Beruflich Dokumente
Kultur Dokumente
1. INTRODUCTION
1.1 PROBLEM DEFINITION:We can block unwanted websites by words, by websites, by sentence.
To speed up access to resources using caching. Faster Internet Connections for Internal LAN.
Secure the Internal LAN When browsing the Internet. Blocks the unwanted activity by clients on
the www.
1.2 OBJECTIVE
Squid is a high-performance HTTP and FTP caching proxy server. It is
also known as a Web proxy cache. It can make your network connections more efficient. As it
stores data from frequently used Web pages and files, it can often give your users the data they
need without having to look to the Internet.
Studies on very busy networks suggest that a Squid server can reduce the
size, or bandwidth, of your Internet connection by 10-20 percent. That can lead to considerable
savings for larger office.
GRWP Tasgaon
Page 1
2.1 STUDY OF EXISTING SYSTEM:In existing System we block the website using Internet
browser setting but it take more time and effort. In LAN connection if we want to block some
website then we require configure internet setting in all machines in that LAN. But there is
possibility to user can change this setting of machine in LAN connection in school and colleges.
Using proxy server we can avoid all this possibilities and efforts. So we require configure proxy
server on main server of that LAN.
2.2
PROPOSED SYSTEM:-
GRWP,Tasgaon
Page 2
GRWP,Tasgaon
Page 3
Transparent Proxy:-
Open proxy:-
Anonymous Proxy
This type of proxy server identifies itself as a proxy server, but does not make
the original IP address available. This type of proxy server is detectable, but provides reasonable
anonymity for most users.
Distorting Proxy
This type of proxy server identifies itself as a proxy server, but make an
incorrect original IP address available through the http headers.
This type of proxy server does not identify itself as a proxy server and does not make available
the original IP.
GRWP,Tasgaon
Page 4
3. REQUIREMENT ANALYSIS
3.1
Software Requirement :
Advantages of Linux :
Multitasking:
Several programs can run at the same time.
Multiuser:
Several users can logon to the same machine at the same time. There is no need to
have separate user licenses.
Multiplatform:
Linux runs on many different CPUs that mean it supports multiprocessor
machine.
GRWP,Tasgaon
Page 5
PROCESSOR
32-bit/64-bit Pentium 4
RAM
4 GB
(may vary depends on number of
clients)
Hard Disk
300 GB
(As there are number of users have
own disk space)
Ethernet Cards
Two
GRWP,Tasgaon
Page 6
4. DESIGN METHODLOGY
4.1 System Architecture
This field gives the overall information of the project via diagrammatic
structure. The system architecture contain following fields:1.
2.
3.
4.
The diagrammatic representation shows how the system will work. Also is
shows that how the data should flow in overall system. The explanation
Related to the system architecture is as following:1. Installing Red Hat Linux 5:Linux operating system is very secure and its file system is very Strong. So
we choose the Linux operating system &install Linux Red Hat RHEL5.
2. Configuration of Network services:In the configuration of Network services we configure Host file & assign IP.
3. Configuration of squid:Then configure this file using different acl(Access Control List) statements.
a. Deny access to specific user
b. Deny access by websites
c. Deny access by time
d. Allow websites
e. Caching recently requested web pages
SYSTEM ARCHITECTURE
C1
GRWP,Tasgaon
C2
Page 7
C3
C4
Administrator
Proxy Server
Installing
RHEL 5 server
Configure
Network
services
Assigning
IP
Deny access to
specific user
Deny access
to Website
Implement
Proxy
Configure
Squd.conf file
Configure
host file
Deny Access
by time
GRWP,Tasgaon
Web Server
Page 8
Allow
Websites
Cashing
Web pages
DFD Level 1
C1
Main Server
Web
Server
aw
Proxy
Server
C2
C3
C4
DFD LEVEL 2
GRWP,Tasgaon
Page 9
C1
Main Server
Web
Server
C2
Proxy
Server
C3
C4
Cashing
Blocking
DFD LEVEL 3
GRWP,Tasgaon
Page 10
Log
C1
Main Server
Web
Server
C2
Proxy
Server
C3
Cashing
Directory
Log
Blocking
Hard
Disk
Deny
access to
specific
user
Deny
Access
by time
UML DIAGRAM
UML (Unified Modeling Language)
GRWP,Tasgaon
Page 11
Deny
access
to
Websit
e
Log
Report
UML is a (Unified Modeling Language).It is a standard language for writing software blueprints.
