Squid Jon Larsen Omaha Linux User Group May 2nd, 2006.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Virtual Private Servers VPS David Nevala Lukins Annis PS.
SQUID Running SQUID in freeBSD Sufi Faruq Ibne Abubakar AKTEL, TMIB Bangladesh.
UPSIDE-DOWN-TERNET – 2014 John BlackSpring Scamps.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access to Internal Resources.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Danguardian and Squid Proxy Installation and Configuration.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
14 July CONFIGURING A PROXY SERVER IN LINUX BY ROHIT KAUL CS, BITS-PILANI.
Computer Network (MASQ/NAT/PROXY)
Computer Networks IGCSE ICT Section 4.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.
Web Server Setup WEB SERVER SETUP.
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.
1 Enabling Secure Internet Access with ISA Server.
Securing Squid (Proxy) Using Digest Authentication.
Squid Proxy CentOS 6.4 Prepared by : Mr. Sopheap Position : IT Support Location : Deam Computer Date : 24/July/2013.
Linux Operations and Administration
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
Session 10 Windows Platform Eng. Dina Alkhoudari.
Web Proxy Squid Setup. A proxy is a host which relays web access requests from clients a proxy server is an application program that acts as an intermediary.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Topics ABOUT SQUID SQUID BASICS INSTRALLATION OF SQUID SQUID SERVICE CONFIGURATION UNDERSTANDING ACCESS CONTROL LIST LOGS TRANSPARENT PROXY MONITORING.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
System Administration and Maintenance. Proxy Server 1 Purpose – – To separate internal network from internet (NAT) To cache often used content User control:
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
TELE 301 Lecture 17: FTP … 1 Overview Last Lecture –Remote Terminal Services (SSH) This Lecture –File transfer and web caching Next Lecture –Directory.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.
Proxy Installer for Windows Squid: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response.
Implementing ISA Server Caching
Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Module 10: Windows Firewall and Caching Fundamentals.
IPTABLES -FIREWALL. IPTABLES IPTABLE BASIC IMPORTANT FILES SIMPLE SECURITY IMPLEMENTATION (GRAPHICAL WAY) IMPLEMENTING FIREWALL RULE WITH EXAMPLE (COMMAND.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
PROXY. SQUID Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite -- we're getting there!) HTTP/1.1 compliant. Squid offers a rich.
PRESENTED BY CHRIS ANDERSON MAY 12, 2008 Setting Up DansGuardian with Squid.
A PROJECT REPORT ON TRANSPARENT PROXY SERVER BY CHANDAN KUMAR DASH CHINMAYA KUMAR PANDA D.SHIVA SHANKAR NRUSINHAJEET PARICHA PRADEEP KUMAR MOHANTY SASANK.
Web and Proxy Server.
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
ECE 544: Middlebox lab Abhigyan Sharma.
Securing the Network Perimeter with ISA 2004
LINUX ADMINISTRATION 1
Implementing TMG Server Publishing
Linux Debian Fundamental Class
IIS.
Digital Pacman: Firewall Edition
الخطوات المطلوب القيام بها قبل انشاء الموقع
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Setting Up Firewall using Netfilter and Iptables
Configuring Internet-related services
Firewalls By conventional definition, a firewall is a partition made
Firewall Installation
(DNS – Domain Name System)
Designing IIS Security (IIS – Internet Information Service)
Web Servers (IIS and Apache)
Presentation transcript:

Squid Jon Larsen Omaha Linux User Group May 2nd, 2006

What is a proxy? proxy : the authority or power to act for another (source: Merriam-Webster Dictionary) A Web proxy provides a connection path for HTTP/HTTPS requests.

What is a cache? Cache : A hiding place esp. for preserving provisions (source: Merriam-Webster Dictionary) A cache stores objects from visited websites, such as images, PDF and HTML files.

What is Squid? ● Squid is a caching proxy ● Provide a single connection path for many client programs ● Can authenticate users to grant Internet access ● Provide time of day bandwidth allocation ● Monitor Usage ● Restrict Content

Installing Squid ● Generally, Squid is installed on your Gateway/Firewall box in which your internal LAN is connecting through ● Can be installed using apt-get, yum or yast or compiled from source ● Should be configured to run from init.d ● Requires a directory to store objects

Configuration ● The Squid configuration file is usually stored as /etc/squid/squid.conf ● On Fedora/CentOS/RedHat systems, the conf file is heavily annotated and self explanatory ● Items normally changed on a new installation: – http_port – dns_nameservers – cache_dir – http_access

Configuration http_port By default, Squid listens on port This can be changed or multiples can be specified. http_port 3128 http_port 8080 If you are on a firewall with multiple NICs, you may specify which ip address to listen http_port :3128

Configuration: dns_nameservers You can specify which DNS nameservers to use for your Squid proxy, overriding the system default. dns_nameservers

Configuration: cache_dir The cache_dir directive allows you to specify the directory in which to place your cached objects, and well as the maximum cache size to use to store cached objects. cache_dir ufs /var/spool/squid Cache size will be 100MB, 16 directories with 256 subdirectories – change as you see fit.

Configuration: http_access An acl and http_access controls who can connect to the proxy. For simplicity, we will allow all clients to connect from our lan. http_access allow all - or - acl our_networks src /24 http_access allow our_networks http_access allow localhost http_access deny all

Running Squid Before you can run Squid, you need to setup the cache_dir you specified in the squid.conf file. The directory must be writable by squid. You can create the directory by running: squid -z

Running Squid Cont. Simply run squid using the init script: /etc/rc.d/init.d/squid start - or - /etc/init.d/squid start

Configuring Clients For a client such as a web browser to access the Squid proxy, you must configure the Connection Options using the manual setting. Put in the IP address/FQDN of your proxy and the port you are connecting to

Configuring Clients Alt Method You can use your firewall to intercept incoming port 80 requests and redirect them to your Squid proxy, removing the need to configure the client with the proxy ip and port. Example: iptables -A PREROUTING -t nat -i eth1 -p tcp \ --dport 80 -j REDIRECT --to-port 3128

ACL Access Control Lists ACL lists can be created to do content filtering or preventing certain objects from being cached (ie. MPEG files) Prevent MPEG files from being cached: acl MPG url_regex.mpg$ no_cache deny MPG

ACL Access Control Lists Cont. Content filtering can be done using two methods. A redirector or with a regex expression. Squidguard is a well known redirector Our example will be a regex on a file of keywords or urls.

ACL Access Control Lists Cont. The regex works using files which can be downloaded and stored in /etc/squid. acl porn url_regex "/etc/squid/porn" acl noporn url_regex "/etc/squid/noporn" deny_info ERR_EXAMPLE_ACCESS_DENIED porn http_access allow noporn all http_access deny porn all

Reference ● Squid website – ● Squid Wiki – ● Squidguard – ● Squid: The Definitive Guide – O'Reilly, ISBN:

Omake From the Wireless Hacks book published by O'Reilly (ISBN: ) Hack #91 Using a squid cache remotely with SSH tunneling can allow you to use a squid running on your home firewall box to browse websites using wireless Internet access from your laptop – securely.

Omake Step 01 Configure and test Squid on your firewall Step 02 Create the tunnel from your laptop ssh -L3128:localhost:3128 mysquid.house -f -N Step 03 Configure your browser proxy