Professional Documents
Culture Documents
1. INTRODUCTION
1.1 PROBLEM DEFINITION:We can block unwanted websites by words, by websites, by sentence.
To speed up access to resources using caching. Faster Internet Connections for Internal LAN.
Secure the Internal LAN When browsing the Internet. Blocks the unwanted activity by clients on
the www.
1.2 OBJECTIVE
Squid is a high-performance HTTP and FTP caching proxy server. It is
also known as a Web proxy cache. It can make your network connections more efficient. As it
stores data from frequently used Web pages and files, it can often give your users the data they
need without having to look to the Internet.
Studies on very busy networks suggest that a Squid server can reduce the
size, or bandwidth, of your Internet connection by 10-20 percent. That can lead to considerable
savings for larger office.
GRWP Tasgaon
Page 1
2.1 STUDY OF EXISTING SYSTEM:In existing System we block the website using Internet
browser setting but it take more time and effort. In LAN connection if we want to block some
website then we require configure internet setting in all machines in that LAN. But there is
possibility to user can change this setting of machine in LAN connection in school and colleges.
Using proxy server we can avoid all this possibilities and efforts. So we require configure proxy
server on main server of that LAN.
2.2
PROPOSED SYSTEM:-
GRWP,Tasgaon
Page 2
GRWP,Tasgaon
Page 3
Transparent Proxy:-
Open proxy:-
Anonymous Proxy
This type of proxy server identifies itself as a proxy server, but does not make
the original IP address available. This type of proxy server is detectable, but provides reasonable
anonymity for most users.
Distorting Proxy
This type of proxy server identifies itself as a proxy server, but make an
incorrect original IP address available through the http headers.
This type of proxy server does not identify itself as a proxy server and does not make available
the original IP.
GRWP,Tasgaon
Page 4
3. REQUIREMENT ANALYSIS
3.1
Software Requirement :
Advantages of Linux :
Multitasking:
Several programs can run at the same time.
Multiuser:
Several users can logon to the same machine at the same time. There is no need to
have separate user licenses.
Multiplatform:
Linux runs on many different CPUs that mean it supports multiprocessor
machine.
GRWP,Tasgaon
Page 5
PROCESSOR
32-bit/64-bit Pentium 4
RAM
4 GB
(may vary depends on number of
clients)
Hard Disk
300 GB
(As there are number of users have
own disk space)
Ethernet Cards
Two
GRWP,Tasgaon
Page 6
4. DESIGN METHODLOGY
4.1 System Architecture
This field gives the overall information of the project via diagrammatic
structure. The system architecture contain following fields:1.
2.
3.
4.
The diagrammatic representation shows how the system will work. Also is
shows that how the data should flow in overall system. The explanation
Related to the system architecture is as following:1. Installing Red Hat Linux 5:Linux operating system is very secure and its file system is very Strong. So
we choose the Linux operating system &install Linux Red Hat RHEL5.
2. Configuration of Network services:In the configuration of Network services we configure Host file & assign
IP.
3. Configuration of squid:Then configure this file using different acl(Access Control List) statements.
a. Deny access to specific user
b. Deny access by websites
c. Deny access by time
d. Allow websites
e. Caching recently requested web pages
GRWP,Tasgaon
Page 7
SYSTEM ARCHITECTURE
C1
C3
C2
Administrator
Configure
Network
services
Assigning
IP
GRWP,Tasgaon
Web Server
Proxy Server
Installing
RHEL 5 server
Deny access to
specific user
C4
Deny access
to Website
Implement
Proxy
Configure
Squd.conf file
Configure
host file
Deny Access
by time
Allow
Websites
Cashing
Web pages
Page 8
DFD Level 1
C1
Main Server
Web
Server
aw
Proxy
Server
C2
C3
C4
GRWP,Tasgaon
Page 9
DFD LEVEL 2
C1
Main Server
Web
Server
C2
Proxy
Server
C3
C4
Cashing
GRWP,Tasgaon
Blocking
Log
Page 10
DFD LEVEL 3
C1
Main Server
C2
Web
Server
Proxy
Server
C3
Cashing
Directory
GRWP,Tasgaon
Log
Blocking
Hard
Disk
Deny
access to
specific
user
Deny
Access
by time
Deny
access
to
Websit
e
Log
Report
Page 11
UML DIAGRAM
UML (Unified Modeling Language)
UML is a (Unified Modeling Language).It is a standard language for writing software blueprints.
The UML is used to
a) Visualize
b) Specify
c) Construct
d) Document the artifacts of software-intensive system.
