Scribd Logo
Upload

Welcome to Scribd!

  • Squid Configuration Installation

    Uploaded by

    Hamza
    63 views5 pages

    Original Title

    squid-configuration-installation

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    63 views5 pages

    Squid Configuration Installation

    Uploaded by

    Hamza

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Squid : Install

    2014/07/21

    Install Squid to configure Proxy server.


    [1] Install Squid.
    [root@prox ~]# yum -y install squid
    [2] This is general forward proxy settings.
    [root@prox ~]# vi /etc/squid/squid.conf
    acl CONNECT method CONNECT
    # line 26: add ( define new ACL )

    acl lan src 10.0.0.0/24


    http_access allow localhost
    # line 54: add ( allow defined ACL above )

    http_access allow lan


    # add follows to the end

    request_header_access Referer deny all


    request_header_access X-Forwarded-For deny all
    request_header_access Via deny all
    request_header_access Cache-Control deny all
    # do not display IP address

    forwarded_for off
    [root@prox ~]# systemctl start squid

    [root@prox ~]# systemctl enable squid

    [3] If Firewalld is running, allow Proxy service.


    [root@dlp ~]# firewall-cmd --add-service=squid --permanent

    success
    [root@dlp ~]# firewall-cmd --reload

    success

    Squid : Basic Authentication


    2014/07/24

    Set Basic Authentication and limit squid for users to require authentication.
    [1] Install a package which includes htpasswd.
    [root@prox ~]# yum -y install httpd-tools
    [2] Configure Squid to set Basic Auth.
    [root@prox ~]# vi /etc/squid/squid.conf
    acl CONNECT method CONNECT
    # line 26: add follows for Basic Auth

    auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd


    auth_param basic children 5
    auth_param basic realm Squid Basic Authentication
    auth_param basic credentialsttl 5 hours
    acl password proxy_auth REQUIRED
    http_access allow password
    # add a user : create a new file with "-c" ( add the "-c" option only for the initial registration )

    [root@prox ~]# htpasswd -c /etc/squid/.htpasswd hnh

    New password: # set password

    Re-type new password:


    Adding password for user hnh
    systemctl restart squid

    # install from EPEL

    [root@prox ~]# yum --enablerepo=epel -y install clamav-scanner clamav-scanner-systemd


    [root@prox ~]# vi /etc/clamd.d/scan.conf
    # line 8: comment out

    #
    Example
    # line 14: uncomment

    LogFile /var/log/clamd.scan
    # line 66: uncomment

    PidFile /var/run/clamd.scan/clamd.pid
    # line 70: uncomment

    TemporaryDirectory /var/tmp
    # line 85: uncomment

    LocalSocket /var/run/clamd.scan/clamd.sock
    # line 101: uncomment

    TCPSocket 3310
    [root@prox ~]# touch /var/log/clamd.scan

    [root@prox ~]# chown clamscan. /var/log/clamd.scan

    [root@prox ~]# systemctl start clamd@scan

    [root@prox ~]# systemctl enable clamd@scan

    [3] If SELinux is enabled, configure like follows to start clamd.


    [root@prox ~]# restorecon -v /var/log/clamd.scan
    [4] Install c-icap.
    [root@prox ~]# yum -y install gcc make

    [root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-


    0.4.2.tar.gz
    [root@prox ~]# tar zxvf c_icap-0.4.2.tar.gz

    [root@prox ~]# cd c_icap-0.4.2

    [root@prox c_icap-0.4.2]# ./configure

    [root@prox c_icap-0.4.2]# make

    [root@prox c_icap-0.4.2]# make install

    [root@prox c_icap-0.4.2]# cd

    [root@prox ~]# cp /usr/local/etc/c-icap.conf /etc

    [root@prox ~]# vi /etc/c-icap.conf


    # line 161: change admin address

    ServerAdmin root@srv.world
    # line 170: change hostname

    ServerName prox.srv.world
    # line 568: add

    Service squidclamav squidclamav.so


    [root@prox ~]# vi /etc/tmpfiles.d/c-icap.conf
    # create new

    d /var/run/c-icap 0755 root root -


    [root@prox ~]# vi /usr/lib/systemd/system/c-icap.service
    # create new

    [Unit]
    Description=c-icap service
    After=network.target

    [Service]
    Type=forking
    PIDFile=/var/run/c-icap/c-icap.pid
    ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
    KillMode=process

    [Install]
    WantedBy=multi-user.target

    [5] Install SquidClamav ( Download latest version of it from the following link ).
    http://sourceforge.net/projects/squidclamav/files/squidclamav/
    [root@prox ~]# curl -L -O
    http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz

    [root@prox ~]# tar zxvf squidclamav-6.14.tar.gz

    [root@prox ~]# cd squidclamav-6.14


    [root@prox squidclamav-6.14]# ./configure --with-c-icap

    [root@prox squidclamav-6.14]# make

    [root@prox squidclamav-6.14]# make install

    [root@prox squidclamav-6.14]# cd

    [root@prox ~]# ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

    [root@prox ~]# vi /etc/squidclamav.conf


    # line 18: change( destination URL for redirect. Create it first )

    redirect http://www.srv.world/error.html
    # line 27: change( same with clamd )

    clamd_local /var/run/clamd.scan/clamd.sock
    [6] Configure Squid.
    [root@prox ~]# vi /etc/squid/squid.conf
    # add follows to the end

    icap_enable on
    icap_send_client_ip on
    icap_send_client_username on
    icap_client_username_header X-Authenticated-User
    icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
    adaptation_access service_req allow all
    icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
    adaptation_access service_resp allow all
    [root@prox ~]# systemctl start c-icap

    [root@prox ~]# systemctl enable c-icap

    [root@prox ~]# systemctl restart squid

    Squid : Squid + SquidGuard


    2014/09/30

    Configure Squid + SquidGuard to set contents filtering.


    [1] Install SquidGuard.
    # install from EPEL

    [root@prox ~]# yum --enablerepo=epel -y install squidGuard


    [root@prox ~]# mv /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.org

    [root@prox ~]# vi /etc/squid/squidGuard.conf


    # create new

    dbhome /var/lib/squidGuard/db
    logdir /var/log/squidGuard
    # define 'deny' category

    dest deny {
    # define prohibited domain list in 'deny' category

    domainlist deny/domains
    # define prohibited URL list in 'deny' category

    urllist deny/urls
    }
    acl {
    default {
    # permit all except 'deny' category

    pass !deny all


    # the redirected URL if matches 'deny'

    redirect http://www.srv.world/error.html
    }
    }
    [root@prox ~]# mkdir -p /var/lib/squidGuard/db/deny

    [root@prox ~]# vi /var/lib/squidGuard/db/deny/domains


    # write domains you'd like to prohibit to access

    yahoo.co.jp
    example.com
    [root@prox ~]# vi /var/lib/squidGuard/db/deny/urls
    # write URLs you'd like to prohibit to access

    www.yahoo.co.jp/deny/
    www.example.com/
    [root@prox ~]# squidGuard -C all

    [root@prox ~]# chown -R squid. /var/lib/squidGuard/db/deny

    [root@prox ~]# vi /etc/squid/squid.conf


    # add follows to the end

    url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf


    [root@prox ~]# systemctl restart squid

    [2] If SELinux is enabled, change rules like follows.


    [root@prox ~]# chcon -R -t squid_cache_t /var/lib/squidGuard

    [root@prox ~]# semanage fcontext -a -t squid_cache_t /var/lib/squidGuard

    You might also like