Installing an HTTP proxy server (Squid)

squid

proxy server on network can be useful regarding security. Proxy servers can also act as a cache that enables users to get faster internet access. At the same time, this server allows them to share downloads more easily. Squid is a web proxy server that is secure and it has good caching facilities too. In computers based on Ubuntu operating systems, this Proxy server can be installed. This can be done by entering the required commands in the terminal of Ubuntu. It is also important to configure the proxy server after the installation process is completed.

1.Installing the proxy

To install Squid type the following command in a terminal:

#sudo apt-get update
#sudo apt-get install squid

2.Configuring the proxy

Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
To edit this file, type Alt+F2 and enter the following command:

vim /etc/squid/squid.conf

add this Three lines below of the squid.conf file and save

http_access allow all

acl home src 192.168.1.0/24

http_access allow home

:wq

sudo service squid3 start

 

Additional

==============================================================

2.1.Naming the proxy

Its important that Squid knows the name of the machine. To do this, locate the line visible_hostname.
For example, if the machine is called ubuntu insert:

visible_hostname ubuntu

2.2 Choosing the Port

By default, the proxy server will use port 3128. To choose another port, locate the line:

http_port 3128

2.3.Choosing the interface

By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only. For example, if the network card connected to your LAN has IP 10.0.0.1, change the line:

http_port 10.0.0.1:3177

2.4. Setting access rights and priorities

By default, nobody else is allowed to connect to the proxy server. A list of permissions must be created.

For example, we will define a group encompassing the local network.

Find the line beginning with acl localhost…
At the end of the section, add:

acl lanhome src 10.0.0.0/255.255.255.0

(lanhome is a random name chosen).


2.5. Authorizing access to group

Now that the group is defined, we will authorise it to use the proxy.
Locate the line http_access allow … and add below (before the line http_access deny all):

http_access allow lanhome


2.6. Allow the use non-standard ports

By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems on websites using other ports.

To avoid this deadlock, find the line http_access deny! Safe_ports and the edit it to: # http_access deny! Safe_ports

3.Starting the Proxy

Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart

 

Client Side Configuration

For Firefox:

Go to Preferences -> Advanced -> Network and click on Settings under Connection. And click on Manual Proxy Configuration like shown below.

Miscellaneous

Server logs

The proxy logs are located in: /var/log/squid/access.log

Changing the size of the cache

  • The Squid cache is enabled by default, which helps accelerate the loading of some pages.
  • The default allocated size is 100 MB (found in /var/spool/squid)
  • To change its size, edit the /etc/squid/squid.conf file.
  • Find the line: # cache_dir ufs /var/spool/squid 100 16 256
  • Edit it. You can change the value 100 to whatever you want (e.g. 200 for 200 MB): cache_dir ufs /var/spool/squid 200 16 256

Functions and additional modules

Squid is full of options and modules:

  • Prefetch (to preload the pages and speed up navigation).
  • Antivirus filters, AntiPopUp, etc.
  • Access control via proxy login and password.
  • Time-based access control.

To do this, open Synaptic, and click on Search and enter squid to find the modules related to Squid.
Consult the documentation for each module and the Squid manual for more information.

Squid Usage 1: Restrict Access to Specific Websites

This is how you can restrict folks from browsing certain website when they are connected to your network using your proxy server.

Create a file called restricted_sites and list all sites that you would want to restrict the access.

# vim /etc/squid/restricted_sites
www.yahoo.com
mail.yahoo.com

Modify the squid.conf to add the following.

# vim /etc/squid/squid.conf
acl RestrictedSites  dstdomain "/etc/squid/restricted_sites"
http_access deny RestrictedSites

block websites

Squid Usage 2: Allow Access to Websites Only During Specific Time

Some organization might want to allow employees to surf or download from the internet only during specific timeperiods.

The squid.conf configuration shown below will allow internet access for employees only between 9:00AM and 18:00 during weekdays.

