Friday, November 12, 2010

Squid Proxy

Squid Proxy

Squid Server acts as a Internet Service Provider. It caches data and hence speed of internet browsing increases little-bit.
Internet Data : Internet data is of 2 types-
a) Static Data : This data does not changes e.g. Documents etc.
b) Dynamic Data : this data changes as time passes. e.g. Advertise, pictures etc.

                         Static data can be cached. Dynamic data can not be cached. The data which has been cached on internet is given to clients through server. But dynamic data needs to be taken every time from internet. Proxy server can also be used as an internet accelerator. If someone is accessing data from outside network then this server acts as a interface between main server and client, so that there is less load on main server.

Check for package is installed or not : # rpm -qa |grep squid*

If package is installed on your system then...

Edit '/etc/squid/squid.conf ' file
                                 Contents of squid.conf
a) #http_port 3128
the default port for squid is 3128, if you want to change then remove comment.

b) cache_dir ufs /var/spool/squid 100 16 256
this directory contains cached data. [ufs = file system, 100 = size = 100 Mb default,
16 = first level directories to be created,
256 = Under every directory we can create 256 second level sub directories]

Exit from vi mode

The directories where it stores cached data are called as 'swap directories'.
To create swap directories give command-

# squid -z ( if error is there then follow next step)

Edit squid.conf file
make changes as
Default :
instead of #none type your host name
save and exit

# squid -z
# service squid start
# chkconfig squid on (to start the service after every reboot)

Goto mozilla
edit tab → preferences → Advanced → proxies
Give Ip address of proxy server
e.g. port 3128

if you are using Internet Explorer then make same changes in
tools tab → internet options

In squid by default there is everything 'off '
To block or allow Ip addresses of machines we need to write ACL's (Access Control List)

To write ACL there is command :
acl   (list name) acl-type   value
e.g. If you want to allow http access to machines in “intranet” domain write following lines in squid.conf file below... #INSERT YOUR OWN RULES HERE line

acl intranet src
http_access allow intranet

save and exit

# service squid restart

then goto client machine start mozilla open any site. If your machine is having internet connection you will get that site.
Remember first insert all rules of “deny” then insert all rules for “allow”

To Allow or Block Sites :


acl intranet src
acl yahoo dstdomain
http_access deny intranet yahoo

save and Exit

As we know there are very few sites which we want to allow as compared to the sites to be denied. So list of allowed sites can be stored in a file e.g. file named 'goodsites'
e.g. # vim /goodsites
in that file list all the allowed sites i.e.

save and exit

Edit squid.conf

acl intranet src
acl good dstdomain “/goodsites”
http_access allow intranet good

save and exit

# service squid restart

open mozilla and check for those sites.

Time Scheduling :

For time scheduling edit squid.conf file

acl intranet src
acl nettime time SMTW 17:00-19:00
acl good dstdomain “/goodsites”
http_access allow nettime good intranet

save and Exit
# service squid restart

it means if the days are Sunday, Monday, Tuesday, Wednesday and the time is in between 5:00 pm to 7:00 pm the good sites for intranet will open and other sites will remain blocked. If days are Thursday, Friday, Saturday all sites for intranet will be blocked.

This server caches files automatically. If the server gets slow then just increase the size of cache directory above 100Mb.

No comments:

Post a Comment