Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Proxy Server
1. What is Proxy?
An agent or program that has authority to act for another.
2. What is Squid?
Squid is a free, Internet proxy-caching program.
3. What is Cache?
A hiding place for concealing and preserving, which is inconvenient to carry .
Squid acts as an agent, accepting requests from clients (such as browsers) and passes
them to the appropriate Internet server. It stores data in an on-desk cache. The real benefit of
Squid emerges when the same data is requested multiple times, science a copy of the on-disk
data is requested to the client, speeding up Internet access and save bandwidth. Small amount of
disk space can have a significant impact on bandwidth usage and browsing speed. Squid
development is funded by the National Laboratory of Network Research (NLANR) .
Recommandation:
1. Processor with high speed
2. Required more memory
3. Required more space on HDD
Step 01:
Check RPM for proxy server
# rpm qa | grep squid
Step 02:
Installed Squid Using RPM command(If not Installed)
# rpm ivh squid .rpm
Step 03:
Squid Configuration :
Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf
-------------------- Start Configuration -----------------------------#Default: http_port 3128
http_port 8080
#Default: cache_mem 8 MB
cache_mem 50 MB
#Default:
cache_dir ufs /var/spool/squid 100 16 256
#Default:
cache_access_log /var/log/squid/access.log
#Default:
cache_log /var/log/squid/cache.log
#Default:
cache_store_log /var/log/squid/store.log
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0
http_access allow localhost
http_access allow ispstaff
http_access deny all
####### If you want to particular site deny ##########
acl GOOD dst 172.16.1.0/24
acl BAD dst 0.0.0.0/0.0.0.0
####explanation####
3
http_access allow GOOD
http_access deny BAD
###### Source/Destination Domain #######
#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.
#Example : Filtering unwanted destination sites :
acl badDomains dstdomain xxx.com
acl nudeDomains dstdomain abc.com
acl badIP dst 192.172.1.100
http_access deny badDomains
http_access deny nudeDomains
http_access deny badIP
http_access deny all
#### Specific Time Deny #####
#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.
Syntax of access list :
Step 04:
#### Now create squid cache directory #####
# squid z
Step 05:
Running Squid :
# service
# service
# service
squid
squid
squid
start
stop
restart
Or
# /etc/rc.d/init.d/squid
restart
Step 06:
Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 07:
Now see the log files :
#tail f /var/log/squid/cache.log
#tail f /var/log/squid/access.log
#tail f /var/log/squid/store.log
Clear Log
# echo > /var/log/squid/cache.log
# echo > /var/log/squid/access.log
# echo > /var/log/squid/store.log
Step 01: first check RPM package of squid is install if present then uninstall it
by using the folloing commands
#rpm e nodeps squid
after some time the whole package of squid will be unstall
Step 02: copy the source file to the /usr/local/src directory
#cp squid-2.5.STABLE10.tar.gz /usr/local/src
Step 03: Add a unprivileged user say squid and group squid make its home directory /usr/local/squid using
useradd command
# useradd m d /usr/local/squid squid
Step 05: go to the /usr/local/src directory and untar the sourcr file
# tar zxvf
squid-2.5.STABLE10.tar.gz
#Default:
cache_access_log /usr/local/squid/log/access.log
#Default:
cache_log /usr/local/squid/log/cache.log
#Default:
cache_store_log /usr/local/squid/log/store.log
6
############3Access Controls Configuration ############
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0
####explanation####
7
#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30
http_access allow ispgroup working
http_access deny ispgroup
###### ADMINISTRATIVE PARAMETERS #########
cache_effective_user squid
cache_effective_group squid
Step 06:
#### Now create squid cache directory #####
# /usr/local/squid/bin/squid z
Step 07 : starting and stoping squid service
#/usr/local/squid/bin/squid start
#/usr/local/squid/bin/squid stop
#/usr/local/squid/bin/squid restart
Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 08:
Now see the log files :
#tail f /usr/local//squid/log/cache.log
#tail f /usr/local/squid/log/access.log
#tail f /usr/local/squid/log/store.log
Clear Log
# echo > /usr/local//squid/log/cache.log
# echo > /usr/local/squid/log/access.log
# echo > /usr/local/squid/log/store.log