Hi, I'm creating a proxy server and I need help with the configuration.

c4k3 · 06-22-2022, 07:54 PM

Hi, I am trying to create a squid proxy on centos 7 but I am having problems using the proxy on Windows 10. It appears it is blocking out every website. I have looked at the commands in /etc/squid.squid.conf, is there something I am missing?

I'm not sure how to post photos on here? I also posted on Reddit if you want to see the configuration file.

Any help would be much appreciated. I am new to Linux, I only started using the program a few months ago. Please be patient with me.

https://www.reddit.com/r/linux4noobs...a_squid_proxy/

jmgibson1981 · 06-22-2022, 09:03 PM

Squid by default only does http sites. The majority of stuff these days is https. As such you are not configured for that. I will also suggest that it isn't the easiest thing in the world for a new user to do. I've been working on a docker squid for awhile as a transparent https proxy. I had it working for awhile, then it stopped. Now I can't get it working again. I lost interest. Even when it was working there was a fair number of sites that just wouldn't work with it. Windows global proxy setting is both http & https. So naturally if the proxy can't do the https then you are stuck.

What you are trying to do is a Man in the Middle attack so to speak. Requires certificates on the squid proxy & on machines you want to use it. Even with the certs when it was working Windows Updates never cached, among other things.

There are countless guides around the internet. Go to the source as far as I'm concerned.

https://wiki.squid-cache.org/

I'm interested to know if you succeed. Getting it working the first time was a long trial and error thing for me.

*EDIT*

Here is my working (at the time) configuration for it. Feel free to examine. I'm hoping it can help you.

https://gitlab.com/jmgibson1981/home...ssl/squid.conf

In the squid ssl folder you can also find the scripts for the Docker, and the startup script that auto creates the certs.

jmgibson1981 · 06-23-2022, 07:25 AM

I woke up in the middle of the night and started tinkering. Made a repo specifically for it. This is fully working as of this moment. Have it running on my localhost. I'm not sure if one or two of the things in the squid.conf are redundant.

https://gitlab.com/jmgibson1981/ssl-squid

Rawcous · 08-19-2022, 05:09 PM

Hey guys,

I haven't seen this marked as solved so maybe I can help here... I have literally configured Squid proxy this week and now have it up and running.

As per c4k3, when I initially setup up Squid it blocked the heck out of everything (as with you) including respectable sites such as Amazon.co.uk - to a certain extent I can kind of see why as logically thinking about this (the blacklist file even contains my current employer - my assumption is that my employer would fall under the category of "security"), the majority of use cases for Squid are more likely than not commercial business environments. One company I worked for a number of years ago blocked the mainstream sites such as "shopping" sites, social media (many of which don't contain malicious content) simply to prevent employees from being spending an excessive amount of time "distracted" from their work. So essentially Squid not only contains potentially malicious sites but also additional ones. The problem being though that with the default Squid database they are all lumped together in one file.

Possible solutions - and the choice is yours:

1. Add white lists to the squid.conf file or to a whitelist file, although this has the potential to be cumbersome and laborious.
2. Use a 3rd party plug-in such as SquidGuard (as I currently do) - this allows you to block sites bases on specific categories such as: Porn / Ads / Gambling - this gives you greater control and decreases the chances of the average website being caught up in the blacklist - now for the downside - I could be wrong but it appears that SquidGuard no longer produce an official SquidGuard updated blacklist althouh if you check via outlets such as github and sourceforge you may find alternative 3rd party vendors of category based blacklists.

Hope this helps.

Regards,

Rawcous

Rawcous · 08-23-2022, 04:06 PM

Hello c4k3,

I have done some further research and confirm that:

1. SquidGaurd blacklists as we know it are now defunct.
2. I have located a site (more well known than I originally anticipated) that produces regular categorised lists that can be incorporated as part of your blacklists if so desired - simply choose which one(s) to download: https://dsi.ut-capitole.fr/blacklists/download/

All I have done is to create a script that will download the required lists and apply them to Squid / SquidGuard via a cron job.

Regards,

Rawcous!