Squid Proxy Server Setup & Configuration:
1. apt-get install squid [it will download & install squid package]
2. vim /etc/squid/squid.conf
recommended minimum configuration:
** search manager through this command
/manager
** Look carefully two 'acl' declared of having Class B & Class C network named as 'localnet'
** So we have to just uncomment or enable the line 'http_access allow localnet' that's it.
N.B.R.- Don't disable this two 'acl'named as 'localnet' otherwise proxy will give fatal Error message...(localnet not defined)
** Again search http_port through this command
/http_port [we will find like 'http_port 3128']
change it to http_port 8080
** W0W!!!squid minimum configuration done.
** Now restart the squid: /etc/init.d/squid restart
3. Allow Specific ip address and Block specific websites in squid proxy:
Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
4. Don't forget to restart squid:
/etc/init.d/squid restart
=============================================================
@@@@ SQUID PROXY ADVANCED TUNING...@@@@
=============================================================
______________________________________________________________________
*** Restrict ip address, fully allowed ip adress(for all websites not all extentioned files)
blocked websites,non-downloadbale extenton file or blocked extention files..
______________________________________________________________________
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl allowedip src "/etc/squid/allowedip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl blockedsite url_regex "/etc/squid/blockedsite"
acl blockedext url_regex "/etc/squid/blockedext"
acl ncsa_users proxy_auth REQUIRED [For username & password authentication prompt]
2.Now HTTP ACCESS \ DENY:
#http_access allow localnet
http_access deny blockedext
http_access allow ncsa_users [For username & password authentication prompt]
http_access allow localhost
http_access allow fullaccessip
http_access deny blockedsite
http_access allow allowedip
FINALLY :
http-access deny all
3. Don't forget to restart squid:
/etc/init.d/squid restart
4. way to create acl declared files:
# vim /etc/squid/allowedip
The configuration script should look like this
------------------------
192.168.0.20
192.168.0.27
192.168.0.33
192.168.0.57
192.168.0.110
------------------------
# vim /etc/squid/blockedsite
The configuration script should look like this
----------------------------
.yahoo.com
.facebook.com
.bing.com
---------------------------
N.B.R.- don't forget dot (.)mark at the beginning of the each domain.
# vim /etc/squid/blockedext
The configuration script should look like this:
-------------------------------------------------------
.exe$
.avi$
.mpg$
.mpeg$
.mp33$
-------------------------------------------------------
Or you can specify extentions as follows: (not recommended)
-----------------------------
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
-----------------------------
_______________________________________________________________________
@@@@@@@@ Groupwise Restriction for Access Control (ACL) @@@@@@@
_______________________________________________________________________
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl ournet src 10.0.0.0/24
acl group-md src "/etc/squid/group-md"
acl group-user src "/etc/squid/group-user"
acl group-mail src "/etc/squid/group-mail"
acl baddom dstdomain "/etc/squid/baddom"
acl allowsite url_regex -i "/etc/squid/allowsite" [ (-i) menas case sensitivity void....both upper & lower case letters....]
2. Now HTTP ACCESS \ DENY:
http_access allow group-md
http_access allow group-user !baddom [ (!) singn means except]
http_access deny group-mail !allowsite [ (!) singn means except]
http_access allow localhost
http_access allow ournet
FINALLY :
http-access deny all
___________________________________________________________________
@@@@@@ Setting Maximum Size of Downloadable File @@@@@@
___________________________________________________________________
This task is managed by the reply_body_max_size parameter. The value next to it is the maximum size expressed in bits.
reply_body_max_size 100000000 deny all #100M
The above line doesn’t allow anyone to download any file that is greater than roughly 100MB.
______________________________________________________________________
_____________________________________________________________________
@@@@@@@@@@ Blocking a specific MAC Adress @@@@@@@@
_____________________________________________________________________
Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
acl badmac arp 00:C0:26:8A:5F:06
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access deny badmac
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
--------------------------------------------------------------------------------------------------------
___________________________________________________________________
@@@@@ Bind Specific MAC Adress With Specific IP @@@@@@
___________________________________________________________________
Now Create ACL:
acl localhost src 127.0.0.1/32
acl mac1 arp 00:C0:26:8A:5F:06
acl mac2 arp 00:19:DB:BD:C9:F5
acl mac3 arp 00:19:DB:BD:C9:F6
acl ip1 src 172.16.0.2
acl ip2 src 172.16.0.3
acl ip3 src 172.16.0.4
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow mac1 ip1
http_access allow mac2 ip2
http_access allow mac3 ip3
FINALLY :
http-access deny all
____________________________________________________________________
@@@@@@@@ Blocking Multiple MAC Adress @@@@@@
____________________________________________________________________
Firstly We have to create a file which will contain the list of Bad Mac's.......
