Squid proxy configuration in amazon linux 2 server
Squid is a
caching and forwarding HTTP web proxy. It has a wide multifariousness of uses, including speeding up a spider web server past caching repeated requests, caching spider web, DNS and other calculator network lookups for a group of people sharing network resource, and aiding security past filtering traffic.
In this scenario we are going to utilise proxy to restrict the web url or simply allow those url which we want to allow .
Simple diagram to understand.
Step 1 :
Launch ec2 instance in public subnet (which having internet connectivity)
Step two :
Ssh into that server using cardinal file and public IP .
Step 3 :
Install the squid proxy
sudo yum update -y
sudo yum install squid
sudo systemctl enable squid
sudo systemctl showtime squid
sudo systemctl condition squid
Step 4:
Squid files location /etc/squid/
Footstep 5 :
We need to let site which we want to allow .
Create a text file in the location /etc/squid
vi allow-site.txt
.google.com
.youtube.com
:wq!
Step 6 :
Navigate to configuration file half dozen /etc/squid/squid.conf
Add the below given line in the configuration
acl site dstdomain “/etc/squid/let-site.txt”
http_access allow site
Stride 7 :
Check the all configuration details
Default proxy port is 3128 just we can apply whatever in the scenario we are using 55
*********************************************************************************************************
# Recommended minimum configuration:
# Case rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src x.0.0.0/eight # RFC1918 possible internal network
#acl localnet src 172.xvi.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/xvi # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/ten # RFC 4291 link-local (directly plugged) machines
acl site dstdomain “/etc/squid/allow-site.txt”
http_access allow site
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port seventy # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025–65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Admission Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Merely permit cachemgr access from localhost
http_access allow localhost manager
http_access deny director
# We strongly recommend the post-obit be uncommented to protect innocent
# web applications running on the proxy server who think the but
# 1 who can admission services on “localhost” is a local user
#http_access deny to_localhost
#
# INSERT YOUR Ain Rule(Southward) Here TO ALLOW Access FROM YOUR CLIENTS
#
# Instance rule allowing access from your local networks.
# Adapt localnet in the ACL department to listing your (internal) IP networks
# from where browsing should exist allowed
#http_access allow localnet
http_access let localhost
# And finally deny all other access to this proxy
http_access deny all
#http_access let all
# Permit/Deny the provided URL
#http_access allow allow-site
# Squid unremarkably listens to port 3128
http_port 0.0.0.0:55
# Uncomment and arrange the post-obit to add a disk enshroud directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Exit coredumps in the first enshroud dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 twenty% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#
#logformat squid %tl{%Y:%thousand:%dT%H:%K:%South}
#tl %6tr %>a %Ss/%03Hs %<st %rm %ru %united nations %Sh/%<A %mt
#access_log /var/log/squid/access.log squid
****************************************************************
Stride eight :
After changing the configuration
Restart the squid server
#Service squid restart
Step ix :
How to check proxy working or not
Open port 55 in the SG of ec2 instance
Note : restrict port for vpn ip or any other static ip for the security purpose
Get the public or static IP of proxy server and put information technology in the mozilla firefox browser
And click ok
Open the browser later done the proxy configuration, cheque the allow site are opening fine or not and others are blocking .
Let side google.com is working
Blocking amazon.in
Congratulation squid proxy is working fine
Thankyou
How to setup Squid Proxy Cache Server in AWS
Source: https://rohan-j-tiwari.medium.com/squid-proxy-configuration-in-amazon-linux-2-server-db4fea33af80