Documente Academic
Documente Profesional
Documente Cultură
Proxy Server
1. What is Proxy?
An agent or program that has authority to act for another.
2. What is Squid?
Squid is a free, Internet proxy-caching program.
3. What is Cache?
A hiding place for concealing and preserving, which is inconvenient to carry .
Squid acts as an agent, accepting requests from clients (such as browsers) and passes
them to the appropriate Internet server. It stores data in an on-desk cache. The real benefit of
Squid emerges when the same data is requested multiple times, science a copy of the on-disk
data is requested to the client, speeding up Internet access and save bandwidth. Small amount of
disk space can have a significant impact on bandwidth usage and browsing speed. Squid
development is funded by the National Laboratory of Network Research (NLANR) .
Recommandation:
1. Processor with high speed
2. Required more memory
3. Required more space on HDD
Step 01:
Check RPM for proxy server
# rpm qa | grep squid
Step 02:
Installed Squid Using RPM command(If not Installed)
# rpm ivh squid .rpm
Step 03:
Squid Configuration :
Squid configuration file is squid.conf. It is in directory /etc/squid/squid.conf
-------------------- Start Configuration -----------------------------#Default: http_port 3128
http_port 8080
#Default: cache_mem 8 MB
cache_mem 50 MB
#Default:
cache_dir ufs /var/spool/squid 100 16 256
#Default:
cache_access_log /var/log/squid/access.log
#Default:
cache_log /var/log/squid/cache.log
#Default:
cache_store_log /var/log/squid/store.log
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0
http_access allow localhost
http_access allow ispstaff
http_access deny all
####### If you want to particular site deny ##########
acl GOOD dst 172.16.1.0/24
acl BAD dst 0.0.0.0/0.0.0.0
####explanation####
3
http_access allow GOOD
http_access deny BAD
###### Source/Destination Domain #######
#Squid can also be configured to restrict access to specific domains, especially adult sites. The
#dst acl type can be used in this case.
#Example : Filtering unwanted destination sites :
acl badDomains dstdomain xxx.com
acl nudeDomains dstdomain abc.com
acl badIP dst 192.172.1.100
http_access deny badDomains
http_access deny nudeDomains
http_access deny badIP
http_access deny all
#### Specific Time Deny #####
#Squid allows one to allow access to special sites by time. By combining the dstdomain and time
#acls you can allow access to specific sites during working hours, but allow access to other sites
#after working hours.
Syntax of access list :
Step 04:
#### Now create squid cache directory #####
# squid z
Step 05:
Running Squid :
# service
# service
# service
squid
squid
squid
start
stop
restart
Or
# /etc/rc.d/init.d/squid
restart
Step 06:
Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 07:
Now see the log files :
#tail f /var/log/squid/cache.log
#tail f /var/log/squid/access.log
#tail f /var/log/squid/store.log
Clear Log
# echo > /var/log/squid/cache.log
# echo > /var/log/squid/access.log
# echo > /var/log/squid/store.log
Step 01: first check RPM package of squid is install if present then uninstall it
by using the folloing commands
#rpm e nodeps squid
after some time the whole package of squid will be unstall
Step 02: copy the source file to the /usr/local/src directory
#cp squid-2.5.STABLE10.tar.gz /usr/local/src
Step 03: Add a unprivileged user say squid and group squid make its home directory /usr/local/squid using
useradd command
# useradd m d /usr/local/squid squid
Step 05: go to the /usr/local/src directory and untar the sourcr file
# tar zxvf
squid-2.5.STABLE10.tar.gz
#Default:
cache_access_log /usr/local/squid/log/access.log
#Default:
cache_log /usr/local/squid/log/cache.log
#Default:
cache_store_log /usr/local/squid/log/store.log
6
############3Access Controls Configuration ############
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl ispstaff src 192.168.1.0/255.255.255.0
####explanation####
7
#Example
acl ispgroup src 192.168.1.1200 192.168.1.201
acl working time ASMTWH 08:30-17:30
http_access allow ispgroup working
http_access deny ispgroup
###### ADMINISTRATIVE PARAMETERS #########
cache_effective_user squid
cache_effective_group squid
Step 06:
#### Now create squid cache directory #####
# /usr/local/squid/bin/squid z
Step 07 : starting and stoping squid service
#/usr/local/squid/bin/squid start
#/usr/local/squid/bin/squid stop
#/usr/local/squid/bin/squid restart
Testing Squid :
Configure you browser with proxy port no 8080 and browse .
Or
# telnet localhost 8080
# telnet 192.168.1.5 8080
Step 08:
Now see the log files :
#tail f /usr/local//squid/log/cache.log
#tail f /usr/local/squid/log/access.log
#tail f /usr/local/squid/log/store.log
Clear Log
# echo > /usr/local//squid/log/cache.log
# echo > /usr/local/squid/log/access.log
# echo > /usr/local/squid/log/store.log