squid proxy
squid proxy

Squid is a web proxy application with a variety of configurations and uses. Squid has a large number of access controls and supports different protocols, such as HTTP, HTTPS, FTP, and SSL. In this post, we will see how to use Squid as an HTTP proxy.

The Setup

Squid is quite an old, mature, and commonly used piece of software. It is generally shipped as a default package with various Linux distributions.

192.168.10.2 - is our proxy server.
192.168.10.3 - Will redirect/cache traffic via the proxy server.

Installing squid proxy

Install the required packages for squid proxy enable the squid service to start automatically on boot.

# yum install squid
# systemctl enable squid
# systemctl start squid

You may receive the below error if you do not have the latest openssl version

Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details.

To make sure, update the openssl version using the below command:

# yum update openssl

Now we can go ahead and start the quid service.

# systemctl start squid

Recommended Reading: How To Change OpenSSH Port On CentOS 7

Configuring squid proxy

The squid proxy by default listens on the port 3128. You may change this port as it may be a security precaution for some companies. Edit the squid configuration file /etc/squid/squid.conf modify http_port directives for port 3128 if you want to change this port. I will keep the port the same as this is a test setup.

# vim /etc/squid/squid.conf
# Squid normally listens to port 3128
http_port 3128

Restart the squid service for the changes to take effect.

# systemctl restart squid

Verify if the squid proxy processes are started.

# ps -ef | grep squid
root      5403     1  0 03:21 ?        00:00:00 /usr/sbin/squid -f /etc/squid/squid.conf
squid     5405  5403  0 03:21 ?        00:00:00 (squid-1) -f /etc/squid/squid.conf
squid     5406  5405  0 03:21 ?        00:00:00 (logfile-daemon) /var/log/squid/access.log
root      5448  5158  0 03:24 pts/0    00:00:00 grep --color=auto squid

You can also verify if the squid proxy is listening on the port 3128.

# ss -nlp | grep squid | grep 3128
tcp    LISTEN     0      128      :::3128                 :::*                   users:(("squid",pid=5405,fd=11))

We also need to allow the port 3128 in firewalld, in case it is enabled. Or you can simply disable the firewalld completely.

# firewall-cmd --add-port=3128/tcp --permanent

Setup client-server to use squid

# export http_proxy=http://${PROXY_FQDN}:8080

On the remote server, to verify you can connect to the proxy, you can run curl to the google.com

# curl -v  http://google.com | head -1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to google.com port 80 (#0)
*   Trying 2607:f8b0:4009:804::200e...
* Connected to google.com (2607:f8b0:4009:804::200e) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Wed, 05 Jun 2019 07:28:26 GMT
< Expires: Fri, 05 Jul 2019 07:28:26 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
<
{ [data not shown]
100   219  100   219    0     0   3145      0 --:--:-- --:--:-- --:--:--  3173
* Connection #0 to host google.com left intact

LEAVE A REPLY

Please enter your comment!
Please enter your name here