# vim /etc/squid/badmac
The configuration script should look like this
---------------------------------------------------------
00:C0:26:8A:5F:06
00:19:DB:BD:C9:F4
89:12:5C:KM:E5:L3
---------------------------------------------------------
Now Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
acl badmac arp "/etc/squid/badmac"
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access deny badmac
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
&&&&&&&&& Special NOte &&&&&&&&&&&
===============================================================
NOTE: Squid can only determine the MAC address for clients that are on the same subnet.
If the client is on a different subnet, then Squid cannot find out its MAC address.
----------------------------------------------------------------------------------------
To Know Cleint Pc Mac Address from Debian Linux Server:
# arp 192.168.0.4 (The cleint host shoud be up & pingable)
____________________________________________________________________
@@@@@@@ Setting Specific Time & Day for Browsing @@@@@@@
____________________________________________________________________
The following lines have been taken from the file squid.conf. Each day can be represented by an alphabet.
Moreover, browsing time can be limited using h1:m1 – h2:m2 parameters, where h1:m1 > h2:m2.
#acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2\
--------------------------------------------------------------------------------------------------
Now Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl allowedhour time S M T W H 10:00 – 16:00
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow allowip allowedhour
FINALLY :
http-access deny all
____________________________________________________________________
@@@@@ Example: allow browsing during office hours only @@@@@@@
____________________________________________________________________
#vim /etc/squid/squid.conf
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl office_hours time S M T W H 08:00-18:00
acl non_office_hours time S M T W H F A 17:01-00:00
acl non_office_hours time S M T W H F A 00:00-08:59
acl our_network src 192.168.200.0/24
http_access deny our_network non_office_hours
http_access allow our_network office_hours
http_access deny all
#make sure deny is put before allow allowing our network
___________________________________________________________________
@@@@@ Restrict access to multiple website for defined time @@@
___________________________________________________________________
For example here we will restrict access www.facebook .com from 9:00am to 5:00am.
acl morninghours time M T W H F 8:00-12:00
acl eveninghours time M T W H F 13:30-18:00
acl blacklistdomain url_regex "/etc/squid/ blacklist.domain"
acl blacklistip src "/etc/squid/blacklist.ip"
http_access deny blacklistdomain morninghours blacklistIP
http_access deny blacklistdomain eveninghours blacklistIP
http_access allow our_network
http_access deny all
_______________________________________________________________________
Configure an NCSA-style PROXY USERNAME and PASS propmt authentication _______________________________________________________________________
-------------------------------------------------------------------------------------------------
Remember: Squid proxy username & password authentication does not support transparent proxy.
--------------------------------------------------------------------------------------------------
STEP 1: First of all install apache2
# apt-get install apache2
STEP 2: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and
update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd -c /etc/squid/passwd mithu [here (-c) is used to create passwd file to save mithu user.]
