Web Proxy with Squid

17 01 2010

As we already know that web caching servers play a key role inside an organisation. Not only users can surf faster, but also provide a way to trace back surfing traffic logs for future reference. Yeah, it makes administrator tasks easier, too.

My implementation

Squid 2.7 on Debian is my selection.

1. install squid
> apt-get install squid
2.edit squid.conf in /etc/squid
>vi /etc/squid/squid.conf
3. Follow this basic configuration
– change port:
http_port 3128
– remove comment icp_port
icp_port 3130
– Increase cache memory by dividing RAM capacity by 2
cache_mem 256
– Increase cache directory
cache_dir ufs /var/spool/squid 5000 16 256
– remove comment on squid log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/squid.log
pid_filename pid_filename /var/run/squid.pid

4. edit client netmask
client_netmask 255.255.255.0
5. add ACL list
acl myNetwork 192.168.1.0/24
http_access allow myNetwork

6. create swap directory
> squid -z
7. Enable squid configuration
> squid -k reconfigure /etc/squid/squid.conf
#OR
> /etc/init.d/squid restart

After setting squid proxy server, set web browser proxy connection to the one we have implemented. To watch incoming connection just view access.log
> tail -f /var/log/squid/access.log

Block black list

To block some black list, just add more ACL

#Block website by Domain name & IP address
>acl blockList dstdomain -r src "/etc/squid/blocklist1.txt"

#Block keywords

>acl blockRegex url_regex -r src "/etc/squid/blocklist2.txt"
>http_access deny blockList
>http_access deny blockRegex

Authentication

At that time , I had a problem with RADIUS authentication on IAS(Internet Authentication Service on Window Server 2003). So, I decided to use simple authentication.

1. Generate user-password file

>touch /etc/squid/userdb
>htpasswd /etc/squid/userdb [username]

It will prompt to insert password.

2. Change password file to readonly mode

> chmod o+r /etc/squid/userdb

3. change squid.conf

auth_param basic program /usr/lib/squid/ncsa_auth/etc/squid/userdb
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

*** Link


Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: