Squid is a caching proxy server.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Read More
Squid is available with major linux distributions like CentOS, Fedora.
To install Squid
yum install squid
To configure Squid.
vi /etc/squid/squid.conf
visible_hostname test.squid
Restart Squid Service
service squid restart
Use your local squid proxy server ip address & port 3128 (squid default port) to configure in internet clients. While accessing internet you’ll get error Access Denied.
To allow internet access to your local lan.
vi /etc/squid/squid.conf
acl myuser src 192.168.1.0/255.255.255.0
http_access allow myuser
To allow all internet sites, blocking few e.g jobs, community.
acl myuser src 192.168.1.0/255.255.255.0
acl deniedsites url_regex “/etc/squid/denied” #list of the sites blocked
http_access deny myuser deniedsites #to block ban sites
http_access allow myuser
To disabled caching for specific sites, you might require to disable caching for few sites e.g intranet site.
acl MYSITES url_regex “/etc/squid/nocache”
no_cache deny MYSITES
Squid with ARP instead ip address.
You may be using DHCP with minimum lease time, in this case you require to filter sites using MAC ADD instead of ip address.
You need to compile Squid from source with --enable-arp-acl (use squid -v & add all existing configuration option.)
acl yahoomailuser arp “/etc/squid/yahoomailuser” #list of the user’s mac add
acl yahoomail url_regex “/etc/squid/yahoomail” #url allowed
http_access allow yahoomailuser yahoomail
Transparent proxy.
vi /etc/squid/squid.con
http_port 192.168.1.1:3128 transparent # squid local ip address
OR
http_port 3128 transparent
Transparent proxy is used when you do not wish to define proxy settings in clients terminal, for that you need to do port redirection using iptables over gateway.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
No comments:
Post a Comment