Installation and configuration of the Squid Caching service
1. Installation
[root@proxy squid]# yum install squid
Setting up Install Process
Setting up repositories
updates-released 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
base 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
[root@proxy squid]# rpm -qa|grep squid
squid-2.5.STABLE9-7
2. Check the service if its succssfully installed
[root@proxy squid]# chkconfig --list squid
squid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
3. Edit the configuration file, /etc/squid/squid.conf
#This port can be used for transparent proxy together with iptables
http_port 3128
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# OPTIONS FOR TUNING THE CACHE
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS LIST
acl all src 0.0.0.0/0.0.0.0
acl deny_url url_regex "/etc/squid/acl/deny_url"
# Block files for certain time
acl largefiles url_regex -i \.exe$ \.mp3$ \.avi$ \.mpeg$ \.ogg$
#Default open ports
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Networks Using the PROXY
acl private-net src 192.168.0.0/24
acl public-net src 20.18.11.0/24, 20.18.12.0/24
# Delay pools 80Kbps per station
delay_pools 1
delay_class 1 2
delay_parameters 1 100000/100000 10000/10000
delay_access 1 allow private-net
# ACL for time
acl gypmshift time 22:01-23:59
acl gyamshift time 00:01-05:59
acl amshift time M T W H F 06:00-12:00
acl lunchbreak time 12:01-12:59
acl pmshift time M T W H F 13:00-22:00
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny deny_url
#http_access deny block_download
http_access deny amshift largefiles
http_access allow lunchbreak largefiles
http_access deny pmshift largefiles
#http_access allow pmshift largefiles
http_access allow gyamshift largefiles
http_access allow gypmshift largefiles
http_access allowprivate-net
http_access allow public-net
http_access deny all
# and finally allow by default
http_reply_access allow all
icp_access allow all
cache_mgr jepoy
visible_hostname calamares
#########################
# FOR TRANSPARENT PROXY #
#########################
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#for logs /var/spool/squid
logfile_rotate 3
4. For every changes on the squid.conf file, restart the squid and check the logs for errors.
[root@proxy squid]# /sbin/service squid restart
Stopping squid: ................[ OK ]
Starting squid: ..[ OK ]