The UML is used to
a) Visualize
b) Specify
c) Construct
d) Document the artifacts of software-intensive system.
We implement three types of UML diagrams that are
1. Use case Diagram
2. Sequence Diagram
3. Activity Diagram
1. Use case Diagram:Use case diagram is useful to view a set of use cases that is special type of
class and their relationships.
2.
Sequence Diagram:In Sequence diagram an interaction is made up of set of objects and their
relationships
3. Activity Diagram:Activity Diagram represents the flow from activity to activity within a system. It is type of State
chart diagram.
Proxy Server
GRWP,Tasgaon
User
Page 12
Response for
Allow web site
Deny access to
specific user
Administrator
2. SEQUENCE DIAGRAM
USER
GRWP,Tasgaon
PROXY SERVER
SERVERSERVER
MAIN SERVER
Page 13
2. Filtering
5. Caching
6. Response to website
5. Blocked web sit
7. Most frequently web pages
8. Check it is in cache
9. Web page found
10. Response to web page
11. Web page not found
12. Request to main server
13. Response for web pages
14. Cashing
3. ACTIVITY DIAGRAM
GRWP,Tasgaon
Send
response to
proxy server
Page 14
Send Send
Response
FoundResponse
in cache
User
Send
Request
Allow
Websites
Filtering
Not
found
in cache
Block
Website
Access is denied
Proxy Server
Check it is
in cache
Main Server
5. PROJECT IMPLEMENTATION
GRWP,Tasgaon
Page 15
RHEL Installation
Next step is to select the correct layout type (for example U.S. English) for the
keyboard you would prefer to use for the installation and as the system default as shown in fig 5.2.
GRWP,Tasgaon
Page 16
GRWP,Tasgaon
Page 17
Partitioning allows you to divide your hard drive into isolated sections,
where each section behaves as its own hard drive. Partitioning is particularly useful if you run
multiple operating systems. On this screen, we choose to perform automatic partitioning.
Page 18
If you chose automatic partitioning and selected Review, you can either
accept the current partition settings (click Next), or modify the setup using Disk Druid, the
manual partitioning tool.
If you chose to partition manually, you must tell the installation program
where to install Red Hat Enterprise Linux. This is done by defining mount points for one or more
disk partitions in which Red Hat Enterprise Linux is installed. You may also need to create
and/or delete partitions at this time.
Figure5.4 Partitioning with Disk Druid on x86, AMD64, and Intel EM64T Systems
GRWP,Tasgaon
Page 19
GRWP,Tasgaon
Page 20
Mount Point:Enter the partition's mount point. For example, if this partition should be the root
partition, enter /; enter /boot for the /boot partition, and so on.
File System Type:Using the pull-down menu, select the appropriate file system type for this partition.
Allowable Drives:
This field contains a list of the hard disks installed on your system. If a hard disk's
box is highlighted, then a desired partition can be created on that hard disk. If the box is not
checked, then the partition will never be created on that hard disk. By using different checkbox
settings, you can have Disk Druid place partitions where you need them, or let Disk Druid decide
where partitions should go.
GRWP,Tasgaon
Page 21
Size (MB):
Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB;
unless changed only a 100 MB partition will be created.
Additional Size Options:
Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the
available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard
drive space available.
The installation program automatically detects any network devices you have and
display them in the Network Devices list.
GRWP,Tasgaon
Page 22
Once you have selected a network device, click Edit. From the Edit
Interface pop-up screen, you can choose to configure the IP address and Netmask of the device
via DHCP (or manually if DHCP is not selected) and you can choose to activate the device at
boot time. If you select Activate on boot, your network interface is started when you boot. If you
do not have DHCP client access or you are unsure what to provide here, please contact your
network administrator.
GRWP,Tasgaon
Page 23
Next, we decide whether to enable a firewall for your Red Hat Enterprise Linux system.
GRWP,Tasgaon
Page 24
No firewall
No firewall provides complete access to your system and does no security checking.
