This article covers a version of CentOS that is no longer supported. If you are currently operating a server running CentOS 6, we highly recommend upgrading or migrating to a supported version of CentOS.
Reason: CentOS 6 reached end of life (EOL) on November 30th, 2020 and no longer receives security patches or updates. For this reason, this guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other CentOS releases. If available, we strongly recommend using a guide written for the version of CentOS you are using.
yum -y install squid chkconfig squid on
Since this Squid proxy would allow anyone using it to make connections from your droplet's IP address, you would want to restrict access to it.
You can register a free dynamic IP from services like noip.com
If you would like to use this Squid proxy from your phone, you would have to install a dynamic DNS update client.
You can use applications like Dynamic DNS Client for Android, or FreeDynPro for iOS.
Once you have a dynamic IP hostname, you can update it from your router at home, mobile device, or an API call.
This hostname should be added to /etc/squid/squid.conf. Edit the file and add your hostname (nyproxy1.no-ip.org in our case):
acl localnet src nyproxy1.no-ip.org
Setup a crontab that reloads Squid every hour, in case your IP address changes:
echo 0 */1 * * * service squid reload >> /var/spool/cron/root
By default, Squid listens on port 3128. If you would like to use a different port, modify /etc/squid/squid.conf
http_port 3128
If you would like to browse through this Squid proxy and not have it detected as a proxy, setup anonymous settings by adding these lines to /etc/squid/squid.conf:
via off forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all
service squid start
Add your droplet's IP address and port to your browser's proxy settings.
Navigate over to whatismyip.com
And you are all done!
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi there. Following these steps on Centos 6.8 x64 leads to error while trying to access sites through proxy.
At step when checking whatismyipaddress.com:
Output from /etc/squid/squid.conf is:
Any ideas?
The example crontab is every minute, not every hour (http://www.freebsd.org/cgi/man.cgi?crontab(5))
Just use ‘@hourly’ to get hourly runs, or ‘1 * * * *’ for timing
Perfect…!!
add this line to .conf file:
http_access allow all
i want site same like this Playit.pk what i do ?
@alexanderraiback: At what point are you getting that error?
Error acces denied… please help me!
Restricting Access to specific Web sites -
Create below files. Use touch /usr/local/etc/allowed-sites.squid
Use nano to edit <pre>
File: /usr/local/etc/allowed-sites.squid
www.openfree.org linuxhomenetworking.com
File: /usr/local/etc/restricted-sites.squid
www.porn.com illegal.com </pre>
Once done <pre>
Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.10.0/24 acl business_hours time M T W H F 9:00-17:00 acl GoodSites dstdomain “/usr/local/etc/allowed-sites.squid” acl BadSites dstdomain “/usr/local/etc/restricted-sites.squid”
Add this at the top of the http_access section of squid.conf
http_access deny BadSites http_access allow home_network business_hours GoodSites </pre> IN the ACL you definned the name what you wont to make.
Restricting Web Access By Time - <pre>
Add this to the bottom of the ACL section of squid.conf
acl home_network src 192.168.10.0/24 (replace this ip with your lan IP block) acl business_hours time M T W H F 9:00-17:00 acl RestrictedHost src 192.168.10.23
Add this at the top of the http_access section of squid.conf
http_access deny RestrictedHost http_access allow home_network business_hours </pre>
If you need to create ACL you have to do it in two places at Squid.
@juvilyn.porol: Simply follow this article and it should work fine. Make sure you forward the port squid listens on to the host.