Configuring Proxy server in Linux (CentOS / Red Hat)

You are most welcome to this post.

Really thanks to you for your interest in this topics. :)

Hope that from the previous post, you’ve gain some basic knowledge about the proxy server. Now lets configure, the proxy server as web filter.

Configuring Proxy server in Linux (CentOS / Red Hat)

First, Update yum repositories and packages by typing the below command:

[root@localhost ~]# yum update

 

After that install squid proxy, which is a proxy server software package.

[root@localhost ~]# yum install squid

Now we need to configure the configuration file. Generally the configuration file stays in “/etc/squid/squid.conf ”

After that lets start the squid service.

[root@localhost ~]# service squid start

 

Now implement the proxy IP into your browser, For example, if you are using firefox browser, then you can change the proxy setting as :

options>> advanced >>network >> setting (connection)>> input your desire IP.

 

Hope that other browsers has similar types of options.

Now check the browsing from the  proxy server access log by using the command:

[root@localhost ~]# cat /var/log/squid/access.log

 

Sometimes you may face problems of browsing or configuring the proxy server. So if you face this type of problem, then just disable the firewall (IP tables) and SELinux

By the following command you can disable the firewall (IP tables)

[root@localhost ~]# service iptables stop

[root@localhost ~]# chkconfig iptables off

 

To disable the SELinux, just follow the steps:

Open the “/etc/selinux/config ”

Here you can see ” SELINUX=enforcing ” .

Just replace the enforcing word with ” disabled “.

After that reboot the system. That means reboot the server.

 

now we’ll see how to configure proxy server as web filter. That means, in this section, we’ll see how to block specific website of specific keyword with the help of the proxy server.

Step 1: At first create a file in the directory ” /etc/squid/blockedsites.squid “.

[root@localhost ~]# nano /etc/squid/blockedsites.squid

Then write :

#blocked sites

www.example.com

www.example-mail.com

 

Step 2: Open the ” /etc/squid/squid.conf ” and create  ACL as “block_sites” and give the type as ” dstdomain ”

 

 

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

ACL CONNECT method CONNECT

# ACL blocksites

 

 

After that using nano open ” /etc/squid/blockedsites.squid ” and add the following lines.

 

# Recommended minimum Access Permission configuration:

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blocksites ACL

http_access deny blocksites

 

 

Now restart the proxy service, that is the squid proxy service.

[root@localhost ~]# service squid restart

 

So we’ve filtered the specific websites. Now open your browser and try to access www.example.com

See, if the configuration is ok, then you can’t access the web site.

Now we’ll block specific keyword. If anyone search with specific keyword, then he/she will can’t access the site containing that word.

 

At first Create a file using nano in the location ” /etc/squid/blockkeywords.squid “.

[root@localhost ~]# nano /etc/squid/blockkeywords.squid

#blocked keywords

Cricket

game

joy

 

 

 

Again open the ” /etc/squid/squid.conf ” and create a new ACL ” block_key_words ” and ACL type ” URL_REGEX ” in the ACL section.

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

# ACL blocksites

acl blocksites dstdomain “/etc/squid/blockedsites.squid”

# ACL blockkeywords

acl blockkeywords url_regex -i “/etc/squid/blockkeywords.squid”

 

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blocksites ACL

http_access deny blocksites

# Deny access to blockkeywords ACL

http_access deny blockkeywords

 

 

SO we’ve learn how to block specific website and specific keyword, now we’ll see how to block specific IP address, just as previous create a file in the same location using nano  and place the IP address which you want to block.

[root@localhost ~]# nano /etc/squid/blockedip.squid

#blocked ips
192.168.2.125
192.168.2.126

 

And now as previous create a new file by using nano in the location ” /etc/squid.conf ” and write:

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

# ACL blocksites

acl blocksites dstdomain “/etc/squid/blockedsites.squid”

# ACL blockkeywords

acl blockkeywords url_regex -i “/etc/squid/blockkeywords.squid”

# ACL blockip

acl blockip src “/etc/squid/blockip.squid”

 

Now add these lines to the http section:

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blockip ACL

http_access deny blockip

# Deny access to blocksites ACL

http_access deny blocksites

# Deny access to blockkeywords ACL

http_access deny blockkeywords

 

Till then we have used the default port no. which is 3128. If you want you can change this port no. Just follow the cmand.

 

[root@localhost ~]# nano /etc/squid/squid.conf

here you may see http_port 3128

You can replace the port no with : http_port 9201 <Or your desired port no.>