Topics

ABOUT SQUID

SQUID BASICS

INSTRALLATION OF SQUID

SQUID SERVICE

CONFIGURATION

UNDERSTANDING ACCESS CONTROL LIST

LOGS

TRANSPARENT PROXY

MONITORING AND ANALYSIS
SQUID Server

The Squid proxy cache server is an excellent solution to a
variety of proxy and caching server needs, and scales from
the branch office to enterprise level networks while providing
extensive, granular access control mechanisms and
monitoring of critical parameters via the Simple Network
Management Protocol (SNMP). When selecting a computer
system for use as a dedicated Squid proxy, or caching
servers, ensure your system is configured with a large
amount of physical memory, as Squid maintains an inmemory cache for increased performance.
INSTALLATION of SQUID

Yum install squid
or

Rpm -ivh squid.x.x.x.rpm

Squid Service start / stop / restart

Service squid start

Service squid stop

Service squid restart
Squid Conf file

/etc/squid/

http_port 3128

visible_hostname hostname
Create New ACL
acl lan src 192.168.1.0/24
http_access allow lan
# Restricting Access By IP
acl badurl url_regex "/etc/squid/url.txt"
http_access deny badurl
acl badip url_regex "/etc/squid/ip.txt"
http_access deny badip
#############################
url.txt
#############################
.messenger.yahoo.com
.msg.yahoo.com
.scd.yahoo.com
.sc5.yahoo.com
webcam.yahoo.com
filetransfer.yahoo.com
#############################
#Website Block
#Website Block
#######################
ip.txt
########################
64.4.13.0/24 #MSN Messenger
207.46.104.0/24 #MSN Messenger
24.71.200.68/32 #Yahoo Messenger
204.71.202.73/32#Yahoo Messenger
204.71.200.0/24 #Yahoo Messenger
204.71.177.35/32 #Yahoo Messenger
#######################
Authentication on squid
touch /etc/squid/squid_passwd
htpasswd -c /etc/squid/squid_passwd <username>
chmod 666 /usr/local/squid/etc/passwd
locate ncsa_auth
# Find your ncsa_auth file
/usr/lib/squid/ncsa_auth
acl password proxy_auth REQUIRED
auth_param basic program /usr/lib/squid/ncsa_auth
/etc/squid/squid_passwd
Initializing SQUID

Squid -z
# it create swap directory.
Squid Log files

/var/log/squid/access.log

/var/log/squid/error.log
Transparent Proxy

Prior to version 2.6
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Version 2.6 and Beyond
http_port 3128 transparent


echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT --to-port 3128
Client Configuration

For example, to make these changes using Internet Explorer

1. Click on the "Tools" item on the menu bar of the browser.

2. Click on "Internet Options"

3. Click on "Connections"

4. Click on "LAN Settings"


5. Configure with the address and TCP port (3128 default) used by
your Squid server.
Here's how to make the same changes using Mozilla or Firefox.

1. Click on the "Edit" item on the browser's menu bar.

2. Click on "Preferences"

3. Click on "Advanced"

4. Click on "Proxies"
More filter & AntiVirus with SQUID


Use Dansguardian for more filtering.
Use Havp with Clamav Antivirus to Implement
antivirus with Squid Proxy Server.