We implement three types of UML diagrams that are
1. Use case Diagram
2. Sequence Diagram
3. Activity Diagram
1. Use case Diagram:Use case diagram is useful to view a set of use cases that is special type of
class and their relationships.
2. Sequence Diagram:In Sequence diagram an interaction is made up of set of objects and their
relationships
3. Activity Diagram:Activity Diagram represents the flow from activity to activity within a system. It is type of State
chart diagram.
GRWP,Tasgaon
Page 12
Proxy Server
Request web site
User
Deny access to
specific user
Administrator
GRWP,Tasgaon
Page 13
2. SEQUENCE DIAGRAM
USER
PROXY SERVER
SERVERSERVER
MAIN SERVER
5. Caching
6. Response to website
5. Blocked web sit
7. Most frequently web pages
8. Check it is in cache
14. Cashing
Page 14
3. ACTIVITY DIAGRAM
User
Send
Response
Send Request
Access is denied
Proxy Server
Send
Response
Filtering
Block Website
Allow Websites
Send
response to
proxy server
Check it is
in cache
Found in cache
Not found in cache
Main Server
GRWP,Tasgaon
Page 15
5. PROJECT IMPLEMENTATION
RHEL Installation
GRWP,Tasgaon
Page 16
Next step is to select the correct layout type (for example U.S. English) for the
keyboard you would prefer to use for the installation and as the system default as shown in fig 5.2.
GRWP,Tasgaon
Page 17
GRWP,Tasgaon
Page 18
Figure5.4 Partitioning with Disk Druid on x86, AMD64, and Intel EM64T Systems
GRWP,Tasgaon
Page 19
GRWP,Tasgaon
Page 20
Mount Point:Enter the partition's mount point. For example, if this partition should be the root
partition, enter /; enter /boot for the /boot partition, and so on.
File System Type:Using the pull-down menu, select the appropriate file system type for this partition.
Allowable Drives:
This field contains a list of the hard disks installed on your system. If a hard disk's
box is highlighted, then a desired partition can be created on that hard disk. If the box is not
checked, then the partition will never be created on that hard disk. By using different checkbox
settings, you can have Disk Druid place partitions where you need them, or let Disk Druid decide
where partitions should go.
GRWP,Tasgaon
Page 21
Size (MB):
Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB;
unless changed only a 100 MB partition will be created.
Additional Size Options:
Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the
available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard
drive space available.
The installation program automatically detects any network devices you have and
display them in the Network Devices list.
GRWP,Tasgaon
Page 22
Once you have selected a network device, click Edit. From the Edit
Interface pop-up screen, you can choose to configure the IP address and Netmask of the device
via DHCP (or manually if DHCP is not selected) and you can choose to activate the device at
boot time. If you select Activate on boot, your network interface is started when you boot. If you
do not have DHCP client access or you are unsure what to provide here, please contact your
network administrator.
GRWP,Tasgaon
Page 23
Next, we decide whether to enable a firewall for your Red Hat Enterprise Linux system.
GRWP,Tasgaon
Page 24
No firewall
No firewall provides complete access to your system and does no security checking.
Security checking is the disabling of access to certain services. This should only be selected if
you are running on a trusted network (not the Internet) or plan to do more firewall configuration
later.
Enable firewall
If you choose Enable firewall, connections are not accepted by your system (other
than the default settings) that is not explicitly defined by you. By default, only connections in
response to outbound requests, such as DNS replies or DHCP requests are allowed. If access to
services running on this machine is needed, you can choose to allow specific services through the
firewall. If you are connecting your system to the Internet, this is the safest option to choose.
Next, select which services, if any, should be allowed to pass through the firewall.
Enabling these options allow the specified services to pass through the firewall. Note, these
services may not be installed on the system by default. Make sure you choose to enable any
options that you may need.
Page 25
i)
Disable
Select Disable if you do not want SELinux security controls enabled on this
system. The Disabled setting turns enforcing off and does not set up the machine for the use of a
security policy.
ii)
Warn
Select Warn to be notified of any denials. The Warn state assigns labels to data
and programs, and logs them, but does not enforce any policies. The Warn state is a good starting
place for users who eventually want a fully active SELinux policy, but who first want to see what
effects the policy would have on their general system operation.
iii)
Active
Select Active if you want SELinux to act in a fully active state. The Active
state enforces all policies, such as denying access to unauthorized users for certain files and
programs, for additional system protection. Choose this state only if you are sure that your
system can still properly function with SELinux fully enabled.
GRWP,Tasgaon
Page 26
Page 27
GRWP,Tasgaon
Page 28
GRWP,Tasgaon
Page 29
Select each component you wish to install. Selecting Everything (at the end of the
component list) installs all packages included with Red Hat Enterprise Linux. Once a package
group has been selected, click on Details to view which packages are installed by default, and to
add or remove optional packages from that group.
