*Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic. Although primarily used for HTTP and FTP.
The diagram below explains the squid server situation very well. For example, let as assume you have a lab to be maintained. So you want to setup squid server for you lab clients. So your computer(ie. Squid server in figure) is connected to the the internet through your ISP connection and your computer will share the internet connection with the rest of the clients in you network (client 1 - client n).
Lets assume you have a network as 192.168.1.0/24 and your pc IP address is 192.168.1.1 or any within the network range.
I am going to use RHEL5 for setting up the squid server, so you can use RHEL/FEDORA to try setting up squid.
Prerequisites:-
# a machine with the rhel5/fedora installation
# SQUID rpm required
I) Steps to go for making SQUID Server:-
Step-1) Install squid package with the following packages. I am assuming, you have already made YUM Server.
# yum install squid -y
Step-2) Now, Edit the squid configuration file by opening it in vi editor and put the line below in the file. And find the commented line starting with "#http_access" use "/#http_access" in command mode of the vi editor. The first result will as:
/*#acl mylan src 192.168.0.0/24
#http_access src mylan/someothername*/
Copy them or uncommented as you wish.
# vim /etc/squid/squid.conf
acl mylan src 192.168.1.0/24
http_access src mylan
:wq
save and exit
NOTE:-
(1) mylan is not a key word, its just the network name, i have used to make it simple to use. But rest are the keywords in the file.
(2) The sequence of these commands is very important. These lines should not be copied to any other location other than this one.
Step-3) Now, start the squid service with the following command:
# service squid start; chkconfig squid on
* i used chkconfig to put the service on startup in all the runlevels.
Step-4) Now, set proxy server in the other machine's browser.
Setting proxy server in firefox in client machines:
GOTO edit -> preferences -> Advanced -> Network -> Setttings
Now select "Manual Proxy Configurations" and put proxy server address in it as:
address: 192.168.1.1 and port as 3128.
NOTE:- Port 3128 is the default port for the squid server. You can change it, if you want in the configuration file.
Step-5) Now, use and have fun with internet on the client machines...:) finished
II) Preventing notorious/bad Websites opening in client with the squid server:-
Steps to go:-
Step-1) Open the squid configuration file with the VI Editor and put the following lines in the file:-
# vim /etc/squid/squid.conf
acl block dstdomain www.google.com
http_access deny block mylan
:wq
save and exit
NOTE:- these lines should be in between those two lines which we used in the steps to make squid server. Means it should look like:
acl mylan src 192.168.1.0/24
acl block dstdomain www.google.com www.yahoo.com
http_access deny block mylan
http_access src mylan
The word "block" not a keyword, its just a name used for the website which to be blocked means we are assuming those as a "block" and the word "deny" is a keyword used for denying the access of these websites in the block on the network "mylan".
We can also use a files for the list of websites to be banned on the network as:
Create a file somewhere with any name (i am creating /etc/squid/blocked_sites) and put the websites name in it as:
# vim /etc/squid/blocked_sites
www.google.com
www.yahoo.com
www.orkut.com
www.facebook.com
and so on
:wq
save and exit
Now edit the squid configuration file and replace the line "acl block dstdomain www.google.com www.yahoo.com" with a new line as follows:
# vim /etc/squid/squid.conf
acl mylan src 192.168.1.0/24
acl block url_regex "/etc/squid/blocked_sites"
http_access deny block mylan
http_access src mylan
:wq
save and exit
NOTE:- This way to banning website is not a good deal because squid only bans the name of the websites. And client will not be able to use only those websites directly but client can use proxies available over the internet to access those websites because squid doesn't do content filtering. So this procedure fails there.
But we have some better solutions available like Dansguardian with i use and can be many more packages available there.
So lets install Dansguardian now to make network more secure (i have the dansguadian packages available in my repos):-
# yum install dansguardian -y
Now edit dansguardian configuration file:
# vim /etc/dansguardian/dansguardian.conf
filterip=192.168.1.1
port=8080
proxy=192.168.1.0/24
:wq
save and exit
Remember, 192.168.1.1 is my squid server IP so put you ip address accordingly in the "filterip".
Now, change the port of proxy server in the client machine's firefox from 3128 to 8080 and have fun.
Now, client won't be able to even search the "bad" words or phrases. Try searching "sex" from the client machine in google and see the result.
Similarly, there are many more ways to implement many things in squid. Squid is not just these 2 topics. There ic much more to be learnt...:) So please google for the other things like making network available to client within a particualr time period and much more....enjoying gooling...:)
I hope you like the tute....If you have any suggestions you are most welcome..enjoy...:)
No comments:
Post a Comment