1080*80 ad
Home » Blog » Setting up Squid Proxy on Rocky Linux 8

Setting up Squid Proxy on Rocky Linux 8

Benhcmark Administrator Benhcmark Administrator
07/08/2025
0 Views 0
Setting up Squid Proxy on Rocky Linux 8

How to Set Up and Configure a Squid Proxy on Rocky Linux 8: A Comprehensive Guide

Managing network traffic efficiently is crucial for performance, security, and policy enforcement. A powerful tool for this task is a proxy server, and Squid is one of the most popular, robust, and feature-rich options available. By caching frequently accessed web content and filtering traffic, Squid can significantly boost network speed and enhance security.

This guide provides a step-by-step walkthrough on how to install, configure, and secure a Squid proxy server on Rocky Linux 8.

What is a Squid Proxy?

Squid is a high-performance caching proxy server that supports various protocols, including HTTP, HTTPS, and FTP. Its primary functions include:

  • Caching: Storing copies of requested web objects (like images and web pages) locally. When another user requests the same object, it can be served from the cache, reducing bandwidth usage and improving response times.
  • Filtering: Controlling access to web content based on defined rules. You can block specific websites, domains, or types of content.
  • Access Control: Defining which users or IP addresses are allowed to use the proxy, adding a critical layer of security.

Prerequisites

Before we begin, ensure you have the following:

  • A server running a fresh installation of Rocky Linux 8.
  • Root or sudo privileges.
  • A basic understanding of the Linux command line.

Step 1: System Update and Squid Installation

First, it’s always best practice to ensure your system packages are up to date. Open your terminal and run the following command:

sudo dnf update -y

Once the system is updated, you can install the Squid package. The package is available in the default Rocky Linux repositories, making the installation straightforward.

sudo dnf install squid -y

This command will download and install Squid along with all its necessary dependencies.

Step 2: Starting and Enabling the Squid Service

After the installation is complete, you need to start the Squid service and enable it to launch automatically at boot.

To start the service immediately, use:

sudo systemctl start squid

To enable it on boot, use:

sudo systemctl enable squid

You can verify that the service is running correctly with the following command:

sudo systemctl status squid

You should see an “active (running)” status in the output.

Step 3: Core Squid Proxy Configuration

By default, Squid denies all requests, so you must configure it to allow traffic from trusted sources. This is done by editing the main configuration file located at /etc/squid/squid.conf.

It is highly recommended to create a backup of the original configuration file before making any changes.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original

Now, open the configuration file in your preferred text editor, such as nano or vi:

sudo nano /etc/squid/squid.conf

Configuring Access Control Lists (ACLs)

The core of Squid’s configuration revolves around Access Control Lists (ACLs) and http_access rules. ACLs define a set of criteria (like source IP addresses), and http_access rules either allow or deny requests that match those criteria.

  1. Define a Local Network ACL: You need to tell Squid which network addresses are allowed to use the proxy. Find the section with ACLs (you can search for acl localnet) and add a rule for your local network. For example, if your local network is 192.168.1.0/24, you would add:

    # Add this line to define your trusted network
acl localnet src 192.168.1.0/24

    Replace 192.168.1.0/24 with your actual network’s IP address range.

  2. Allow Access for the Local Network: By default, the configuration file includes http_access deny all. This rule blocks everyone. You need to insert a rule before this line to allow your localnet ACL. The order of these rules is critical.

    Find the line http_access deny all. Just before it, add the following:

    # Allow access from our defined local network
http_access allow localnet

# This existing rule secures the proxy by blocking all other requests
http_access deny all

  3. Check the Port: By default, Squid listens on port 3128. You can confirm this by looking for the http_port directive in the configuration file.

    http_port 3128

    You can change this port if needed, but for now, we will stick with the default.

Save the configuration file and exit the editor. For the changes to take effect, you must restart the Squid service:

sudo systemctl restart squid

Step 4: Configuring the Firewall

Even though the Squid service is running and configured, it cannot receive external requests because the system’s firewall is blocking port 3128. You need to add a rule to firewalld to allow TCP traffic on this port.

sudo firewall-cmd --add-port=3128/tcp --permanent

The --permanent flag ensures the rule persists after a reboot. Now, reload the firewall to apply the new rule:

sudo firewall-cmd --reload

Your Squid proxy server is now configured and ready to accept connections from your local network.

Step 5: How to Block Websites with Squid (Optional)

One of Squid’s most powerful features is content filtering. You can easily block access to specific websites.

  1. Create a file to list blocked sites:

    sudo nano /etc/squid/blocked_sites.txt

  2. Add domains to the file: Add one domain per line. Be sure to include a dot at the beginning to block all subdomains as well.

    .facebook.com
.twitter.com
.badwebsite.com

  3. Edit the Squid configuration file again:

    sudo nano /etc/squid/squid.conf

  4. Add a new ACL and a deny rule: Define an ACL for your blocked sites list and then add a rule to deny access. Crucially, this deny rule must be placed before your http_access allow localnet rule.

    # ACL for blocked websites
acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt"

# Rule to deny access to the sites in the list
http_access deny blocked_sites

# Your existing rule to allow local network access
http_access allow localnet

  5. Restart Squid to apply the new filtering rules:

    sudo systemctl restart squid

Now, any client using the proxy will be unable to access the websites listed in your blocked_sites.txt file.

Final Steps: Client Configuration

To use your new proxy, you must configure the client machines on your network. In your operating system or browser settings, navigate to the network or proxy configuration section. Enter the IP address of your Rocky Linux server and the port number 3128.

Once configured, all web traffic from that client will be routed through your Squid proxy, benefiting from caching, filtering, and enhanced control. You have successfully deployed a powerful tool for network management and security.

Source: https://kifarunix.com/install-and-configure-squid-proxy-on-rocky-linux-8/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket