How to install SQUID on RHEL 7 - nomorespice/rhel7-howto GitHub Wiki

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. This procedure will guide you through the installation process on a Red Hat Enterprise Linux 7 server.

This document assumes that:

  • you installed the RHEL 7 x64 Operating System according to How to install RHEL 7 via kickstart
  • you are performing these tasks as root
  • you are performing these tasks in order, as some tasks require others to be completed first

Install the Squid software

yum -y install squid

Configure Squid

Be sure to modify the following to customize for your environment:

  • Modify the visible hostname
  • Change the internal ACL network IP address
  • Modify the cache manager email address
mv /etc/squid/squid.conf /etc/squid/squid.conf.orig

/bin/cat << EOT >/etc/squid/squid.conf
visible_hostname HOSTNAME
http_port 3128
cache_effective_user squid
cache_effective_group squid
#
pipeline_prefetch on
shutdown_lifetime 1 second
httpd_suppress_version_string on
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
#
acl internal src 192.168.1.0/24
http_access allow internal
http_access deny all
always_direct allow all
cache deny all
ident_lookup_access deny all
icp_port 0
icp_access deny all
htcp_port 0
htcp_access deny all
snmp_port 0
snmp_access deny all
#
logformat combined %{x-forward}>h %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log combined
buffered_logs on
coredump_dir /var/spool/squid
#
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
client_lifetime 20 hours
pconn_timeout 1 minute
request_header_max_size 64 KB
detect_broken_pconn on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
#
via off
forwarded_for off
ignore_unknown_nameservers on
cache_mgr [email protected]
#
request_header_access Accept-Language deny all
request_header_access Accept-Encoding deny all
request_header_access Cache-Control deny all
request_header_access Referer deny all
request_header_access Via deny all
request_header_access x-forward deny all
request_header_access X-Forwarded-For deny all
request_header_access X-Real-IP deny all
request_header_replace Accept-Encoding gzip, deflate
request_header_replace Accept-Language en-US
EOT

Start and enable required services

systemctl start squid
systemctl enable squid
⚠️ **GitHub.com Fallback** ⚠️