A proxy server on network can be useful regarding security. Proxy servers can also act as a cache that enables users to get faster internet access. At the same time, this server allows them to share downloads more easily. Squid is a web proxy server that is secure and it has good caching facilities too. In computers based on Ubuntu operating systems, this Proxy server can be installed. This can be done by entering the required commands in the terminal of Ubuntu. It is also important to configure the proxy server after the installation process is completed.
1.Installing the proxy
To install Squid type the following command in a terminal:
#sudo apt-get update #sudo apt-get install squid
2.Configuring the proxy
Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
To edit this file, type Alt+F2 and enter the following command:
vim /etc/squid/squid.conf
add this Three lines below of the squid.conf file and save
http_access allow all
acl home src 192.168.1.0/24
http_access allow home
:wq
sudo service squid3 start
Additional
==============================================================
2.1.Naming the proxy
Its important that Squid knows the name of the machine. To do this, locate the line visible_hostname.
For example, if the machine is called ubuntu insert:
visible_hostname ubuntu
2.2 Choosing the Port
By default, the proxy server will use port 3128. To choose another port, locate the line:
http_port 3128
2.3.Choosing the interface
By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only. For example, if the network card connected to your LAN has IP 10.0.0.1, change the line:
http_port 10.0.0.1:3177
2.4. Setting access rights and priorities
By default, nobody else is allowed to connect to the proxy server. A list of permissions must be created.
For example, we will define a group encompassing the local network.
Find the line beginning with acl localhost…
At the end of the section, add:
acl lanhome src 10.0.0.0/255.255.255.0
(lanhome is a random name chosen).
2.5. Authorizing access to group
Now that the group is defined, we will authorise it to use the proxy.
Locate the line http_access allow … and add below (before the line http_access deny all):
http_access allow lanhome
2.6. Allow the use non-standard ports
By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems on websites using other ports.
- For example, http://ami.com:81/images/ami.png will be blocked by Squid
To avoid this deadlock, find the line http_access deny! Safe_ports and the edit it to: # http_access deny! Safe_ports
3.Starting the Proxy
Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart
Client Side Configuration
For Firefox:
Go to Preferences -> Advanced -> Network and click on Settings under Connection. And click on Manual Proxy Configuration like shown below.
Miscellaneous
Server logs
The proxy logs are located in: /var/log/squid/access.log
Changing the size of the cache
- The Squid cache is enabled by default, which helps accelerate the loading of some pages.
- The default allocated size is 100 MB (found in /var/spool/squid)
- To change its size, edit the /etc/squid/squid.conf file.
- Find the line: # cache_dir ufs /var/spool/squid 100 16 256
- Edit it. You can change the value 100 to whatever you want (e.g. 200 for 200 MB): cache_dir ufs /var/spool/squid 200 16 256
Functions and additional modules
Squid is full of options and modules:
- Prefetch (to preload the pages and speed up navigation).
- Antivirus filters, AntiPopUp, etc.
- Access control via proxy login and password.
- Time-based access control.
To do this, open Synaptic, and click on Search and enter squid to find the modules related to Squid.
Consult the documentation for each module and the Squid manual for more information.
Squid Usage 1: Restrict Access to Specific Websites
This is how you can restrict folks from browsing certain website when they are connected to your network using your proxy server.
Create a file called restricted_sites and list all sites that you would want to restrict the access.
# vim /etc/squid/restricted_sites www.yahoo.com mail.yahoo.com
Modify the squid.conf to add the following.
# vim /etc/squid/squid.conf
acl RestrictedSites dstdomain "/etc/squid/restricted_sites"
http_access deny RestrictedSites
Squid Usage 2: Allow Access to Websites Only During Specific Time
Some organization might want to allow employees to surf or download from the internet only during specific timeperiods.
The squid.conf configuration shown below will allow internet access for employees only between 9:00AM and 18:00 during weekdays.
# vim /etc/squid/squid.conf acl official_hours time M T W H F 09:00-18:00 http_access deny all http_access allow official_hours
Squid Usage 3 : Restrict Access to Particular Network
Instead of restricting specific sites, you can also provide access only to certain network and block everything else. The example below, allows access only to the 192.168.1.* internal network.
# vim /etc/squid/squid.conf acl branch_offices src 192.168.1.0/24 http_access deny all http_access allow branch_offices
For a Linux based intrusion detection system, refer to our tripwire article.
Squid Usage 4 : Use Regular Expression to Match URLs
You can also use regular expression to allow or deny websites.
First create a blocked_sites files with a list of keywords.
# cat /etc/squid/blocked_sites soccer movie www.example.com
Modify the squid.conf to block any sites that has any of these keywords in their url.
# vim /etc/squid/squid.conf acl blocked_sites url_regex -i "/etc/squid/blocked_sites" http_access deny blocked_sites http_access allow all
In the above example, -i option is used for ignoring case for matching. So, while accessing the websites, squid will try to match the url with any of the pattern mentioned in the above blocked_sites file and denies the access when it matches.
Note:Sometimes after reboot the ubuntu machine ,the squid proxy may not resolving the DNS server IP hence we won`t get the internet ,manually we can add and restart
#vim /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
:wq
Note: linux commands are case sensitive and its shows in color.
# networking restart
# squid restart
For permanent Solution
#vim /etc/squid/squid.conf
search for /dns_name server <IP>
dns_nameservers IP_ADDRESS 8.8.8.8 8.8.4.4
:wq
# restart squid
SARG – Squid Analysis Report Generator
Download and install SARG to generate squid usage reports.
Use the sarg-reports command to generate reports as shown below.
# to generate the report for today sarg-report today # on daily basis sarg-report daily # on weekly basis sarg-report weekly # on monthly basis sarg-report monthly
Note: Add the sarg-report to the crontab.
The reports generated by sarg are stored under /var/www/squid-reports. These are html reports can you can view from a browser.
$ ls /var/www/squid-reports Daily index.hyml $ ls /var/www/squid-reports/Daily 2010Aug28-2010Aug28 images index.html For Content Filter # Vim blocked_sites under /etc/squid/ add contents eg porn :wq go to squid.conf
#acl blocked_sites urlpath_regex”/etc/squid/blocked_sites”
http_access deny blocked_sites
# Restart the service
Block Torrent Files on Squid Proxies
BitTorrent and Downloads
Configure your Squid Proxy
acl extensiondeny url_regex -i "/etc/squid/extensiondeny" acl download method GET http_access deny extensiondeny download http_access deny extensiondeny
\.torrent$
How to get the squid web log reports
#apt-get install sarg
The Index.html file is kept under
#/var/lilb/sarg
from their can see daily ,weekly and monthly websites reports
TECH INFO 