Topics ABOUT SQUID SQUID BASICS INSTRALLATION OF SQUID SQUID SERVICE CONFIGURATION UNDERSTANDING ACCESS CONTROL LIST LOGS TRANSPARENT PROXY MONITORING AND ANALYSIS SQUID Server The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an inmemory cache for increased performance. INSTALLATION of SQUID Yum install squid or Rpm -ivh squid.x.x.x.rpm Squid Service start / stop / restart Service squid start Service squid stop Service squid restart Squid Conf file /etc/squid/ http_port 3128 visible_hostname hostname Create New ACL acl lan src 192.168.1.0/24 http_access allow lan # Restricting Access By IP acl badurl url_regex "/etc/squid/url.txt" http_access deny badurl acl badip url_regex "/etc/squid/ip.txt" http_access deny badip ############################# url.txt ############################# .messenger.yahoo.com .msg.yahoo.com .scd.yahoo.com .sc5.yahoo.com webcam.yahoo.com filetransfer.yahoo.com ############################# #Website Block #Website Block ####################### ip.txt ######################## 64.4.13.0/24 #MSN Messenger 207.46.104.0/24 #MSN Messenger 24.71.200.68/32 #Yahoo Messenger 204.71.202.73/32#Yahoo Messenger 204.71.200.0/24 #Yahoo Messenger 204.71.177.35/32 #Yahoo Messenger ####################### Authentication on squid touch /etc/squid/squid_passwd htpasswd -c /etc/squid/squid_passwd <username> chmod 666 /usr/local/squid/etc/passwd locate ncsa_auth # Find your ncsa_auth file /usr/lib/squid/ncsa_auth acl password proxy_auth REQUIRED auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd Initializing SQUID Squid -z # it create swap directory. Squid Log files /var/log/squid/access.log /var/log/squid/error.log Transparent Proxy Prior to version 2.6 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Version 2.6 and Beyond http_port 3128 transparent echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT --to-port 3128 Client Configuration For example, to make these changes using Internet Explorer 1. Click on the "Tools" item on the menu bar of the browser. 2. Click on "Internet Options" 3. Click on "Connections" 4. Click on "LAN Settings" 5. Configure with the address and TCP port (3128 default) used by your Squid server. Here's how to make the same changes using Mozilla or Firefox. 1. Click on the "Edit" item on the browser's menu bar. 2. Click on "Preferences" 3. Click on "Advanced" 4. Click on "Proxies" More filter & AntiVirus with SQUID Use Dansguardian for more filtering. Use Havp with Clamav Antivirus to Implement antivirus with Squid Proxy Server.