1. Cechk the installation
=> dpkg -s squid
=> pgrep squid
=> info squid
2. Remove Old version
=> apt-get –purge remove squid
=> rm -rf /etc/squid/
3. Install squid
=> apt-get install squid
4. Find squid.conf file
=> locate squid.conf
5. Edit squid configuration file
i) Providing a name for the proxy server machine
Set visible_hostname
=> gedit /etc/squid/squid.conf
visible_hostname = server
ii) Specifying the interface and port number on which the proxy server should listen
http_port <ip address belonging to LAN>:<port number>
http_port 192.168.1.1:8080
iii) Allow home network
Define Acl
acl CONNECT method CONNECT
acl privatenet src 192.168.0.0/255.255.0.0
http_access allow privatenet
iv) Testing the Squid configuartion
Edit –> Preferences
Advanced –> Network –> Settings option under Connection field
v) Block specific sites (url)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl bad_sites url_regex “/etc/squid/squid-block.acl
http_access deny bad_sites
b. root@server:/etc/squid# touch squid-block.acl
c. chmod a+rwx squid-block.acl
d. nano squid-block.acl
.facebook.com
yahoo
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
v) Allow specific sites (url)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl good_sites url_regex “/etc/squid/squid-allow.acl
http_access allow good_sites
b. root@server:/etc/squid# touch squid-allow.acl
c. chmod a+rwx squid-allow.acl
d. nano squid-allow.acl
google.com
bdmms.com
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
vi) Block all the sites except 2/3 or …
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl all src 0.0.0.0
acl allow_sites url_regex “/etc/squid/allow_sites.acl
http_access allow allow_sites
http_access deny all
b. root@server:/etc/squid# touch allow_sites.acl
c. chmod a+rwx allow_sites.acl
d. nano allow_sites.acl
google.com
bdmms.com
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
6. Block download of certain type of file
(block mp3, wmv, …. media files)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl bad_sites url_regex “/etc/squid/squid-block.acl
acl blockfiles urlpath_regex “/etc/squid/blocks.files.acl”
http_access deny bad_sites
http_access deny blockfiles
b. touch blocks.files.acl
c. chmod 777 blocks.files.acl
d. nano blocks.files.acl
\.[Ea][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Ww][Mm][Vv]$
e. /etc/init.d/squid restart
f. Test configuration
7. Display custom error message
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
deny_info ERR_BLOCKED_FILES blockfiles
b. /usr/share/squid/errors/English# touch ERR_BLOCKED_FILES
or
/etc/squid/error# touch ERR_BLOCKED_FILES
c. nano ERR_BLOCKED_FILES
<html>
<head>
<title>ERROR: Blocked file content </title>
</head>
<body>
<h1> File is blocked due to new IT policy</h1>
</body>
</html>
d. /etc/init.d/squid restart
e. Test configuration
8. Talking to an External (Upstream) Proxy
Using an upstream proxy that supports ICP:
cache_peer proxy.yourisp.com parent 3128 3130 prefer_direct off
If your parent cache does not support ICP then you could try the following combination instead:
cache_peer proxy.yourisp.com parent 3128 7 no-query default prefer_direct off
9. Configuring squid as a Transparent Proxy
a. http_port 192.168.1.1:8080 transparent
b. Redirect the client requests going to internet on port 80 through the proxy
=> iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 8080
c. /etc/init.d/iptables restart
d. Enable ip forwarding
=> echo 1 |cat >/proc/sys/net/ipv4/ip_forward
e. Now on the client side, specify the default gateway ipaddress as the proxy server ip
address and do not configure any proxy settings in the client side browser
f. Transparent Proxy should not be used in the following situation
When https sites needs to be filtered
When proxy authentication is enabled
When local DNS servers are not available
10. Trouble Shoot using squid log file
=> tail -f /var/log/squid/access.log
=> tail -f /var/log/squid/cache.log
Find out the websites browsed through your squid proxy:
=> sudo cat /var/log/squid/access.log
Find out the specific website browsed through your squid proxy:
=> grep 'google' /var/log/squid/access.log
Find out the time for browsed website:
=> perl -pe "s/\d+/localtime($&)/e" access.log
Find out time of a specific browsed web site..
