How to configure Squid Proxy
1. Download squid at http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE11.tar.gz
2. after that unzip by: tar -zxvf squid-2.5.STABLE11.tar.gz
3. after already tar,go into that folder dan start configure squid :
./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid --enable-delay-pools --enable-cache-diggests --enable-poll --disable-ident-lookups --enable-async-io=16 --enable-auth-modules --enable-removal-policies --enable-snmp
4. then add user for squid :
useradd -d /usr/local/squid/ -r -s /dev/null squid > /dev/null 2>&1
5. Then execute make all then make install
6. Then got to and find configuration file dir /usr/local/squid/etc liat squid.conf
7. Edit squid.conf like this:
note: this just and sample,if got error..check again.
##sample
http_port 202.155.166.24:8888 <= this 8888 is the port##
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#Recommended minimum configuration:
#auth_param digest program
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
###### masukan ip yang bole akses ######
acl warnet src 222.124.76.111/32
##################################
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow warnet
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access User-Agent deny all
header_access WWW-Authenticate deny all <- make it deny if u don’t wan squid having annoying popup².
header_access Link deny all
header_replace User-Agent Cisco Cache Engine, Version 1.7.0
header_access Accept-Encoding deny all
header_access X-Forwarded-For deny all
header_access Via deny all
N.B: acl warnet src 222.124.76.111/32 <<-- replace IP inet with yours.. after finish editing..then save
8. Then execute
chown -R squid.squid /usr/local/squid
chmod 777 /usr/local/squid/var/logs/
chmod 777 /usr/local/squid/var/
9. If finished, execute, /usr/local/squid/sbin/squid -z
10. if success creating swap.. then execute /usr/local/squid/sbin/squid
11. Check ps -uax is it in the squid process? And check netstat -plnat what port listen to it?
If got error after running squid, try finding its error by execute tail -f /var/logs/messeges
Command for reconfigure squid:
/usr/local/squid/sbin/squid -k reconfigure
