Squid Proxy Configuration:-
Installation and Configuration of Squid on Linux machine.
#yum install squid
Or Download the rpm package and install. For using squid proxy server Required 2NIC card, Assign LAN IP address to your Primary NIC,
�And Assign Broadband/public IP in Secondary NIC card.
�Use Public DNS in network configuration setup
�And restart the service
#service network restart #chkconfig network on And try to ping the public gateway and your local LAN gateway address for successful ping request Before going to configuration file this proxy will only work in 180.190.29.X series network To join other subnet to work,pls add this below command.. #route add -net [Link] netmask [Link] gw [Link] #route add -net [Link] netmask [Link] gw [Link] -net:- other subnetwork address gw:- localnetwork proxy server gateway And finally add this command in /etc/[Link] it will work even after reboot.
And now we wants to configure squid in configuration file.. #vi /etc/squid/[Link] Defaultly SQUID binds to http_port 3128. But usually it is changed to 8080. ACCESS CONTROL(ACL):In squid we configure things by writing rules. They are known as ACL rules. A simple ACL rule: acl aclname acltype string1 http_access allow|deny aclname aclname = name of the rule acltype = the type of string we are using eg:src, dst string = can be IPs, networks, URLs etc acl mynetwork src [Link]/[Link] http_access allow mynetwork
�NOTE: Specify the rules before the line #http_access deny all Its because the rules are parsed from top to bottom.
To block internet usage from a particular IP address: Write this rule: #acl block_ip src [Link] #http_access deny block_ip It should be above these lines #acl mynetwork src [Link]/[Link] #http_access allow mynetwork Else the rule will be cancelled because of the above rule[mynetwork]. Always keep in mind that Squid interprets rules from top to bottom. To block internet usage from two or more IP addresses By ACL Lists: Write this rule: #acl block_ips src IP1 IP1 #http_access deny block_ips Eg: #acl block_ips src [Link] [Link] #http_access deny block_ips Or you can define rules like this: #acl block_ips src [Link] #acl block_ips src [Link] #http_access deny block_ips To block a particular URL: For blocking the URL [Link] For blocking only one URL use the acl_type dst. #acl block_site dst [Link] #http_access deny block_site You can see that site yahoomail is still accessible. So it blocks single URL only. To block only one domain: Eg for blocking all systems from accessing [Link] #acl block_site1 dstdomain .[Link] #http_access deny block_site1
�To block a list of sites from / specified in a file: First we have to create a file and save all the URLs we want to block in that. In this example file is saved in /etc/squid/block_list.txt. [root@proxy ~]# cat /etc/squid/block_list.txt [Link] [Link] [Link] #acl block_list url_regex "/etc/squid/block_list.txt" #http_access deny block_list
Blocking the sites with Keywords: [root@proxy ~]# cat /etc/squid/block_list0.txt hotmail ibm hp #acl block_list1 url_regex -i "/etc/squid/block_list0.txt" #http_access deny block_list1 Note : -i -Specifies the case sensitive. Finally restart the squid service Note:- while providing access for particular site images will not load so, check in /var/log/squid/[Link] file there you should see some lines containing a "TCP_DENIED" followed by the URL containing the images or the other stuff that is not loading. BTW I've looked at Facebook pictures, and looks like they are pulled from [Link], so add that in your file and reload squid to test again #service squid restart #chkconfig squid on And add the proxy server ip address and port number in your Windows /linux machine IE/Mozilla for working on the same In IE Tools-> Internet Options-> Connections Tab-Lan Settings there add the proxy server IP address as mentioned below
�Click ok and close the IE and open check for the changes..