How to install squid proxy server on CentOS 7 linux

October 25, 2019October 26, 2019

Squid is one of the greatest softwares for linux that act as a proxy. Today we are going to tell you how to install squid proxy server on CentOS 7 linux.

squid has alot of usages. you can configure it as a forwarding proxy or reverse proxy. here we want to install squid and configure it as a forwarding proxy.

Here is our environment:

OS: CentOS 7 linux on VMWare
IP: 192.168.43.242
SElinux: enforcing

1-Install squid

squid is available in base repository. also we want to enable authentication for squid. so we will install squid and prerequisites with the following command:

# yum install squid httpd-tools

2- Configure squid

squid configuration file is in /etc/squid/ directory. so open it with Vim:

# vim /etc/squid/squid.conf

it’s a good idea to hide squid version. so add this line to the top of config file:

httpd_suppress_version_string on

add this line and replace IP address range with your own:

acl localnet src 192.168.43.0/24

it allows your private network to access squid.
add any port that is not in squid config file, if you have a service on it. for example if you have a service on port 8080 add it like:

acl Safe_ports port 8080

squid normally listens on port 3128. you can leave it unchanged or change it to what the port you would prefer:

http_port 3128

squid support some authentication method like RADIUS and password authentication.
in addition it’s strongly recommend to add authentication to your squid. so add these lines to the TOP of squid config file:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

create password file:

# touch /etc/squid/passwd

change the owner of password file to squid:

# chown squid: /etc/squid/passwd

then add users:

# htpasswd /etc/squid/passwd testuser

4- Configue firewall

we need to open port 3128 on firewall. so run this commnad:

# firewall-cmd --zone=public --add-port=3128/tcp --permanent

then restart firewall:

# firewall-cmd --reload

3- Start squid

finally enable and start squid:

# systemctl enable squid
# systemctl start squid

now you can set IP address and port 3128 of squid in your browsers or programs.