How to configure squid in Red Hat Enterprise Linux

Solution Verified - Updated 21 Feb 2017

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Squid

Issue

How to configure squid in Red Hat Enterprise Linux

Resolution

1. install squid

yum install squid -y

2. Backup the original config file.

mv /etc/squid/squid.conf /etc/squid/squid.conf.org

3. Create a new /etc/squid/squid.conf with the following contents.

Edit the acl line for mynetwork to define source network for your local network. This will need to be the network where client systems use the squid server as their proxy. In this example the mynetwork line would define a class C subnet.
Since squid reads configuration from the beginning of file. Therefore, it is necessary to note that order of the configuration file also important.

RHEL5:

acl mynetwork src xxx.xxx.xxx.0/24	
http_access allow mynetwork

#defaults
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80		
acl Safe_ports port 21		
acl Safe_ports port 443		
acl Safe_ports port 70		
acl Safe_ports port 210		
acl Safe_ports port 1025-65535	
acl Safe_ports port 280		
acl Safe_ports port 488		
acl Safe_ports port 591		
acl Safe_ports port 777		
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid

RHEL6, RHEL7

acl mynetwork src xxx.xxx.xxx.0/24	
http_access allow mynetwork

#defaults
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8	
acl localnet src 172.16.0.0/12	
acl localnet src 192.168.0.0/16	
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443
acl Safe_ports port 80		
acl Safe_ports port 21		
acl Safe_ports port 443		
acl Safe_ports port 70		
acl Safe_ports port 210		
acl Safe_ports port 1025-65535	
acl Safe_ports port 280		
acl Safe_ports port 488		
acl Safe_ports port 591		
acl Safe_ports port 777		
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

4. The last step to setup squid, is to start the service and enabling it on boot.

RHEL5, RHEL6

chkconfig squid on
service squid start

RHEL7

systemctl enable squid
systemctl start squid

5. If a firewall is enabled, allow the squid port.

RHEL5

echo "--port=3128:tcp" >> /etc/sysconfig/system-config-securitylevel
system-config-securitylevel-tui

RHEL6

echo "--port=3128:tcp" >> /etc/sysconfig/system-config-firewall
system-config-firewall-tui

RHEL7

firewall-cmd --add-port=3128/tcp --permanent

6. Configure web browsers to use the proxy

Firefox:
Select the Firefox tab on the top left of the Firefox window.
Select Options -> Options
Select the Advanced Tab
Select the Network tab
Select the Settings... button in the Connection section.
Select the Manual Proxy configuration option
In the HTTP Proxy: section enter the FQDN or ip address of the squid server.
In the Port section for the HTTP Proxy enter 3128.
Select the OK button at the bottom of the windows twice to exit the options and save results.

Internet Explorer:
Select the Tools menu or press Alt+X
Select Internet Options
Select the Connections tab
Select the LAN Settings button
Select the check box for Use a Proxy server for local addresses
In the Address section enter the FQDN or ip address of the squid server.
In the Port section enter 3128.
Select the OK button at the bottom of the windows twice to exit the options and save results.

SBR

Services

Product(s)

Red Hat Enterprise Linux

Components

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.