squid

Download Report

Transcript squid

Topics

 ABOUT SQUID  SQUID BASICS  INSTRALLATION OF SQUID  SQUID SERVICE  CONFIGURATION  UNDERSTANDING ACCESS CONTROL LIST  LOGS  TRANSPARENT PROXY  MONITORING AND ANALYSIS

SQUID Server

 The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in memory cache for increased performance.

INSTALLATION of SQUID

 Yum install squid or  Rpm -ivh squid.x.x.x.rpm

 Squid Service start / stop / restart  Service squid start  Service squid stop  Service squid restart

Squid Conf file

 /etc/squid/  http_port 3128  visible_hostname hostname

Create New ACL

acl lan src 192.168.1.0/24 http_access allow lan # Restricting Access By IP acl badurl url_regex "/etc/squid/url.txt" #Website Block http_access deny badurl acl badip url_regex "/etc/squid/ip.txt" #Website Block http_access deny badip ############################# url.txt

############################# .messenger.yahoo.com

.msg.yahoo.com

.scd.yahoo.com

.sc5.yahoo.com

webcam.yahoo.com

filetransfer.yahoo.com

####################### ###### ####################### ip.txt

######################## 64.4.13.0/24 #MSN Messenger 207.46.104.0/24 #MSN Messenger 24.71.200.68/32 #Yahoo Messenger 204.71.202.73/32#Yahoo Messenger 204.71.200.0/24 #Yahoo Messenger 204.71.177.35/32 #Yahoo Messenger #######################

Authentication on squid

touch /etc/squid/squid_passwd htpasswd -c /etc/squid/squid_passwd

chmod 666 /usr/local/squid/etc/passwd locate ncsa_auth # Find your ncsa_auth file /usr/lib/squid/ncsa_auth acl password proxy_auth REQUIRED auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

Initializing SQUID

 Squid -z # it create swap directory.

Squid Log files

 /var/log/squid/access.log

 /var/log/squid/error.log

Transparent Proxy

 Prior to version 2.6

httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on  Version 2.6 and Beyond http_port 3128 transparent  echo 1 > /proc/sys/net/ipv4/ip_forward  iptables -t nat -A PREROUTING -i eth0 -p tcp - dport 80 -j REDIRECT --to-port 3128

Client Configuration

 For example, to make these changes using Internet Explorer  1. Click on the "Tools" item on the menu bar of the browser.

 2. Click on "Internet Options"  3. Click on "Connections"  4. Click on "LAN Settings"  5. Configure with the address and TCP port (3128 default) used by your Squid server.  Here's how to make the same changes using Mozilla or Firefox.

    1. Click on the "Edit" item on the browser's menu bar.

2. Click on "Preferences" 3. Click on "Advanced" 4. Click on "Proxies"

More filter & AntiVirus with SQUID

 Use Dansguardian for more filtering.

 Use Havp with Clamav Antivirus to Implement antivirus with Squid Proxy Server.