# vim /etc/squid/squid.conf
acl official_hours time M T W H F 09:00-18:00
http_access deny all
http_access allow official_hours

Squid Usage 3 : Restrict Access to Particular Network

Instead of restricting specific sites, you can also provide access only to certain network and block everything else. The example below, allows access only to the 192.168.1.* internal network.

# vim /etc/squid/squid.conf
acl branch_offices src 192.168.1.0/24
http_access deny all
http_access allow branch_offices

For a Linux based intrusion detection system, refer to our tripwire article.

Squid Usage 4 : Use Regular Expression to Match URLs

You can also use regular expression to allow or deny websites.

First create a blocked_sites files with a list of keywords.

# cat /etc/squid/blocked_sites
soccer
movie
www.example.com

Modify the squid.conf to block any sites that has any of these keywords in their url.

# vim /etc/squid/squid.conf
acl blocked_sites url_regex -i "/etc/squid/blocked_sites"
http_access deny blocked_sites
http_access allow all

In the above example, -i option is used for ignoring case for matching. So, while accessing the websites, squid will try to match the url with any of the pattern mentioned in the above blocked_sites file and denies the access when it matches.

Note:Sometimes after reboot the ubuntu machine ,the squid proxy may not resolving the DNS server IP hence we won`t get the internet ,manually we can add and restart

#vim /etc/resolv.conf

nameserver 8.8.8.8

nameserver 8.8.4.4

:wq

Note: linux commands are case sensitive and its shows in color.

# networking restart

# squid restart

For permanent Solution 

#vim /etc/squid/squid.conf

search for  /dns_name server <IP>

dns_nameservers IP_ADDRESS 8.8.8.8 8.8.4.4

:wq

# restart squid

SARG – Squid Analysis Report Generator

Download and install SARG to generate squid usage reports.

Use the sarg-reports command to generate reports as shown below.

# to generate the report for today
sarg-report today

# on daily basis
sarg-report daily

# on weekly basis
sarg-report weekly

# on monthly basis
sarg-report monthly

Note: Add the sarg-report to the crontab.

The reports generated by sarg are stored under /var/www/squid-reports. These are html reports can you can view from a browser.

$ ls /var/www/squid-reports
Daily  index.hyml

$ ls /var/www/squid-reports/Daily
2010Aug28-2010Aug28  images  index.html

For Content Filter

# Vim blocked_sites under /etc/squid/
add contents eg porn 
:wq

go to squid.conf

#acl blocked_sites urlpath_regex”/etc/squid/blocked_sites”
http_access deny blocked_sites

# Restart the service

Block Torrent Files on Squid Proxies

BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files, and it has been estimated that it accounts for approximately 27-55% of all Internet traffic (depending on geographical location) as of February 2009” (see Wikipedia.org).

BitTorrent and Downloads

BitTorrent is a decentralized network to provide files of any size to other internet users. You may use BitTorrent as a powerful successor of FTP servers with the additional features (highly available download resources and contents are findable via search engines). E.g. the major Linux distributions are available via the BitTorrent network.
Beside these and other nice features there is a dark side that may be considered then providing internet access to employees or customers. A number of users are using the BitTorrent network to distribute contents for free by breaking national and international law. This is a problem that is not dedicated to BitTorrent but if you decide to restrict internet access for your users and you are running a Squid proxy server you may build up a basic barrier to prevent the download of torrent files containing meta data required for finding resources in the BitTorrent network.

 Configure your Squid Proxy

To prevent your users to download torrent files, you have to add the following lines to your squid configuration file. The new rules will prevent users from downloading contents specified in a separate file called /etc/squid/extensiondeny.
acl extensiondeny url_regex -i "/etc/squid/extensiondeny"
acl download method GET
http_access deny extensiondeny download
http_access deny extensiondeny
The file  /etc/squid/extensiondeny will contain regular expressions. If one of these expressions matches the download request squid will veto and will not provide the requested contents. Example of a basic configuration entry.
\.torrent$
 This regular expression will match file names with the extension ‘.torrent‘.

How to get the squid web log reports

#apt-get install sarg

The Index.html file is kept under

#/var/lilb/sarg

from their can see daily ,weekly and monthly websites reports

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s