Download presentation
Presentation is loading. Please wait.
Published byElisabeth Tate Modified over 8 years ago
1
PROXY
2
SQUID Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite -- we're getting there!) HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. This is a short guide on how to set up a transparent squid proxy server.
3
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently- requested web pages. Squid has extensive access controls and makes a great server accelerator.
4
Install Squid Install squid and squid-common sudo aptitude install squid squid-common
5
Edit the squid config file. sudo vi /etc/squid/squid.conf Set the allowed hosts. acl internal_network src 192.168.0.0/24 (Where 192.168.0.0/24 is your IP range.) http_access allow internal_network
6
Set the correct permissions. sudo chown -R proxy:proxy /var/log/squid/ sudo chown proxy:proxy /etc/squid/squid.conf
7
You will need to restart squid for the changes to take affect. sudo /etc/init.d/squid restart Now open up your browser and set your proxy to point to your new squid server on port 3128
8
Authentication If you wish to use authentication with your proxy you will need to install apache2 utilities sudo aptitude install squid squid-common apache2-utils
9
To add your first user you will need to specify -c sudo htpasswd -c /etc/squid.passwd first_user Thereafter you add new users with sudo htpasswd /etc/squid.passwd another_user Edit the squid config file sudo vi /etc/squid/squid.conf Set the the authentication parameters and the acl auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd auth_param basic children 5 auth_param basic realm NFYE Squid proxy-caching web server auth_param basic credentialsttl 3 hours auth_param basic casesensitive off acl users proxy_auth REQUIRED acl sectionx proxy_auth REQUIRED http_access allow users
10
So this is what your squid.conf should look like. acl all src 0.0.0.0/0.0.0.0 acl internal_network src 192.168.0.0/24 acl users proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl sectionx proxy_auth REQUIRED acl purge method PURGE acl CONNECT method CONNECT
11
http_access allow manager localhost http_access allow users http_access allow internal_network http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all
12
Redirect the all HTTP traffic. If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp -- dport 80 -j DNAT --to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -- dport 80 -j REDIRECT --to-ports 3128 Where eth1,eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
13
References http://www.ubuntugeek.com/how-to-setup- transparent-squid-proxy-server-in- ubuntu.html
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.