input license here
Home  ›  Cloud Server

Instructions for installing and configuring Squid HTTP Proxy Server IPV6 on CentOS 7


Introduce:




  • Proxy server is an intermediary server between the client and the server that performs the task of transferring data between the client and the server.

  • Immediately after the request is requested, the proxy server will check its cache for data in it, it will return the data to the client, if not in the cache, it will make the request on behalf of the client and send data back to the client.

  • Here, people often use proxies for the purpose of fake IP or hiding access information


Step 1: Install Squid
yum install -y squid


# Stop firewallD


systemctl stop firewallD


Start Squid
systemctl start squid
Allow squid to start with the system
systemctl enable squid


Step 2: Configure squid


vi /etc/squid/squid.conf


– Add the following content to the file squid.conf


# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src x.x.x.x/24 # RFC1918 possible internal network


# Add rule
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling htt
acl CONNECT method CONNECT


forwarded_for off
# Hide client ip #
forwarded_for delete
# Turn off via header #
via off
####
acl portA localport 24000
# Map ports and IP addresses
tcp_outgoing_address 2403:6a40:0:88:bc26:ebff:fe1b:d5 portA
# Disable show ipv4
tcp_outgoing_address 127.0.0.1 portA
# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users


# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#http_access allow localhost
#http_access allow all


# And finally deny all other access to this proxy
#http_access deny all


# Squid normally listens to port 3128
http_port 3128
http_port 24000


# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256


# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid


#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320


################################


Edit the following parameters:



  • acl localnet src xxxx/24 # RFC1918 possible internal network (change address x.x.x.x to ip wan of your internet)

  • In case you want to allow all IPs, edit IP xxxx/24 to 0.0.0.0/24

  • tcp_outgoing_address 2403:6a40:0:88:bc26:ebff:fe1b:d5 portA (chỉnh sửa 2403:6a40:0:88:bc26:ebff:fe1b:d5 to ipv6 of the vps you have configured to the network card)


Step 3: Squid client authentication


yum -y install httpd-tools
touch /etc/squid/passwd
chown squid: /etc/squid/passwd


Create a user named bknsproxy and set a password for it:


htpasswd /etc/squid/passwd bknsproxy


Restart squid server:
systemctl restart squid


Step 5: Configure your browser to use a proxy


Example with Firefox browser
The steps below are the same for Windows, macOS, and Linux.



  1. In the upper right corner, click the hamburger icon ☰ to open Firefox's menu:

  2. Click ⚙ Preferences.

  3. Scroll down to the Network Settings section and click the Settings… button.

  4. A new window will open.
    – Chọn Manual proxy configuration.
    – Enter your Squid server IP address in the HTTP Host field and 3128 in the Port field.
    – Chọn hộp kiểm Use this proxy server for all protocols.
    – Click the OK button to save the settings.




Trying to access a website will force you to log in. Please enter the user and password created in step 3




Visit https://whatismyipaddress.com/ to see if the ip has changed.


Good luck!


Linh BKNS


Related Posts
On in
Diệp Quân
Nguyen Manh Cuong is the author and founder of the vmwareplayerfree blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.
SHARE

Related Posts

Subscribe to get free updates

Post a Comment

Post a Comment

Sticky