=> perl -pe "s/\d+/localtime($&)/e" access.log | grep google
Find out specific date's log information
=> perl -pe "s/\d+/localtime($&)/e" /var/log/squid/access.log | grep "Mar 18"
Print log file
=> perl -pe "s/\d+/localtime($&)/e" access.log | grep google >> /home/mukul/Desktop/log.doc
(Now print the log.doc file from your Desktop)
=> dpkg -s squid
=> pgrep squid
=> info squid
2. Remove Old version
=> apt-get –purge remove squid
=> rm -rf /etc/squid/
3. Install squid
=> apt-get install squid
4. Find squid.conf file
=> locate squid.conf
5. Edit squid configuration file
i) Providing a name for the proxy server machine
Set visible_hostname
=> gedit /etc/squid/squid.conf
visible_hostname = server
ii) Specifying the interface and port number on which the proxy server should listen
http_port <ip address belonging to LAN>:<port number>
http_port 192.168.1.1:8080
iii) Allow home network
Define Acl
acl CONNECT method CONNECT
acl privatenet src 192.168.0.0/255.255.0.0
http_access allow privatenet
iv) Testing the Squid configuartion
Edit –> Preferences
Advanced –> Network –> Settings option under Connection field
v) Block specific sites (url)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl bad_sites url_regex “/etc/squid/squid-block.acl
http_access deny bad_sites
b. root@server:/etc/squid# touch squid-block.acl
c. chmod a+rwx squid-block.acl
d. nano squid-block.acl
.facebook.com
yahoo
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
v) Allow specific sites (url)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl good_sites url_regex “/etc/squid/squid-allow.acl
http_access allow good_sites
b. root@server:/etc/squid# touch squid-allow.acl
c. chmod a+rwx squid-allow.acl
d. nano squid-allow.acl
google.com
bdmms.com
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
vi) Block all the sites except 2/3 or …
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl all src 0.0.0.0
acl allow_sites url_regex “/etc/squid/allow_sites.acl
http_access allow allow_sites
http_access deny all
b. root@server:/etc/squid# touch allow_sites.acl
c. chmod a+rwx allow_sites.acl
d. nano allow_sites.acl
google.com
bdmms.com
e. Save and Exit the Editor
f. Restart the squid
/etc/init.d/squid restart
g. Test the configuration working or not
6. Block download of certain type of file
(block mp3, wmv, …. media files)
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
acl bad_sites url_regex “/etc/squid/squid-block.acl
acl blockfiles urlpath_regex “/etc/squid/blocks.files.acl”
http_access deny bad_sites
http_access deny blockfiles
b. touch blocks.files.acl
c. chmod 777 blocks.files.acl
d. nano blocks.files.acl
\.[Ea][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Ww][Mm][Vv]$
e. /etc/init.d/squid restart
f. Test configuration
7. Display custom error message
a. gedit /etc/squid/squid.conf
Define Acl
acl CONNECT method CONNECT
deny_info ERR_BLOCKED_FILES blockfiles
b. /usr/share/squid/errors/English# touch ERR_BLOCKED_FILES
or
/etc/squid/error# touch ERR_BLOCKED_FILES
c. nano ERR_BLOCKED_FILES
<html>
<head>
<title>ERROR: Blocked file content </title>
</head>
<body>
<h1> File is blocked due to new IT policy</h1>
</body>
</html>
d. /etc/init.d/squid restart
e. Test configuration
8. Talking to an External (Upstream) Proxy
Using an upstream proxy that supports ICP:
cache_peer proxy.yourisp.com parent 3128 3130 prefer_direct off
If your parent cache does not support ICP then you could try the following combination instead:
cache_peer proxy.yourisp.com parent 3128 7 no-query default prefer_direct off
9. Configuring squid as a Transparent Proxy
a. http_port 192.168.1.1:8080 transparent
b. Redirect the client requests going to internet on port 80 through the proxy
=> iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 8080
c. /etc/init.d/iptables restart
d. Enable ip forwarding
=> echo 1 |cat >/proc/sys/net/ipv4/ip_forward
e. Now on the client side, specify the default gateway ipaddress as the proxy server ip
address and do not configure any proxy settings in the client side browser
f. Transparent Proxy should not be used in the following situation
When https sites needs to be filtered
When proxy authentication is enabled
When local DNS servers are not available
10. Trouble Shoot using squid log file
=> tail -f /var/log/squid/access.log
=> tail -f /var/log/squid/cache.log
Find out the websites browsed through your squid proxy:
=> sudo cat /var/log/squid/access.log
Find out the specific website browsed through your squid proxy:
=> grep 'google' /var/log/squid/access.log
Find out the time for browsed website:
=> perl -pe "s/\d+/localtime($&)/e" access.log
Find out time of a specific browsed web site..
=> perl -pe "s/\d+/localtime($&)/e" access.log | grep google
Find out specific date's log information
=> perl -pe "s/\d+/localtime($&)/e" /var/log/squid/access.log | grep "Mar 18"
Print log file
=> perl -pe "s/\d+/localtime($&)/e" access.log | grep google >> /home/mukul/Desktop/log.doc
(Now print the log.doc file from your Desktop)
No comments:
Post a Comment