Browse by Squid proxy in 5 steps

Written by Michael D.

Learn how to optimize browsing traffic using squid, a powerful Linux proxy server. Squid is a proxy server software that can perform many tasks, like caching, web access control and optimizing traffic. This is specially suitable in an office-like environment, where browsing usually represents a major part of the data traffic. Here are some tips in how to make it work easiley: 1. Install You can download the squid proxy server from http://www.squid-cache.org/Download/ or, just use the system's package manager. Fedora: - logged in as root, type 'yum install squid' Debian (Ubuntu too)" - logged in as root, type 'apt-get install squid' If everything is ok, you should get a message like -- Installed: squid.i386 7:2.5.STABLE14-3.FC5 Complete! -- After installing the Squid proxy server, you must configure it before usage. You can find it in /etc/squid/squid.conf. Remember that if you want to go back to the original configuration at any time, you can rename the file squid.conf.default to squid.conf. Now open a text editor and load the squid.conf file. As you can see, there are many parameters you can configure in here. This is usually the point where most of the system administrators give up and try finding another proxy server software. But in fact you can get the squid working with just a few changes; the rest of them are already set to an optimized value. The changes are: 2. http_port The Proxy port number should not be the default one if it's available to the Internet First of all, this is a security risk. You don't want carry the traffic for hackers and spammers. Another reason is that many of the Internet Service Providers don't allow proxy servers in their network. So if you are not a business user, you will probably need to use a port that is not mapped by default to any proxy type (avoid using the ports 3128, 80, 8080; use them only if the proxy is accessed by internal (LAN) users that can be trusted). The value that you need to change is http_port, followed by the desired port number (eg http_port 1234) 3. ACL The access-lists (ACLs) will permit or deny hosts to access the proxy. By default, there is an access-list called "all" that will cover all IP addresses. This acl is in blocking mode and should be left that way (by default, hosts are permitted to use the proxy). Next, you should create your own access-list by using the command acl. eg: acl lan-access src 10.0.0.0/255.0.0.0 acl lan-access src 192.168.1.0/255.255.255.0 This will include all IP addresses from 10.0.0.0-10.255.255.255 and 192.168.1.0-192.168.1.255 in the "lan-access" access-list. Scroll down until you find the statements that permit or deny access to the proxy: http_access allow localhost http_access deny all Add here your rule: http_access allow lan-access Now your IP addresses can use the proxy. ** Please note that the denied IPs will not be dropped; they are just denied by the proxy service like shown bellow. To fully drop undesired connections, use iptables or any desired firewall. 4. Visible hostname This identifies the proxy server in log files and forwarding and must be set with a value. visible_hostname MyProxy 5. Final settings This should be all, so save your work and close the editor. Now remember to open the desired port on the system's firewall. Now type squid -z to process the config file and create the caching directories: [root@LinuxSrv squid]# squid -z 2007/08/19 23:40:30| Creating Swap Directories After doing this, type 'service squid start' to start the proxy server. [root@LinuxSrv squid]# service squid start Starting squid: . [ OK ] If it fails, check the /var/log/messages for any error messages; these are usually related to security. For example, SELinux can cause some problems if using a Fedora box. Try setting it to permissive (setenforce 0) and then try again. You should now surf by using Squid with any browser that can access the server. You can check squid's configuration (if it's working or not) by checking the access log, located in /var/log/squid/access.log. eg: 172.16.10.101 TCP_DENIED/403 1395 CONNECT www.google.com:443 - NONE/- text/html Remember that this is a HTTP proxy type; socks connection won't work under this configuration (peer-to-peer). Install Photoshop on Ubuntu Linux Believe it or not Photoshop CS2 is now fully supported on Ubuntu Linux using Wine. For a long period of time I was eager in switching to Ubuntu but the incompatibility of my most used Windows based applications always made me switch back to Linux. No more Windows based Photoshop skills, now you can powerup Photoshop on Ubuntu. Subscribe now via RSS feed and get all the new tutorials written by Jonette Brewer , September 12, 2007 After starting Squid I get the output Warning Net Mask may be part of the specified ip in 10.1.1.10 Starting Squid Cache version 2.6Stable for i386-debian-linux-gnu and the system just sits there Any ideas? written by Mihai Dobos , September 12, 2007 Hello This message appears when there is a problem in your access-list statement. For example, if you use 10.1.1.10 (a host IP not a range of IPs), you must specifiy a mask of 255.255.255.255. The ACLs in squid only work when you set the 0 octets in the mask to match with the 0 octets in the IP address. For example 10.1.1.0/255.255.255.0 will work 192.168.0.0/255.255.0.0 will work If you want to use per-host access, use a full mask of 255.255.255.255. (eg 192.168.1.114/255.255.255.255) This is regardless the Linux distribution you run the squid cache server. Post here and tell me if this solved your problem. Best regards, Mihai D. Tutorial5.com written by Jonette Brewer , October 03, 2007 Hi, Yes, I do need more help. Changing the ip's in squid.conf did get rid of error msg. Thanks I setup client browser to access internet via Squid server port 3128. I was able to access internet but not sure if server request is going thru firewall or directly to router. The access.log indicates a MISS by the server, but I'm thinking it's referring to a cache MISS. Not really concerned about caching sites, would prefer not to actually. Concerned more about allowing specfic sites and blocking all others. I guess I have two questions. 1. How do I verfiy that the requests are going via squid-firewall-router. 2. How do I setup squid.conf to allow a certain list of sites. Thanks in advance for any insight on this matter. jonette20 written by GOMATHI SANKAR , December 07, 2007 hello sir how to configure deny the particular bulk website in linux squid file.please help me written by Ashok Kumar , December 07, 2007 internet not working with windows xpsp_rtm service pack from squid proxy but other sevice pack XPSP_GDR_SP2 which i have it is working. any have solution, please provide me. written by Mihai Dobos , December 08, 2007 Hello Gomathi You should create an access-list in your config file using this model: acl aclname domain http_access deny aclname If you want to deny google.com for example, use acl accesslist1 google.com http_access deny accesslist1 written by chandrashekhar , January 09, 2008 hi , I uploaded 4.5MB of data(music file) and I read access.log file entry to check that is it writing to access.log about 4.5MB of data uploaded. Unfortunately there was no entry. So what i need to do to see uploaded information in access.log file . I tried and got that if method is GET then download information and if method is PUT/POST then upload information. written by chandrashekhar , January 09, 2008 dffgsd written by dhirendra panday , January 11, 2008 Dear Friends, i need a some help . please suggest me . i want to implement squid proxy with particular user particular web site blocking and i configure also normal squid configuration written by sutera , April 09, 2008 how to implement a linux based proxy server example squid web proxy cache server @) install the proxy cache server b)configure the proxy cache server step by step Do you need more help? Ask now! Comment Name Email Website   Add Comment Trackback(0) Comments (10)

Last Updated ( Monday, 20 August 2007 )