Saturday, April 18, 2009

Squid Proxy



Squid is a caching proxy server.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Read More

Squid is available with major linux distributions like CentOS, Fedora.

To install Squid
yum install squid

To configure Squid.
vi /etc/squid/squid.conf
visible_hostname test.squid

Restart Squid Service
service squid restart

Use your local squid proxy server ip address & port 3128 (squid default port) to configure in internet clients. While accessing internet you’ll get error Access Denied.

To allow internet access to your local lan.
vi /etc/squid/squid.conf
acl myuser src 192.168.1.0/255.255.255.0
http_access allow myuser

To allow all internet sites, blocking few e.g jobs, community.
acl myuser src 192.168.1.0/255.255.255.0
acl deniedsites url_regex “/etc/squid/denied” #list of the sites blocked
http_access deny myuser deniedsites #to block ban sites
http_access allow myuser

To disabled caching for specific sites, you might require to disable caching for few sites e.g intranet site.
acl MYSITES url_regex “/etc/squid/nocache”
no_cache deny MYSITES

Squid with ARP instead ip address.
You may be using DHCP with minimum lease time, in this case you require to filter sites using MAC ADD instead of ip address.

You need to compile Squid from source with --enable-arp-acl (use squid -v & add all existing configuration option.)
acl yahoomailuser arp “/etc/squid/yahoomailuser” #list of the user’s mac add
acl yahoomail url_regex “/etc/squid/yahoomail” #url allowed
http_access allow yahoomailuser yahoomail

Transparent proxy.
vi /etc/squid/squid.con
http_port 192.168.1.1:3128 transparent # squid local ip address

OR

http_port 3128 transparent

Transparent proxy is used when you do not wish to define proxy settings in clients terminal, for that you need to do port redirection using iptables over gateway.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)