Output:
New password:
Re-type new password:
Adding password for user mithu
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
STEP 3: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or
dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distribution try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
STEP 4: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vim /etc/squid/squid.conf
Append following configuration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
****N.B.R.- Search by /auth_param go to the ending section of auth_param portion...then append
STEP 5:
-------
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl allowedip src "/etc/squid/allowedip"
acl ncsa_users proxy_auth REQUIRED
2.Now HTTP ACCESS/DENY:
#http_access allow localnet
http_access allow ncsa_users
http_access allow localhost
http_access allow allowedip
FINALLY :
http-access deny all
3. Don't forget to restart squid:
/etc/init.d/squid restart
For More to Know:
-----------------------
Where,
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
auth_param basic children 5 : The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in
other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
==============================================================
@@@@ How To Clean and Re-build Squid cache @@@
==============================================================
First, Check you squid.conf file and locate the location of you cache directory, you should have line starting with "cache_dir"
1) Shutdown your squid server
# /etc/init.d/squid stop
or
# service squid stop
or
# squid -k shutdown [Readhat / Fedora]
2) Remove the cache directory
# rm -r /squid/cache/*
3) Re-Create the squid cache directory
# squid -z
4) Start the squid
# /etc/init.d/squid start
or
# service squid start
==============================================================
*********** Bandwidth management through Proxy using Delay Pool ***********
==============================================================
1. Create ACL:
#acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/16
#acl localnet src 192.168.0.0/24
acl mynet512 src "C:\squid\etc\kb512.txt"
acl mynet256 src "C:\squid\etc\kb256.txt"
acl mynet128 src "C:\squid\etc\kb128.txt"
acl mynet64 src "C:\squid\etc\kb64.txt"
2.Now HTTP ACCESS/DENY:
http_access allow mynet512
http_access allow mynet256
http_access allow mynet128
http_access allow mynet64
http_access deny localnet
# And finally deny all other access to this proxy
http_access deny all
3. # TAG: delay_pools
#Default:
# delay_pools 0
delay_pools 4
4. #TAG: delay_class
#Default:
# none
delay_class 1 2
delay_class 2 2
delay_class 3 2
delay_class 4 2
5. # TAG: delay_access
#Default:
# none
delay_access 1 allow mynet512
delay_access 1 deny all
delay_access 2 allow mynet256
delay_access 2 deny all
delay_access 3 allow mynet128
delay_access 3 deny all
delay_access 4 allow mynet64
delay_access 4 deny all
6. # TAG: delay_parameters
#Default:
# none
delay_parameters 1 -1/-1 65536/65536
delay_parameters 2 -1/-1 32768/32768
delay_parameters 3 -1/-1 16384/16384
delay_parameters 4 -1/-1 8192/8192
1. apt-get install squid [it will download & install squid package]
2. vim /etc/squid/squid.conf
recommended minimum configuration:
** search manager through this command
/manager
** Look carefully two 'acl' declared of having Class B & Class C network named as 'localnet'
** So we have to just uncomment or enable the line 'http_access allow localnet' that's it.
N.B.R.- Don't disable this two 'acl'named as 'localnet' otherwise proxy will give fatal Error message...(localnet not defined)
** Again search http_port through this command
/http_port [we will find like 'http_port 3128']
change it to http_port 8080
** W0W!!!squid minimum configuration done.
** Now restart the squid: /etc/init.d/squid restart
3. Allow Specific ip address and Block specific websites in squid proxy:
Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
4. Don't forget to restart squid:
/etc/init.d/squid restart
=============================================================
@@@@ SQUID PROXY ADVANCED TUNING...@@@@
=============================================================
______________________________________________________________________
*** Restrict ip address, fully allowed ip adress(for all websites not all extentioned files)
blocked websites,non-downloadbale extenton file or blocked extention files..
______________________________________________________________________
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl allowedip src "/etc/squid/allowedip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl blockedsite url_regex "/etc/squid/blockedsite"
acl blockedext url_regex "/etc/squid/blockedext"
acl ncsa_users proxy_auth REQUIRED [For username & password authentication prompt]
2.Now HTTP ACCESS \ DENY:
#http_access allow localnet
http_access deny blockedext
http_access allow ncsa_users [For username & password authentication prompt]
http_access allow localhost
http_access allow fullaccessip
http_access deny blockedsite
http_access allow allowedip
FINALLY :
http-access deny all
3. Don't forget to restart squid:
/etc/init.d/squid restart
4. way to create acl declared files:
# vim /etc/squid/allowedip
The configuration script should look like this
------------------------
192.168.0.20
192.168.0.27
192.168.0.33
192.168.0.57
192.168.0.110
------------------------
# vim /etc/squid/blockedsite
The configuration script should look like this
----------------------------
.yahoo.com
.facebook.com
.bing.com
---------------------------
N.B.R.- don't forget dot (.)mark at the beginning of the each domain.
