Configure SQUID Proxy Server with Examples on Linux RHEL/Cen

ලිනක්ස් ගැන තියන tutorials බලන්න මෙහාට එන්න.

Configure SQUID Proxy Server with Examples on Linux RHEL/Cen

Postby root » Sun Jan 04, 2015 9:04 am

Image

A Proxy server is a device that usually sits between a client and the destination the user is trying to reach. It can provide security and even protection for the client behind the proxy. To help in this process is squid, which is a web proxy server for Red Hat.

It sits between the client and web server that the user is trying to connect to many times these devices are used when you want to control access to the Internet (think web filtering).

As a web proxy, it can also cache data that users request from the web and make it locally available, reducing the load on your external devices such as gateways and firewalls.

When setting up your proxy server, you need to know the following items:

/etc/sysconfig/squid : Startup options for the config file.
/etc/squid/squid.conf : Main config file for the service.
/var/spool/squid : cache location on the proxy server.
/var/log/squid : Log files for the proxy server.


Let’s look at some of the main configuration options:

http_port : Specifies the port to listen on
visable_hostname : Identifies the name of the squid server.
access_log : Keeps track of the web pages that are downloaded.
Acl : Defines an access control list
http_access : Defines which System or Network have access.

Install & Configuring the Squid Proxy Server:

Step1: Install the package with the following command

# yum install squid* -y

Step2: To verify that package

# rpm –qa /grep squid

Step3: To start squid proxy

# service squid start

Step3: Enable squid to start at boot

# chkconfig squid on

Step4: Verify the service will start at boot
# chkconfig squid --list


Web Proxy Sercurity:

Squid uses host-based security through the use of access control lists. These ACL’s are configured in the main config file, "/etc/squid/squid.conf". In the config file, you can define an ACL for your network and give all other networks access to the proxy server.

1).Configure SQUID to Block Specific Website :

Add below rules for block specific website in squid configuration file. In this example we are block http://www.facebook.com , and http://www.youtube.com

# vim /etc/squid/squid.conf

acl blocksite1 dstdomain http://www.facebook.com
acl blocksite2 dstdomain http://www.youtube.com
http_access deny blocksite1
http_access deny blocksite2


2). Block multiple domains with single file :

If you have number of websites,create a file "/etc/squid/blocksites.txt" and put website names in this file.

# vim /etc/squid/blocksites.txt

http://www.google.com
http://www.rediff.com
http://www.yahoo.com
http://www.gmail.com
-------------
-------------
http://www.amazon.com


:wq (save&quit)

Add above file in Squid Configuration file for block mentioned domains

# vim /etc/squid/squid.conf

acl blocksites dstdomain "/etc/squid/blocksites.txt"
http_access deny blocksites


Client side configuration :

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

3). Configure Squid to Block Specific Keyword

Add below rules for block specific Keyword in squid configuration file. In this example we are block "mail" and "tube" keywords.

# vim /etc/squid/squid.conf

acl blockkey1 url_regex mail
acl blockkey2 url_regex tube
http_access deny blockkey1
http_access deny blockkey2


4). Configure Squid to Block list of Keywords

If you have number of keywords,create a file "/etc/squid/blockkeywords.txt" and put keyword names in this file.

# vim /etc/squid/blockkeywords.txt

Gmail
Tube
Facebook
Social
Media


:wq (save&quit)

Add above file in Squid Configuration file for block mentioned keywords.

# vim /etc/squid/squid.conf

acl blockkewords dstdomain "/etc/squid/ blockkeywords.txt "
http_access deny blockkewords

Configure Squid for MAC Address based

5). Block single site for Single MAC Address
In this example we are block http://www.youtube.com site to system MAC address EC:A8:6B:F6:66:68

ACL Rule:

acl blocksite1 dstdomain http://www.youtube.com
acl sysmac1 arp EC:A8:6B:F6:66:68
http_access deny blocksite1 sysmac1


6). Block all sites for Single MAC Address

In this example we are block entire sites to system MAC address EC:A8:6B:F6:66:68

ACL Rule:

acl sysmac1 arp EC:A8:6B:F6:66:68
http_access deny sysmac1


7). Block single site for Multiple MAC Addresses

In this example we are block http://www.bsrtech.net site to system MAC addresses EC:A8:6B:F6:66:68,AT:B8:6D:F6:46:35 and etc...
create a file "/etc/squid/mac-addrs.txt" and put MAC Addresses in this file.