GRWP,Tasgaon
Page 30
A screen preparing you for the installation of Red Hat Enterprise Linux now appears.
GRWP,Tasgaon
Page 31
SQUID CONFIGURATION
Installing the squid package from RHEL/4-U5 i386 disk1.
Then start the squid service.
Squid.config located in the etc/squid/ directory.
Then configure this file using different acl (Access Control List) statements.
# ACCESS CONTROLS
# ----------------------------------------------------------------------------#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
# http
# ftp
# https, snews
# gopher
# wais
# http-mgmt
# gss-http
# filemaker
# multiling http
Page 32
# TAG: http_access
#
#
#
#
#
the request.
#
#
opposite of the last line in the list. If the last line was
good idea to have an "deny all" or "allow all" entry at the end
#
#Default:
# http_access deny all
##Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
GRWP,Tasgaon
http_access deny CONNECT !SSL_ports
Page 33
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# TAG: http_reply_access
#
#
#
#
#
#
#
GRWP,Tasgaon
#
last line will apply. Thus it is good practice to end the rules
Page 34
#
#
last line will apply. Thus it is good practice to end the rules
#
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all
# TAG: icp_access
#
access lists
#
#
#
#
GRWP,Tasgaon
Page 35
# TAG: cache_mem
(bytes)
#
NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS
SIZE.
#
IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID
WILL
#
USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR
OTHER
#
#
#
for:
* In-Transit objects
* Hot Objects
* Negative-Cached objects
#
#
priority.
#
#
GRWP,Tasgaon
Page 36
exceed this limit to satisfy the new requests. When the load
objects.
#
#Default:
cache_mem 8 MB
# TAG: cache_swap_low
(percent, 0-100)
# TAG: cache_swap_high
(percent, 0-100)
#
#
#
#
Defaults are 90% and 95%. If you have a large cache, 5% could be
hundreds of MB. If this is the case you may wish to set these
GRWP,Tasgaon
Page 37
# TAG: cache_dir
#
Usage:
#
#
#
#
#
#
#
#
#
#
#
#
"ufs" is the old well-known Squid storage format that has always
been there.
GRWP,Tasgaon
Page 38
# TAG: cache_access_log
#
#
#Default:
cache_access_log /var/log/squid/access.log
# TAG: cache_log
#
your cache's behavior goes. You can increase the amount of data
#
#Default:
cache_log /var/log/squid/cache.log
# TAG: cache_store_log
#
objects are ejected from the cache, and which objects are
saved and for how long. To disable, enter "none". There are
disable it.
#
#Default:
cache_store_log /var/log/squid/store.log
GRWP,Tasgaon
Page 39
# TAG: cache_swap_log
#
Location for the cache "swap.state" file. This log file holds
pathname here. Note you must give a full filename, not just
#
#
#
#
If have more than one 'cache_dir', and %s is not used in the name
##
cache_swap_log.00
cache_swap_log.01
cache_swap_log.02
#
#
GRWP,Tasgaon
Page 40
Web-deny
www.facebook .com
www.youtube.com
www.rediffmail.com
In this way we block this web site using acl statements. We also create recode for cashing most
frequently web pages.
GRWP,Tasgaon
Page 41
SNAPSHOT 1:-
GRWP,Tasgaon
Page 42
SNAPSHOT 2:When the requested web page is not accessible then proxy server give
following response to user.
For e.g. web site is www.facebook .com
GRWP,Tasgaon
Page 43
ADVANTAGES
Faster internet connection for LAN.
Secure the LAN when browsing the internet.
Blocks the unwanted activity by clients on the http.
Allow the internet access to the authorized users only.
Always watch & filter the sensitive data.
Proxy Server is give to speed up access to resource using cashing.
Do the acceleration of web page.
GRWP,Tasgaon
Page 44
FUTURE ENHANCEMENT
GRWP,Tasgaon
SMTP Proxy
Implementation of firewall in proxy server
Anonym zing proxy
Open proxy
Forced proxy
Page 45
9. CONCLUSION
In our project finally we conclude that Proxy Server is a invisible to the user. All
internet request & returned responses appear to be directly with the addressed internet server. It is act as a
both server as well as server. It reduces Network traffic and they could regulate, allowing disallowing
certain communication. It is able to share single internet connection.
Proxy server used in LAN connections, school, colleges etc.
GRWP,Tasgaon
Page 46
10. Bibliography
Books:
Web site:
www.squidproxy.net
www.adeelkml.tk
www.linux.org
GRWP,Tasgaon
Page 47