Board index Linux Installation Stuffs

Moderator: chandranjoy

Install and configure Squid Proxy - Linux

Postby chandranjoy » Thu Jun 30, 2011 4:59 pm

How to install and configure Squid Proxy server in Linux?

On RedHat 5/CentOS 5:
Install Squid:
yum install squid

OR
Download and install through RPM

Add/enable the following lines in /etc/squid/squid.conf
acl our_networks src 127.0.0.1 2xx.1xx.8x.1xx
http_access allow our_networks
http_access allow all
# And finally deny all other access to this proxy
http_access allow localhost
# MEMORY CACHE OPTIONS
cache_mem 32 MB
cache_dir ufs /var/spool/squid 200 32 512
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#Access Log
access_log /var/log/squid/access.log squid
#Nameservers
dns_nameservers 8.8.8.8 4.2.2.2


Reference:

http://www.cyberciti.biz/tips/howto-rhe ... ation.html

On Ubuntu:
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we’re getting there!) HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.

This is a short guide on how to set up a transparent squid proxy server. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

Install Squid


sudo aptitude install squid squid-common


Edit the squid config file.
sudo vi /etc/squid/squid.conf


Set the allowed hosts.

acl internal_network src 192.168.0.0/24 (Where 192.168.0.0/24 is your IP range.)
http_access allow internal_network


Set the correct permissions.
sudo chown -R proxy:proxy /var/log/squid/
sudo chown proxy:proxy /etc/squid/squid.conf

You will need to restart squid for the changes to take affect.

sudo /etc/init.d/squid restart


Now open up your browser and set your proxy to point to your new squid server on port 3128

Authentication

If you wish to use authentication with your proxy you will need to install apache2 utilities
sudo aptitude install squid squid-common apache2-utils


To add your first user you will need to specify -c

sudo htpasswd -c /etc/squid.passwd first_user


Thereafter you add new users with

sudo htpasswd /etc/squid.passwd another_user


Edit the squid config file

sudo vi /etc/squid/squid.conf


Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off

acl users proxy_auth REQUIRED

acl sectionx proxy_auth REQUIRED

http_access allow users


So this is what your squid.conf should look like.

acl all src 0.0.0.0/0.0.0.0
acl internal_network src 192.168.0.0/24
acl users proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl sectionx proxy_auth REQUIRED
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow users
http_access allow internal_network
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all


Redirect the all HTTP traffic.

If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128


Where eth1,eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.

If you wish to monitor the performance of your proxy you can look as some log parser’s (sarg, calamaris, etc.)

Reference:
http://www.ubuntugeek.com/how-to-setup- ... buntu.html


Enjoy :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Installation Stuffs

Who is online

Users browsing this forum: No registered users and 1 guest


cron