# vim /etc/squid/mac-addrs.txt

EC:A8:6B:F6:66:68
AT:B8:6D:F6:46:35
-----------------
-----------------
CT:B8:6D:F6:46:48
SG:B8:6D:F6:46:21


ACL Rule:

acl blocksite1 dstdomain http://www.bsrtech.net
acl sysmacs arp “/etc/squid/mac-addrs.txt”
http_access deny blocksite1 sysmacs


8). Block all sites for Multiple MAC Addresses

In this example we are block all websites to system MAC addresses EC:A8:6B:F6:66:68, AT:B8:6D:F6:46:35 and etc...
create a file "/etc/squid/mac-addrs.txt" and put MAC Addresses in this file.

# vim /etc/squid/mac-addrs.txt

EC:A8:6B:F6:66:68
AT:B8:6D:F6:46:35
-----------------
-----------------
CT:B8:6D:F6:46:48
SG:B8:6D:F6:46:21


ACL Rule:

acl sysmacs arp “/etc/squid/mac-addrs.txt”
http_access deny sysmacs


9). Allow Specific site for Single MAC Address

In this example we are allow http://www.bsrtech.net site to system MAC addresses EC:A8:6B:F6:66:68 and deny other sites.

ACL Rule :

acl allowsite1 dstdomain http://www.bsrtech.net
acl sysmac1 arp EC:A8:6B:F6:66:68
http_access allow allowsite1 sysmac1
http_access deny sysmac1


10). Allow Multiple sites for Single MAC Address

In this example we are allow multiple sites to system MAC address EC:A8:6B:F6:66:68 and deny other sites.
create a file /etc/squid/allowsites.txt and put website names in this file.

# vim /etc/squid/allowsites.txt

http://www.google.com
http://www.rediff.com
http://www.yahoo.com
http://www.gmail.com
-------------
-------------
http://www.amazon.com


:wq (save&quit)

ACL Rule :

acl allowsites dstdomain “/etc/squid/allowsites.txt”
acl sysmac1 arp EC:A8:6B:F6:66:68
http_access allow allowsites sysmac1
http_access deny sysmac1


11). Allow Specific site for Multiple MAC Addresses

In this example we are allow http://www.bsrtech.net website to system MAC addresses EC:A8:6B:F6:66:68, AT:B8:6D:F6:46:35 and etc... and deny other sites.
create a file "/etc/squid/mac-addrs.txt" and put MAC Addresses in this file.

# vim /etc/squid/mac-addrs.txt

EC:A8:6B:F6:66:68
AT:B8:6D:F6:46:35
-----------------
-----------------
CT:B8:6D:F6:46:48
SG:B8:6D:F6:46:21


ACL Rule:

acl allowsite1 dstdomain http://www.bsrtech.net
acl sysmacs arp “/etc/squid/mac-addrs.txt”
http_access allow allowsite1 sysmacs
http_access deny sysmacs


12). Allow Multiple sites for Multiple MAC Addresses

In this example we are allow multiple websites to system MAC addresses EC:A8:6B:F6:66:68, AT:B8:6D:F6:46:35 and etc... and deny other sites.
Create a file "/etc/squid/allowsites.txt" and put website names in this file.

# vim /etc/squid/allowsites.txt

http://www.google.com
http://www.rediff.com
http://www.yahoo.com
http://www.gmail.com
-------------
-------------
http://www.amazon.com


:wq (save&quit)

create a file "/etc/squid/mac-addrs.txt" and put MAC Addresses in this file.

# vim /etc/squid/mac-addrs.txt

EC:A8:6B:F6:66:68
AT:B8:6D:F6:46:35
-----------------
-----------------
CT:B8:6D:F6:46:48
SG:B8:6D:F6:46:21


ACL Rule:

acl allowsites dstdomain “/etc/squid/allowsites.txt”
acl sysmacs arp “/etc/squid/mac-addrs.txt”
http_access allow allowsites sysmacs
http_access deny sysmacs


Thanks for taking the time to read this article, I hope it's helpful for all Linux Legends.

Source From http://www.bsrtech.net/2014/12/configure-squid-proxy-server-with.html

Thanks You Bsrtech
  • 0

User avatar
root
Site Admin
 
Posts: 83
Joined: Mon Jul 15, 2013 3:46 pm
Has thanked: 0 time
Been thanked: 0 time
Reputation: 0

Return to Linux Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

cron