How to Install and Configure Squid Proxy on CentOS 7

A proxy server is a computer which sits between two endpoint devices and acts as an intermediate device. When the client computer requests a resource from the server, it may be a file or a web page, the request is sent to the proxy server first. The proxy server then sends the request to the destination server and obtains the resource sent by the server. Once the resource is obtained by the proxy server, it sends the resource to the client machine. The use of a proxy server is that it can cache the resource, for example if a website is accessed frequently from a proxy server, it’s likely that the proxy server will have the content of the site in its cache, it can now serve the webpage directly to the user. A proxy server can be used to facilitate security, administrative controls and caching services. Proxy servers can also be used for anonymity as whenever obtaining a resource from a server, proxy server uses its own IP address rather than the client’s IP address.

What is Squid Proxy

Squid is a full-featured web proxy cache server application which provides proxy and cache services for HTTP, FTP, SSL requests and DNS lookups. It also performs transparent caching that reduces bandwidth and improves response time by caching and reusing frequently requested web pages.
In this tutorial we will learn to install Squid Proxy on CentOS 7. We will also learn about some basic configuration which can be done on Squid caching server.


Squid does not have any minimum hardware requirements, but the amount of RAM may vary according to the users accessing the Internet through your proxy and the objects stored in the cache. To follow this tutorial you will need a CentOS 7.x server with root access on it. If you are logged in as non root user, run sudo -i to switch to root user. You can also use sudo command before all the administrative commands to run them as root user.

How to Install Squid on CentOS 7

Before installing any packages, it is recommended to update the system and packages using the following command.

sudo yum -y update

Squid packages are available in default yum repositories. Execute below command on your server to install SQUID proxy server.

sudo yum -y install squid

Now start squid service

sudo systemctl start squid

and type this below command to start squid service automatically while booting.

sudo systemctl  enable squid

At this point your Squid web proxy should already be running and you can verify the status of the service with.

sudo systemctl status squid

Sample output:

systemctl status squid
 squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-03-28 13:45:39 EDT; 1min 47s ago
 Main PID: 3659 (squid)
   CGroup: /system.slice/squid.service
           ├─3659 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─3661 (squid-1) -f /etc/squid/squid.conf
           └─3662 (logfile-daemon) /var/log/squid/access.log

Mar 28 13:45:38 lintut.loc systemd[1]: Starting Squid caching proxy...
Mar 28 13:45:39 lintut.loc systemd[1]: Started Squid caching proxy.
Mar 28 13:45:39 lintut.loc squid[3659]: Squid Parent: will start 1 kids
Mar 28 13:45:39 lintut.loc squid[3659]: Squid Parent: (squid-1) process 3661...d
Hint: Some lines were ellipsized, use -l to show in full.

If Firewalld is running, you need to allow squid proxy service.

sudo firewall-cmd --add-service=squid --permanent
sudo firewall-cmd --reload

Configuring Squid

Squid can be easily configured by editing the global configuration file /etc/squid/squid.conf. To edit the configuration file run the following command.

sudo vi /etc/squid/squid.conf

You can use any editor of your choice, in this tutorial we will be using vi editor.
A minimum sample configuration file will look like this.

    # Recommended minimum configuration:
    ## Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src     # RFC1918 possible internal network
    acl localnet src  # RFC1918 possible internal network
    acl localnet src # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT#
    # Recommended minimum Access Permission configuration:
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports# Only allow cachemgr access from localhost
    http_access allow localhost manager
    http_access deny manager# We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost#
    ## Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost# And finally deny all other access to this proxy
    http_access deny all# Squid normally listens to port 3128
    http_port 3128# Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256# Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid
# # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320
1 2 3Next page

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button