# vim /etc/squid/blockedext
The configuration script should look like this:
-------------------------------------------------------
.exe$
.avi$
.mpg$
.mpeg$
.mp33$
-------------------------------------------------------
Or you can specify extentions as follows: (not recommended)
-----------------------------
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
-----------------------------
_______________________________________________________________________
@@@@@@@@ Groupwise Restriction for Access Control (ACL) @@@@@@@
_______________________________________________________________________
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl ournet src 10.0.0.0/24
acl group-md src "/etc/squid/group-md"
acl group-user src "/etc/squid/group-user"
acl group-mail src "/etc/squid/group-mail"
acl baddom dstdomain "/etc/squid/baddom"
acl allowsite url_regex -i "/etc/squid/allowsite" [ (-i) menas case sensitivity void....both upper & lower case letters....]
2. Now HTTP ACCESS \ DENY:
http_access allow group-md
http_access allow group-user !baddom [ (!) singn means except]
http_access deny group-mail !allowsite [ (!) singn means except]
http_access allow localhost
http_access allow ournet
FINALLY :
http-access deny all
___________________________________________________________________
@@@@@@ Setting Maximum Size of Downloadable File @@@@@@
___________________________________________________________________
This task is managed by the reply_body_max_size parameter. The value next to it is the maximum size expressed in bits.
reply_body_max_size 100000000 deny all #100M
The above line doesn’t allow anyone to download any file that is greater than roughly 100MB.
______________________________________________________________________
_____________________________________________________________________
@@@@@@@@@@ Blocking a specific MAC Adress @@@@@@@@
_____________________________________________________________________
Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
acl badmac arp 00:C0:26:8A:5F:06
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access deny badmac
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
--------------------------------------------------------------------------------------------------------
___________________________________________________________________
@@@@@ Bind Specific MAC Adress With Specific IP @@@@@@
___________________________________________________________________
Now Create ACL:
acl localhost src 127.0.0.1/32
acl mac1 arp 00:C0:26:8A:5F:06
acl mac2 arp 00:19:DB:BD:C9:F5
acl mac3 arp 00:19:DB:BD:C9:F6
acl ip1 src 172.16.0.2
acl ip2 src 172.16.0.3
acl ip3 src 172.16.0.4
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow mac1 ip1
http_access allow mac2 ip2
http_access allow mac3 ip3
FINALLY :
http-access deny all
____________________________________________________________________
@@@@@@@@ Blocking Multiple MAC Adress @@@@@@
____________________________________________________________________
Firstly We have to create a file which will contain the list of Bad Mac's.......
# vim /etc/squid/badmac
The configuration script should look like this
---------------------------------------------------------
00:C0:26:8A:5F:06
00:19:DB:BD:C9:F4
89:12:5C:KM:E5:L3
---------------------------------------------------------
Now Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl fullaccessip src "/etc/squid/fullaccessip"
acl baddomain url_regex "/etc/squid/baddomain"
acl badmac arp "/etc/squid/badmac"
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access deny badmac
http_access allow fullaccessip
http_access deny baddomain
http_access allow allowip
FINALLY :
http-access deny all
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
&&&&&&&&& Special NOte &&&&&&&&&&&
===============================================================
NOTE: Squid can only determine the MAC address for clients that are on the same subnet.
If the client is on a different subnet, then Squid cannot find out its MAC address.
----------------------------------------------------------------------------------------
To Know Cleint Pc Mac Address from Debian Linux Server:
# arp 192.168.0.4 (The cleint host shoud be up & pingable)
____________________________________________________________________
@@@@@@@ Setting Specific Time & Day for Browsing @@@@@@@
____________________________________________________________________
The following lines have been taken from the file squid.conf. Each day can be represented by an alphabet.
Moreover, browsing time can be limited using h1:m1 – h2:m2 parameters, where h1:m1 > h2:m2.
#acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2\
--------------------------------------------------------------------------------------------------
Now Create ACL:
acl localhost src 127.0.0.1/32
acl allowip src "/etc/squid/allowip"
acl allowedhour time S M T W H 10:00 – 16:00
Now HTTP ACCESS \ DENY:
http_access allow localhost
http_access allow allowip allowedhour
FINALLY :
http-access deny all
____________________________________________________________________
@@@@@ Example: allow browsing during office hours only @@@@@@@
____________________________________________________________________
#vim /etc/squid/squid.conf
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl office_hours time S M T W H 08:00-18:00
acl non_office_hours time S M T W H F A 17:01-00:00
acl non_office_hours time S M T W H F A 00:00-08:59
acl our_network src 192.168.200.0/24
http_access deny our_network non_office_hours
http_access allow our_network office_hours
http_access deny all
#make sure deny is put before allow allowing our network
___________________________________________________________________
@@@@@ Restrict access to multiple website for defined time @@@
___________________________________________________________________
For example here we will restrict access www.facebook .com from 9:00am to 5:00am.
