Configuring SQUID Proxy Server On LINUX

Configuring SQUID Proxy Server on LINUX Uma Mahesh.G Senior QA Engineer Gunipati81@gmail.
com Introduction: Squid server is a popular open source proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query, and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Prerequisites: a. Linux Machine Ex: RHEL5 b. squid-2.6.STABLE6-3.el5.i386.rpm Installation on Linux Use the following command to install SQUID RPM # Rpm ivh squid-2.6.STABLE6-3.el5.i386.rpm Squid Basic Configuration Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor: with the following command. # vi /etc/squid/squid.conf Squid Configuration: ------------------------------------------------------------------------------------------------------------------------------Basic SQUID Config file: Uncommented lines Cmd : > grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d' Port http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY ACL Parameters : acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object # Port
Configuring SQUID Proxy Server on LINUX
Created by Uma Mahesh.G
acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl
localhost src 127.0.0.1/255.255.255.255 SSL_ports port 443 563 Safe_ports port 80 # http Safe_ports port 21 # ftp Safe_ports port 443 563 # https, snews Safe_ports port 70 # gopher Safe_ports port 210 # wais Safe_ports port 1025-65535 # unregistered ports Safe_ports port 280 # http-mgmt Safe_ports port 488 # gss-http Safe_ports port 591 # filemaker Safe_ports port 631 # cups Safe_ports port 777 # multiling http Safe_ports port 901 # SWAT purge method PURGE CONNECT method CONNECT
Access Parameters http_access http_access http_access http_access http_access http_access http_access http_access http_access allow manager localhost deny manager allow purge localhost deny purge deny !Safe_ports deny CONNECT !SSL_ports allow localhost allow password deny all
icp_access allow all visible_hostname CARMASQUIDProxy No Authentication Configuration: Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. By default, the authenticator_program is not used. Change the http Access Parameter from http_access deny all to http_access allow all Restart SQUID Proxy Server process # /etc/ini.d/squid restart Stopping squid: ................ Starting squid: . IE Proxy Server Configuration: 1. Open Internet Explorer 2. Go to Internet Options > Connections Tab > LAN Settings > Proxy Server 3. Enter IPAddress and Port of the SQUID Proxy Server [ OK ] [ OK ] #You can change the name of the Proxy Server
4. Try Accessing http://www.google.com

5. Done. ------------------------------------------------------------------------------------------------------------------------------Basic Authentication Configuration: Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. By default, the authenticator_program is not used. Add the following configuration parameter to squid config file enable Basic Authentication. auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/basic_passwd Generate a basic authentication password file for any user basic # htpasswd -c /etc/squid/basic_passwd basic New password: Re-type new password: Adding password for user basic Username: basic Password file: /etc/squid/basic_passwd Restart SQUID Proxy Server process # /etc/ini.d/squid restart Stopping squid: ................ Starting squid: . IE Proxy Server Configuration: 1. Open Internet Explorer 2. Go to Internet Options > Connections Tab > Lan Settings > Proxy Server 3. Enter IPAddress and Port of the SQUID Proxy Server 4. Try Accessing http://www.google.com > Enter Username and password (basic) > Authenticate it 5. Done. [ OK ] [ OK ]
Digest Authentication Configuration: Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. By default, the authenticator_program is not used. Add the following configuration parameter to the squid config file to enable Digest Authentication. auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/digest Create a digest.sh file to generate digest using the following script. /etc/squid/Digest.sh ------------------------------------------------------------------------------------------------------------------------------#!/bin/sh user=$1 pass=$2 Configuring SQUID Proxy Server on LINUX Created by Uma Mahesh.G
realm=$3 if [ -z "$1" -o -z "$2" -o -z "$3" ] ; then echo "Usage: $0 user password 'realm'"; exit 1 fi ha1=$(echo -n "$user:$realm:$pass"|md5sum |cut -f1 -d' ') echo "$user:$realm:$ha1" ------------------------------------------------------------------------------------------------------------------------------Give executable permissions to the above create file. # chmod +rwx /etc/squid/digest.sh #./digest.sh username password 'Squid proxy-caching web server' >>/etc/squid/digest Generate a digest for the user Admin with the password password #./digest.sh admin password 'Squid proxy-caching web server' >>/etc/squid/digest Restart SQUID Proxy Server process # /etc/ini.d/squid restart Stopping squid: ................ Starting squid: . IE Proxy Server Configuration: 1. Open Internet Explorer 2. Go to Internet Options > Connections Tab > LAN Settings > Proxy Server 3. Enter IPAddress and Port of the SQUID Proxy Server 4. Try Accessing http://www.google.com > Enter Username and password (Digest) > Authenticate it 5. Done. [ OK ] [ OK ]

Configuring SQUID Proxy Server On LINUX

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Configuring SQUID Proxy Server On LINUX

Încărcat de

Drepturi de autor:

Formate disponibile

Configuring SQUID Proxy Server on LINUX Uma Mahesh.G Senior QA Engineer Gunipati81@gmail.

Configuring SQUID Proxy Server on LINUX

Created by Uma Mahesh.G

Configuring SQUID Proxy Server on LINUX

Created by Uma Mahesh.G

4. Try Accessing http://www.google.com

Configuring SQUID Proxy Server on LINUX

Created by Uma Mahesh.G

S-ar putea să vă placă și