Sei sulla pagina 1di 7

1

Proxy Server
1. What is Proxy?
An agent or program that has authority to act for another.
2. What is Squid?
Squid is a free, Internet proxy-caching program.
3. What is Cache?
A hiding place for concealing and preserving, which is inconvenient to carry .
Squid acts as an agent, accepting requests from clients (such as browsers) and passes
them to the appropriate Internet server. It stores data in an on-desk cache. The real benefit of
Squid emerges when the same data is requested multiple times, science a copy of the on-disk
data is requested to the client, speeding up Internet access and save bandwidth. Small amount of
disk space can have a significant impact on bandwidth usage and browsing speed. Squid
development is funded by the National Laboratory of Network Research (NLANR) .

Recommandation:
1. Processor with high speed
2. Required more memory
3. Required more space on HDD

Step 01:
Check RPM for proxy server
# rpm qa | grep squid

Step 02:
Installed Squid Using RPM command(If not Installed)
# rpm ivh squid .rpm

Step 03:

Squid Configuration :
Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf
-------------------- Start Configuration -----------------------------#Default: http_port 3128
http_port 8080
#Default: cache_mem 8 MB
cache_mem 50 MB
#Default:
cache_dir ufs /var/spool/squid 100 16 256
#Default:
cache_access_log /var/log/squid/access.log
#Default:
cache_log /var/log/squid/cache.log
#Default:
cache_store_log /var/log/squid/store.log
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0
http_access allow localhost
http_access allow ispstaff
http_access deny all
####### If you want to particular site deny ##########
acl GOOD dst 172.16.1.0/24
acl BAD dst 0.0.0.0/0.0.0.0

####explanation####

3
http_access allow GOOD
http_access deny BAD
###### Source/Destination Domain #######
#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.
#Example : Filtering unwanted destination sites :
acl badDomains dstdomain xxx.com
acl nudeDomains dstdomain abc.com
acl badIP dst 192.172.1.100
http_access deny badDomains
http_access deny nudeDomains
http_access deny badIP
http_access deny all
#### Specific Time Deny #####
#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.
Syntax of access list :

acl aclname time [day-abbreviations] [h1:m1-h2:m2]


day-abbreviations:
S - Sunday
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
A - Saturday
h1:m1 must be less than h2:m2
#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30
http_access allow ispgroup working
http_access deny ispgroup
###### ADMINISTRATIVE PARAMETERS #########
cache_effective_user squid
cache_effective_group squid
--------------------- End Configuration -----------------------------

Step 04:
#### Now create squid cache directory #####
# squid z
Step 05:

Running Squid :
# service
# service

# service

squid
squid

squid

start
stop

restart

Or
# /etc/rc.d/init.d/squid

restart

Step 06:
Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 07:
Now see the log files :
#tail f /var/log/squid/cache.log
#tail f /var/log/squid/access.log
#tail f /var/log/squid/store.log
Clear Log
# echo > /var/log/squid/cache.log
# echo > /var/log/squid/access.log
# echo > /var/log/squid/store.log

##### End squid proxy configuration #####

If you like more chalanges


Configure Proxy with source files ( .tar, .tar.gz etc)

Step 01: first check RPM package of squid is install if present then uninstall it
by using the folloing commands
#rpm e nodeps squid
after some time the whole package of squid will be unstall
Step 02: copy the source file to the /usr/local/src directory
#cp squid-2.5.STABLE10.tar.gz /usr/local/src
Step 03: Add a unprivileged user say squid and group squid make its home directory /usr/local/squid using
useradd command
# useradd m d /usr/local/squid squid
Step 05: go to the /usr/local/src directory and untar the sourcr file
# tar zxvf

squid-2.5.STABLE10.tar.gz

Step 05: change the newly created directory


#cd squid-2.5
#./configure
#make
#make install
Step 06 : now configure the Squid configuration file
Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf
-------------------- Start Configuration -----------------------------#Default: http_port 3128
http_port 8080
#Default: cache_mem 8 MB
cache_mem 50 MB
#Default:
cache_dir ufs /usr/local/squid/cache 100 16 256
###########

Here 100MB HDD space 16 directory 256 sub directory############

#Default:
cache_access_log /usr/local/squid/log/access.log
#Default:
cache_log /usr/local/squid/log/cache.log
#Default:
cache_store_log /usr/local/squid/log/store.log

6
############3Access Controls Configuration ############
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0

####explanation####

http_access allow localhosts


http_access allow ispstaff
http_access deny all
####### If you want to particular site deny ##########
acl GOOD dst 172.16.1.0/24
acl BAD dst 0.0.0.0/0.0.0.0
http_access allow GOOD
http_access deny BAD
###### Source/Destination Domain #######
#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.
#Example : Filtering unwanted destination sites :
acl badDomains dstdomain xxx.com
acl nudeDomains dstdomain abc.com
acl badIP dst 192.172.1.100
http_access deny badDomains
http_access deny nudeDomains
http_access deny badIP
http_access deny all
#### Specific Time Deny #####
#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.
Syntax of access list :

acl aclname time [day-abbreviations] [h1:m1-h2:m2]


day-abbreviations:
S - Sunday
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
A - Saturday
h1:m1 must be less than h2:m2

7
#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30
http_access allow ispgroup working
http_access deny ispgroup
###### ADMINISTRATIVE PARAMETERS #########
cache_effective_user squid
cache_effective_group squid
Step 06:
#### Now create squid cache directory #####
# /usr/local/squid/bin/squid z
Step 07 : starting and stoping squid service
#/usr/local/squid/bin/squid start
#/usr/local/squid/bin/squid stop
#/usr/local/squid/bin/squid restart

Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 08:
Now see the log files :
#tail f /usr/local//squid/log/cache.log
#tail f /usr/local/squid/log/access.log
#tail f /usr/local/squid/log/store.log
Clear Log
# echo > /usr/local//squid/log/cache.log
# echo > /usr/local/squid/log/access.log
# echo > /usr/local/squid/log/store.log

Potrebbero piacerti anche