acl morninghours time M T W H F 8:00-12:00
acl eveninghours time M T W H F 13:30-18:00
acl blacklistdomain url_regex "/etc/squid/ blacklist.domain"
acl blacklistip src "/etc/squid/blacklist.ip"
http_access deny blacklistdomain morninghours blacklistIP
http_access deny blacklistdomain eveninghours blacklistIP
http_access allow our_network
http_access deny all
_______________________________________________________________________
Configure an NCSA-style PROXY USERNAME and PASS propmt authentication _______________________________________________________________________
-------------------------------------------------------------------------------------------------
Remember: Squid proxy username & password authentication does not support transparent proxy.
--------------------------------------------------------------------------------------------------
STEP 1: First of all install apache2
# apt-get install apache2
STEP 2: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and
update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd -c /etc/squid/passwd mithu [here (-c) is used to create passwd file to save mithu user.]
Output:
New password:
Re-type new password:
Adding password for user mithu
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
STEP 3: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or
dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distribution try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
STEP 4: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vim /etc/squid/squid.conf
Append following configuration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
****N.B.R.- Search by /auth_param go to the ending section of auth_param portion...then append
STEP 5:
-------
1. Create ACL:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl allowedip src "/etc/squid/allowedip"
acl ncsa_users proxy_auth REQUIRED
2.Now HTTP ACCESS/DENY:
#http_access allow localnet
http_access allow ncsa_users
http_access allow localhost
http_access allow allowedip
FINALLY :
http-access deny all
3. Don't forget to restart squid:
/etc/init.d/squid restart
For More to Know:
-----------------------
Where,
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
auth_param basic children 5 : The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in
other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
==============================================================
@@@@ How To Clean and Re-build Squid cache @@@
==============================================================
First, Check you squid.conf file and locate the location of you cache directory, you should have line starting with "cache_dir"
1) Shutdown your squid server
# /etc/init.d/squid stop
or
# service squid stop
or
# squid -k shutdown [Readhat / Fedora]
2) Remove the cache directory
# rm -r /squid/cache/*
3) Re-Create the squid cache directory
# squid -z
4) Start the squid
# /etc/init.d/squid start
or
# service squid start
==============================================================
*********** Bandwidth management through Proxy using Delay Pool ***********
==============================================================
1. Create ACL:
#acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/16
#acl localnet src 192.168.0.0/24
acl mynet512 src "C:\squid\etc\kb512.txt"
acl mynet256 src "C:\squid\etc\kb256.txt"
acl mynet128 src "C:\squid\etc\kb128.txt"
acl mynet64 src "C:\squid\etc\kb64.txt"
2.Now HTTP ACCESS/DENY:
http_access allow mynet512
http_access allow mynet256
http_access allow mynet128
http_access allow mynet64
http_access deny localnet
# And finally deny all other access to this proxy
http_access deny all
3. # TAG: delay_pools
#Default:
# delay_pools 0
delay_pools 4
4. #TAG: delay_class
#Default:
# none
delay_class 1 2
delay_class 2 2
delay_class 3 2
delay_class 4 2
5. # TAG: delay_access
#Default:
# none
delay_access 1 allow mynet512
delay_access 1 deny all
delay_access 2 allow mynet256
delay_access 2 deny all
delay_access 3 allow mynet128
delay_access 3 deny all
delay_access 4 allow mynet64
delay_access 4 deny all
6. # TAG: delay_parameters
#Default:
# none
delay_parameters 1 -1/-1 65536/65536
delay_parameters 2 -1/-1 32768/32768
delay_parameters 3 -1/-1 16384/16384
delay_parameters 4 -1/-1 8192/8192
This is beautiful, thanks for sharing a little bit of your world!
ReplyDeletetorrentHound UK proxy
I like the resources which you mention in your blog but there are more resources which you can use. I hope in you next article you include these resources too.
ReplyDeleteFileCrop UK proxy