SQUID Configuration On RHEL-5
SQUID (PROXY SERVER)
Server: maheshlinux-server (192.168.4.1 Local Network IP)
Client: Linux & Windows XP/2003 etc...
Default Port NO: 3128
Requirement: This SQUID package available on RHEL5 DVD only
squid-2.6.STABLE6-3.el5
Installation Of Required Packages:
[root@maheshlinux-server RHEL5_Total_Pack]# rpm -i squid-2.6.STABLE6-3.el5
warning: squid-2.6.STABLE6-3.el5: Header V3 DSA signature: NOKEY, key ID 37017186
[root@maheshlinux-server RHEL5_Total_Pack]#
Configure SQUID config file:
NOTE: Modify squid.conf file (Before Modifying any Files take one backup copy)
[root@maheslinux-server ~]# cd /etc/squid
[root@maheshlinux-server squid]# vi squid.conf
Uncomment Bellow lines in config file...
Access Control Lists
# Add in ACL your local network information
acl all src 192.168.1.0/255.255.255.0 (Allow here your local network Address)
One Sample Passage for ACL configuration
#Recommended minimum configuration:
acl all src 192.168.4.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blocksites dstdomain .orkut.com
acl blocksites dstdomain .facebook.com
acl blocksites dstdomain .youtube.com
http_access deny blocksites
acl banned src 192.168.4.3
http_access deny banned
acl localnetwork src 192.168.1.0/24
http_access allow localnetwork
acl blockfiles urlpath_regex /etc/squid/blocks.files.acl
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
acl business_hours time M T W H F 9:00-19:00
acl RestrictedHost src 192.168.1.3
http_access deny RestrictedHost
http_access allow business_hours
acl bad url_regex "/etc/squid/squid-block.acl"
http_access deny bad
Now Try To Start SQUID Service & Keep Permanently On:
[root@maheshlinux-server squid]# service squid status
squid is stopped
[root@maheshlinux-server squid]# service squid start
Starting squid: [OK]
[root@maheshlinux-server squid]# chkconfig squid on
[root@maheshlinux-server squid]#
Now Check SQUID/PROXY with Windows Client:
Go To Internet Explore --> Properties --> Connections --> LAN Settings --> Use a Proxy Server for your LAN --> Give server IP or Name --> Port 3128 --> OK
BLOCKED SITE EXAMPLE (ORKUT SITE)
For Writing our own Notice Messages and all modification you can do in /usr/share/squid/errors/English
[root@maheshlinux-server English]# vi ERR_ACCESS_DENIED
Write Message Save & Exit and Restart once your squid server.
SQUID (PROXY SERVER)Setup:
Server: maheshlinux-server (192.168.4.1 Local Network IP)
Client: Linux & Windows XP/2003 etc...
Default Port NO: 3128
Requirement: This SQUID package available on RHEL5 DVD only
squid-2.6.STABLE6-3.el5
Installation Of Required Packages:
[root@maheshlinux-server RHEL5_Total_Pack]# rpm -i squid-2.6.STABLE6-3.el5
warning: squid-2.6.STABLE6-3.el5: Header V3 DSA signature: NOKEY, key ID 37017186
[root@maheshlinux-server RHEL5_Total_Pack]#
Configure SQUID config file:
NOTE: Modify squid.conf file (Before Modifying any Files take one backup copy)
[root@maheslinux-server ~]# cd /etc/squid
[root@maheshlinux-server squid]# vi squid.conf
Uncomment Bellow lines in config file...
Access Control Lists
# Add in ACL your local network information
acl all src 192.168.1.0/255.255.255.0 (Allow here your local network Address)
One Sample Passage for ACL configuration
#Recommended minimum configuration:
acl all src 192.168.4.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blocksites dstdomain .orkut.com
acl blocksites dstdomain .facebook.com
acl blocksites dstdomain .youtube.com
http_access deny blocksites
acl banned src 192.168.4.3
http_access deny banned
acl localnetwork src 192.168.1.0/24
http_access allow localnetwork
acl blockfiles urlpath_regex /etc/squid/blocks.files.acl
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
acl business_hours time M T W H F 9:00-19:00
acl RestrictedHost src 192.168.1.3
http_access deny RestrictedHost
http_access allow business_hours
acl bad url_regex "/etc/squid/squid-block.acl"
http_access deny bad
Now Try To Start SQUID Service & Keep Permanently On:
[root@maheshlinux-server squid]# service squid status
squid is stopped
[root@maheshlinux-server squid]# service squid start
Starting squid: [OK]
[root@maheshlinux-server squid]# chkconfig squid on
[root@maheshlinux-server squid]#
Now Check SQUID/PROXY with Windows Client:
Go To Internet Explore --> Properties --> Connections --> LAN Settings --> Use a Proxy Server for your LAN --> Give server IP or Name --> Port 3128 --> OK
BLOCKED SITE EXAMPLE (ORKUT SITE)
For Writing our own Notice Messages and all modification you can do in /usr/share/squid/errors/English
[root@maheshlinux-server English]# vi ERR_ACCESS_DENIED
Write Message Save & Exit and Restart once your squid server.
No comments:
Post a Comment