Squid

From Omnia
Jump to navigation Jump to search

Squid HTTP Caching Proxy

squid : Optimising Web Delivery
https://www.squid-cache.org/

TCP Port

Squid normally listens to port 3128

Installation

Ubuntu:

sudo apt update
sudo apt install squid

Ubuntu Default Configuration

(trimmed out comments and empty)

# grep -v "#" /etc/squid/squid.conf | grep -v "^$"
acl SSL_ports port 443
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
include /etc/squid/conf.d/*.conf
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern .               0       20%     4320

Proxy All

/etc/squid/cond.d/proxy.conf
http_port 80 transparent
http_access allow all
visible_hostname proxy
# http_port 8000
# access_log /var/log/squid/access.log squid


~/.bashrc:

export HTTP_PROXY=http://10.0.0.4:8000/
export HTTPS_PROXY=http://10.0.0.4:8000/
export http_proxy=http://10.0.0.4:8000/
export https_proxy=http://10.0.0.4:8000/

Domain Blacklist

acl domain_blacklist dstdomain "/etc/squid/domain_blacklist.txt"
http_access deny all domain_blacklist

Warning: Add these entries before the first http_access allow statement that allows access to users or clients.

Create the /etc/squid/domain_blacklist.txt file and add the domains you want to block. For example, to block access to example.com including subdomains and to block example.net, add:

.example.com
example.net

Restart or reload squid:

systemctl restart squid
# or
systemctl reload squid

ref: [1]

Run Squid

After editing squid.conf to your liking, run Squid from the command line TWICE:

   % /usr/sbin/squid -z
   % /usr/sbin/squid

Check in the cache.log (/usr/local/squid/var/logs/cache.log) that everything is all right.

Once Squid created all its files (it can take several minutes on some systems), test it with echoping or a regular Web client. By default, your Squid will run on port 3128. See the Squid FAQ for more details.

Once you have Squid working from the command line, tell your Unix to start Squid at startup (it depends heavily on the Unix you use, you'll typically have to modify something in a /etc/rc_something).

CentOS Quick Start

The CentOS 5.5 'squid' package comes preconfigured. For squid to start the server needs to have a static IP address and a resolvable hostname (/etc/hosts is fine). By default only localhost is allowed to access the proxy. To allow everyone add 'http_access all' before the 'http_access deny all' line.

http_access all

Default CentOS 5.5 /etc/squid/squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid

Quick Start

Squid 2.5 Quick Start Guide (Visolve)

keywords

squid caching proxy