Sunday 13 January 2013

Proxy (squid) server on RedHat /Cent OS


#yum install squid
#vim /etc/squid/squid.conf
#acl localhost src 192.168.0.0/16 (comment this line then only proxy can work for 192.168.0.0 netowrk)
http_port 3128 (default just check only/ u can change the port number also)

add the below lines in access control list section
acl Safe_ports port 777 (default just check only)
acl CONNECT method CONNECT (default just check only)
acl deny_host src 192.168.176.5 (this line can deny the host from internet)
acl allow_network src 192.168.176.0/24
acl business_hours time M T W H F 9:00-17:00
acl web_deny dstdomain “/etc/squid/web_deny” (created by us for site restriction)

add the below lines in http access section
http_access allow localhost
http_access deny deny_host
http_access deny web_deny
http_access allow allow_network
http_access allow business_hours
http_access deny all

#add the below line at end
 logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt

#vim /etc/squid/web_deny

#service squid restart
#chkconfig squid on

#cat /var/log/squid/access.log – who is using proxy and what they are doing

Extra’s
To allow morning only:
acl mornings time 08:00-12:00
http_access allow mornings

acl GoodSites dstdomain "/usr/local/etc/allowed-sites.squid"
acl BadSites dstdomain "/usr/local/etc/restricted-sites.squid"

http_access allow GoodSites
http_access deny BadSites

Download limit Restrict:

#Add the below lines in acl section
acl Group1 src 10.5.0.1-10.5.0.10/32
acl Group2 src 10.5.2.1-10.5.2.10/32

#Add the below lines in http access section
reply_body_max_size 20480 KB Group2
reply_body_max_size 10240 KB Group1
reply_body_max_size 5120 KB all

Time Based Download Limit

acl WorkingHours time 08:00-17:00
reply_body_max_size 10240 KB WorkingHours

for Upload limit Restrict: (works only for http upload)

request_body_max_size 200 KB
    Client configuration
Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.
    Password Authentication Using NCSA
You can configure Squid to prompt users for a username and password. Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file. You can use the htpasswd program that comes installed with Apache to create your passwords. Here is how it's done:
  1. Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it's universally readable.
#touch /etc/squid/squid_passwd
#chmod o+r /etc/squid/squid_passwd
#htpasswd /etc/squid/squid_passwd www

Here:

htpasswd = command
www = username

#locate ncsa_auth (copy the location)
now
#vim squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)