I also suggest that you keep a log separately of why you blocked these items, as in 6 months time will you remember the reasons for all of your rules then?
Enjoy you new Squid Server!