Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
16Activity
0 of .
Results for:
No results containing your search query
P. 1
Squid Proxy Server

Squid Proxy Server

Ratings:

4.5

(2)
|Views: 1,846 |Likes:
Published by Mathivanan

More info:

Published by: Mathivanan on Jul 21, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

10/08/2010

pdf

text

original

 
Squid Proxy Server;
My Setup:
i) System: IBM x3200 dual Xeon CPU system with 2 GB RAMii) Eth0: IP: 192.168.100.1iii) Eth1: IP: 192.168.0.1 (192.168.0.0/24 network (around 200 windows XP systems)iv) OS: Red Hat Enterprise Linux 5.3Eth0 connected to internet and eth1 connected to local i.e. system act as router.
RPM Package required:
#rpm -qa | grep squidsquid-2.6.STABLE21-3.el5
Editing Squid Configuration file:
# vi /etc/squid.conf http_port 3128acl ourlan src 192.168.0.0/24http_access allow localhosthttp_access allow ourlanhttp_access deny all# /etc/init.d/squid restart (stop|start|status)
Client Machine Configuration;
1. Browse Internet Explore2. Go to Tools -> Internet Options3. Select Connection Tab and click LAN Setting4. Check Proxy Server box and enter IP address of proxy server and port address where request are beinghandled (Here is 192.168.0.1 and port is 3128)
ACL rules;
A few important type of ACL elements are listed below1. src : Source i.e. client’s IP addresses2. dst : Destination i.e. server’s IP addresses3. srcdomain : Source i.e. client’s domain name4. dstdomain : Destination i.e. server’s domain name5. time : Time of day and day of week 6. url_regex : URL regular expression pattern matching7. urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname8. proxy_auth : User authentication through external processes9. maxconn : Maximum number of connections limit from a single client IP address
 Allowing selected machines to have access to the Internet;
acl marketing src 192.168.0.10 192.168.0.20 192.168.0.30http_access allow marketinghttp_access deny !marketingThis allows only machine whose IPs are 192.168.0.10, 192.168.0.20 and 192.168.0.30 to have access toInternet and the rest of IP addresses (not listed) are denied the service
 Restrict the access during particular duration only;
acl LAN src 192.168.0.1/255.255.255.0acl officetime time MTWHF 10:00-16:00http_access allow LAN officetimehttp_access deny LANThis allows the access to all the clients in network 192.168.0.1 to access the net from Monday to Fridayfrom 10:00am to 4:00 pmMultiple time access to different clients;acl hosts1 src192.168.0.10acl hosts2 src 192.168.0.20acl hosts3 src 192.168.0.30acl morning time 10:00-13:00
 
acl lunch time 13:30-14:30acl evening time 15:00-18:00http_access allow host1 morninghttp_access allow host1 eveninghttp_access allow host2 lunchhttp_access allow host3 eveninghttp_access deny allhttp_access allow host1 morning evening
Blocking sites;
acl marketing src 192.168.0.1/255.255.255.0acl banned_sites url_regex abc.com *()(*.comhttp_access deny banned_siteshttp_access allow marketingor acl marketing src 192.168.0.1/255.255.255.0acl banned_sites url_regex “/etc/squid/policy/banned.txt”http_access deny banned_siteshttp_access allow marketingCreating Your Own Error Messages;acl marketing src 192.168.0.1/255.255.255.0acl banned_sites url_regex abc.com *()(*.comhttp_access deny banned_sitesdeny_info ERR_BANNED_SITE banned_siteshttp_access allow marketingIn the above example, a special message will be displayed when ever users try to access the sites with above banned words. The file name in the option i.e.ERR_BANNED_SITE must exist in the above error directory(/etc/squid/errors). This error message file should be in HTML format.
Log Files;
By default squid log file store in /var/log/squidcache_access_log – For access.logcache_log – For cache.logcache_store_log – For store.log (Store manager) pid_filename – Squid process ID file name
Setup a transparent proxy with Squid Server Configuration:Managing Internet Blocking Squid Guard;
Squid Guard is a URL redirector used to use blacklists with the proxy software squid
Download the software;
#wget http://www.squidguard.org/Downloads/squidGuard-1.4.tar.gz#tar xvzf squidGuard-1.4.tar.gz (UN pack the source)# cd squidGuard-1.4 (Compile the tar file)./configuremake
Download the blacklist software;
#wget http://squidguard.mesd.k12.or.us/blacklists.tgzCopy your blacklists into the desired blacklist directory (default: /usr/local/squidGuard/db) and unpack them#cp /root/blacklist.tar.gz /usr/local/squidGuard/db#cd /usr/local/squidGuard/db#gzip -d blacklist.tar.gz#tar xfv blacklist.tar #mv blacklist/*
 
Squid Guard Configuration:
Before proceed to change in squid guard we have to add below three lines in /etc/squid.conf file#vi /etc/squid.conf redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf redirect_children 8redirector_bypass on#cp /usr/local/squidGuard/squidGuard.conf //usr/local/squidGuard/squidGuard.conf.bak #vi /usr/local/squidGuard/squidGuard.conf ## CONFIG FILE FOR SQUIDGUARD#dbhome /usr/local/squidGuard/dblogdir /usr/local/squidGuard/logsdest porn {domainlist porn/domainsurllist porn/urls}acl {default { pass !porn allredirect http://localhost/block.html}}
This is the simplest file.
You can also do multiple rules;## CONFIG FILE FOR SQUIDGUARD#dbhome /usr/local/squidGuard/dblogdir /usr/local/squidGuard/logssrc admin {# ip 192.168.0.4-192.168.0.10 192.168.0.82}src swadesh {ip 192.168.0.100}src marketing {ip 192.168.0.5-192.168.0.25}src devoloper {ip 192.168.0.35-192.168.0.70}src special {ip 192.168.0.75-192.168.0.150}dest mail {domainlist mail/urls}dest porn {domainlist porn/domainsurllist porn/urls}dest adv {domainlist adv/domainsurllist adv/urls

Activity (16)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
tunh_vnu liked this
Gaddam Narender liked this
cdanca liked this
pxr01 liked this
bigz59 liked this
muda_lubis liked this
agung09 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->