Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 16. Configuring the Squid Caching Proxy Server

Squid is a proxy server that caches content to reduce bandwidth and load web pages more quickly. This chapter describes how to set up Squid as a proxy for the HTTP, HTTPS, and FTP protocol, as well as authentication and restricting access.

16.1. Setting up Squid as a Caching Proxy Without Authentication
Copiar o link

This section describes a basic configuration of Squid as a caching proxy without authentication. The procedure limits access to the proxy based on IP ranges.

Prerequisites

  • The procedure assumes that the /etc/squid/squid.conf file is as provided by the squid package. If you edited this file before, remove the file and reinstall the package.

Procedure

  1. Install the squid package: 
    # yum install squid
    Copy to Clipboard Toggle word wrap
  2. Edit the /etc/squid/squid.conf file:
    1. Adapt the localnet access control lists (ACL) to match the IP ranges that should be allowed to use the proxy: 
      acl localnet src 192.0.2.0/24
acl localnet 2001:db8::/32
      Copy to Clipboard Toggle word wrap
      By default, the /etc/squid/squid.conf file contains the http_access allow localnet rule that allows using the proxy from all IP ranges specified in localnet ACLs. Note that you must specify all localnet ACLs before the http_access allow localnet rule.

      Important

      Remove all existing acl localnet entries that do not match your environment.
    2. The following ACL exists in the default configuration and defines 443 as a port that uses the HTTPS protocol: 
      acl SSL_ports port 443
      Copy to Clipboard Toggle word wrap
      If users should be able to use the HTTPS protocol also on other ports, add an ACL for each of these port: 
      acl SSL_ports port port_number
      Copy to Clipboard Toggle word wrap
    3. Update the list of acl Safe_ports rules to configure to which ports Squid can establish a connection. For example, to configure that clients using the proxy can only access resources on port 21 (FTP), 80 (HTTP), and 443 (HTTPS), keep only the following acl Safe_ports statements in the configuration: 
      acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
      Copy to Clipboard Toggle word wrap
      By default, the configuration contains the http_access deny !Safe_ports rule that defines access denial to ports that are not defined in Safe_ports ACLs.
    4. Configure the cache type, the path to the cache directory, the cache size, and further cache type-specific settings in the cache_dir parameter: 
      cache_dir ufs /var/spool/squid 10000 16 256
      Copy to Clipboard Toggle word wrap
      With these settings:
      • Squid uses the ufs cache type.
      • Squid stores its cache in the /var/spool/squid/ directory.
      • The cache grows up to 10000 MB.
      • Squid creates 16 level-1 sub-directories in the /var/spool/squid/ directory.
      • Squid creates 256 sub-directories in each level-1 directory.
      If you do not set a cache_dir directive, Squid stores the cache in memory.
  3. If you set a different cache directory than /var/spool/squid/ in the cache_dir parameter:
    1. Create the cache directory: 
      # mkdir -p path_to_cache_directory
      Copy to Clipboard Toggle word wrap
    2. Configure the permissions for the cache directory: 
      # chown squid:squid path_to_cache_directory
      Copy to Clipboard Toggle word wrap
    3. If you run SELinux in enforcing mode, set the squid_cache_t context for the cache directory: 
      # semanage fcontext -a -t squid_cache_t "path_to_cache_directory(/.*)?"
# restorecon -Rv path_to_cache_directory
      Copy to Clipboard Toggle word wrap
      If the semanage utility is not available on your system, install the policycoreutils-python-utils package.
  4. Open the 3128 port in the firewall: 
    # firewall-cmd --permanent --add-port=3128/tcp
# firewall-cmd --reload
    Copy to Clipboard Toggle word wrap
  5. Start the squid service: 
    # systemctl start squid
    Copy to Clipboard Toggle word wrap
  6. Enable the squid service to start automatically when the system boots: 
    # systemctl enable squid
    Copy to Clipboard Toggle word wrap

Verification Steps

To verify that the proxy works correctly, download a web page using the curl utility: 
# curl -O -L "https://www.redhat.com/index.html" -x "proxy.example.com:3128"
Copy to Clipboard Toggle word wrap
If curl does not display any error and the index.html file was downloaded to the current directory, the proxy works.
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat