Squid & SquidGuard proxy on Centos

Squid & SquidGuard proxy on Centos Server

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.

In this short blog I will configure the proxy server with the guard functions on a Centos 6.4 Server machine. There are three proxy scenario setups:

• Proxy server - The web browser on the client is configured to point to the proxy server's IP address. 
• Transparent Proxy Server - The router sends all traffic on defined ports, to the transparent proxy server, this way clients cannot bypass the proxy server
• Reverse Proxy Server (Cache) - The reverse proxy server or cache server is placed in-front-of or prior-to the web server in order to speed up delivery of frequently requested pages and to protect the web server by creating a layer of separation and redundancy

I will setup the first simple scenario where I will point my Firefox to a certain ip address and the port on which the proxy server is listening.

To start there are three simple command to install squid, setup the startup script and start the service:

yum install squid

service squid start

chkconfig squid on

Let me test if the Squid is listening on the default port which is port 3128.

[root@centos-dc squid]# netstat -antp | grep squid

tcp  0  0 :::3128   ::::*  LISTEN      7312/(squid)

All the configuration of the Squid server is kept in the file /etc/squid/squid.conf. You can for instance change the port on which the Squid is listening by modifying the lines:

# Squid normally listens to port 3128

http_port 3128

For the initial test I have configured my client browser to point to this port and the IP address of the Centos server. I am using Firefox for the test and the settings can be found at: Edit-preferences > advanced > network tab > connection settings > manual proxy configuration.

After some random web page browsing I would like to see the parsing of the Squid proxy. This can be achieved in looking the insides of the log file of squid. Location of the file is /etc/var/log/squid/access.log

In the log file are recorded some POST and GET methods from the browser, so we can see that the proxy is working fine. We can now move on on installing the SquidGuard function of the proxy server. 

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. SquidGuard is published under GNU Public License. 

If one has installed a EPEL repository files that the installation is sraightforward. For more details on EPEL follow this link EPEL

yum install squidGuard

After a succesfull installation we can download the the latest BlackList file and copy it into the folder /var/squidguard/blacklists to be effective in URL filtering.

wget http://squidguard.mesd.k12.or.us/blacklists.tgz

After we download the blacklist file we must unpack it inside a folder called blacklist.

tar -zxvf blacklists.tar.gz

You will see a lot of add, spyware and other virus domains and URLs that will be blocked from the user perspective. After adding this file we should compile the SquidGuard module.

squidGuard -b -d -C all

We should also add the permissions for the squid account to the folder blacklists.

chown -R squid /var/squidGuard/blacklists 

To use the Squidguard a config line to the squid.conf file must be added. 

url_rewrite_program /usr/bin/squidGuard

Now only what is left is to restart the squid service.

service squid reload

ANd this is all to it. After this you can test the settings by trying to browse adult content and see if the content is banned.

Feel free to comment.