topics about squid squid basics instrallation of squid squid service configuration understanding...
TRANSCRIPT
Topics ABOUT SQUID
SQUID BASICS
INSTRALLATION OF SQUID
SQUID SERVICE
CONFIGURATION
UNDERSTANDING ACCESS CONTROL LIST
LOGS
TRANSPARENT PROXY
MONITORING AND ANALYSIS
SQUID Server
The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance.
INSTALLATION of SQUID
Yum install squidor
Rpm -ivh squid.x.x.x.rpm
Squid Service start / stop / restart Service squid start Service squid stop Service squid restart
Squid Conf file
/etc/squid/
http_port 3128
visible_hostname hostname
Create New ACL acl lan src 192.168.1.0/24
http_access allow lan # Restricting Access By IP
acl badurl url_regex "/etc/squid/url.txt" #Website Blockhttp_access deny badurl
acl badip url_regex "/etc/squid/ip.txt" #Website Block http_access deny badip
############################# #######################url.txt ip.txt############################# ########################.messenger.yahoo.com 64.4.13.0/24 #MSN Messenger.msg.yahoo.com 207.46.104.0/24 #MSN Messenger.scd.yahoo.com 24.71.200.68/32 #Yahoo Messenger.sc5.yahoo.com 204.71.202.73/32#Yahoo Messengerwebcam.yahoo.com 204.71.200.0/24 #Yahoo Messengerfiletransfer.yahoo.com 204.71.177.35/32 #Yahoo Messenger
############################# #######################
Authentication on squidtouch /etc/squid/squid_passwd
htpasswd -c /etc/squid/squid_passwd <username>
chmod 666 /usr/local/squid/etc/passwd
locate ncsa_auth # Find your ncsa_auth file
/usr/lib/squid/ncsa_auth
acl password proxy_auth REQUIRED
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
Initializing SQUID
Squid -z # it create swap directory.
Squid Log files
/var/log/squid/access.log
/var/log/squid/error.log
Transparent Proxy Prior to version 2.6
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Version 2.6 and Beyondhttp_port 3128 transparent
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i eth0 -p tcp --
dport 80 -j REDIRECT --to-port 3128
Client Configuration
For example, to make these changes using Internet Explorer
1. Click on the "Tools" item on the menu bar of the browser.
2. Click on "Internet Options"
3. Click on "Connections"
4. Click on "LAN Settings"
5. Configure with the address and TCP port (3128 default) used by your Squid server.
Here's how to make the same changes using Mozilla or Firefox.
1. Click on the "Edit" item on the browser's menu bar.
2. Click on "Preferences"
3. Click on "Advanced"
4. Click on "Proxies"
5. Configure with the address and TCP port (3128 default) used by your Squid server under "Manual Proxy Configuration"
More filter & AntiVirus with SQUID
Use Dansguardian for more filtering.
Use Havp with Clamav Antivirus to Implement antivirus with Squid Proxy Server.