Squid Server acts as a Internet Service Provider. It caches data and hence speed of internet browsing increases little-bit.
Internet Data : Internet data is of 2 types-
a) Static Data : This data does not changes e.g. Documents etc.
b) Dynamic Data : this data changes as time passes. e.g. Advertise, pictures etc.
Static data can be cached. Dynamic data can not be cached. The data which has been cached on internet is given to clients through server. But dynamic data needs to be taken every time from internet. Proxy server can also be used as an internet accelerator. If someone is accessing data from outside network then this server acts as a interface between main server and client, so that there is less load on main server.
Check for package is installed or not : # rpm -qa |grep squid*
If package is installed on your system then...
Edit '/etc/squid/squid.conf ' file
Contents of squid.conf
a) #http_port 3128
the default port for squid is 3128, if you want to change then remove comment.
b) cache_dir ufs /var/spool/squid 100 16 256
this directory contains cached data. [ufs = file system, 100 = size = 100 Mb default,
16 = first level directories to be created,
256 = Under every directory we can create 256 second level sub directories]
Exit from vi mode
The directories where it stores cached data are called as 'swap directories'.
To create swap directories give command-
# squid -z ( if error is there then follow next step)
Edit squid.conf file
make changes as
Default :
instead of #none type your host name
save and exit
# squid -z
# service squid start
# chkconfig squid on (to start the service after every reboot)
Goto mozilla
edit tab → preferences → Advanced → proxies
Give Ip address of proxy server
e.g. 172.16.0.1 port 3128
if you are using Internet Explorer then make same changes in
tools tab → internet options
In squid by default there is everything 'off '
To block or allow Ip addresses of machines we need to write ACL's (Access Control List)
To write ACL there is command :
acl
- (list name) acl-type value
e.g. If you want to allow http access to machines in “intranet” domain write following lines in squid.conf file below... #INSERT YOUR OWN RULES HERE line
acl intranet src 192.168.100.10-100
http_access allow intranet
save and exit
# service squid restart
then goto client machine start mozilla open any site. If your machine is having internet connection you will get that site.
Remember first insert all rules of “deny” then insert all rules for “allow”
To Allow or Block Sites :
/etc/squid/squid.conf
acl intranet src 172.16.0.10-172.16.0.20
acl yahoo dstdomain .yahoo..com
http_access deny intranet yahoo
save and Exit
As we know there are very few sites which we want to allow as compared to the sites to be denied. So list of allowed sites can be stored in a file e.g. file named 'goodsites'
e.g. # vim /goodsites
in that file list all the allowed sites i.e.
.yahoo.com
.rediffmail.com
.google.com
save and exit
Edit squid.conf
acl intranet src 172.16.0.10-172.16.0.20
acl good dstdomain “/goodsites”
http_access allow intranet good
save and exit
# service squid restart
open mozilla and check for those sites.
Time Scheduling :
For time scheduling edit squid.conf file
acl intranet src 172.16.0.10-172.16.0.20
acl nettime time SMTW 17:00-19:00
acl good dstdomain “/goodsites”
http_access allow nettime good intranet
save and Exit
# service squid restart
it means if the days are Sunday, Monday, Tuesday, Wednesday and the time is in between 5:00 pm to 7:00 pm the good sites for intranet will open and other sites will remain blocked. If days are Thursday, Friday, Saturday all sites for intranet will be blocked.
This server caches files automatically. If the server gets slow then just increase the size of cache directory above 100Mb.
No comments:
Post a Comment