Security checking is the disabling of access to certain services. This should only be selected if
you are running on a trusted network (not the Internet) or plan to do more firewall configuration
later.
Enable firewall
If you choose Enable firewall, connections are not accepted by your system (other
than the default settings) that is not explicitly defined by you. By default, only connections in
response to outbound requests, such as DNS replies or DHCP requests are allowed. If access to
services running on this machine is needed, you can choose to allow specific services through the
firewall. If you are connecting your system to the Internet, this is the safest option to choose.
Next, select which services, if any, should be allowed to pass through the firewall.
Enabling these options allow the specified services to pass through the firewall. Note, these
services may not be installed on the system by default. Make sure you choose to enable any
options that you may need.
Page 25
i)
Disable
Select Disable if you do not want SELinux security controls enabled on this
system. The Disabled setting turns enforcing off and does not set up the machine for the use of a
security policy.
ii)
Warn
Select Warn to be notified of any denials. The Warn state assigns labels to data
and programs, and logs them, but does not enforce any policies. The Warn state is a good starting
place for users who eventually want a fully active SELinux policy, but who first want to see what
effects the policy would have on their general system operation.
iii)
Active
Select Active if you want SELinux to act in a fully active state. The Active
state enforces all policies, such as denying access to unauthorized users for certain files and
programs, for additional system protection. Choose this state only if you are sure that your
system can still properly function with SELinux fully enabled.
GRWP,Tasgaon
Page 26
Page 27
GRWP,Tasgaon
Page 28
GRWP,Tasgaon
Page 29
Select each component you wish to install. Selecting Everything (at the end of the
component list) installs all packages included with Red Hat Enterprise Linux. Once a package
group has been selected, click on Details to view which packages are installed by default, and to
add or remove optional packages from that group.
GRWP,Tasgaon
Page 30
A screen preparing you for the installation of Red Hat Enterprise Linux now appears.
GRWP,Tasgaon
Page 31
SQUID CONFIGURATION
Installing the squid package from RHEL/4-U5 i386 disk1.
Then start the squid service.
# TAG: http_access
#
#
Then configure this file using different acl (Access Control List) statements.
#
Access to the HTTP port:
# ACCESS CONTROLS
#
http_access allow|deny [!]aclname ...
# ----------------------------------------------------------------------------#
#Recommended minimum configuration:
#
NOTE on default values:
acl all src 0.0.0.0/0.0.0.0
#
If there are no "access" lines present, the default is to deny
acl manager proto cache_object
#
the request.
acl localhost src 127.0.0.1/255.255.255.255
#
acl to_localhost dst 127.0.0.0/8
#
If none of the "access" lines cause a match, the default is the
acl SSL_ports port 443 563
#
opposite of the last line in the list. If the last line was
acl Safe_ports port 80
# http
#
deny, the default is allow. Conversely, if the last line
acl Safe_ports port 21
# ftp
#
is allow, the default will be deny. For these reasons, it is a
acl Safe_ports port 443 563
# https, snews
#
good idea to have an "deny all" or "allow all" entry at the end
acl Safe_ports port 70
# gopher
#
of your access lists to avoid potential confusion.
acl Safe_ports port 210
# wais
#
acl Safe_ports port 1025-65535 # unregistered ports
#Default:
acl Safe_ports port 280
# http-mgmt
# http_access deny all
acl Safe_ports port 488
# gss-http
##Recommended minimum configuration:
acl Safe_ports port 591
# filemaker
#
acl Safe_ports port 777
# multiling http
# Only allow cachemgr access from localhost
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
GRWP,Tasgaon
# Deny requests to unknown ports
http_access deny !Safe_ports
Page 32
GRWP,Tasgaon
Page 33
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# TAG: http_reply_access
#
#
#
#
#
#
GRWP,Tasgaon
Page 34
#
#
last line will apply. Thus it is good practice to end the rules
#
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all
# TAG: icp_access
#
access lists
#
#
#
#
GRWP,Tasgaon
Page 35
# TAG: cache_mem
(bytes)
#
NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS
SIZE.
#
IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID
WILL
#
USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR
OTHER
#
#
#
for:
* In-Transit objects
* Hot Objects
* Negative-Cached objects
#
#
priority.
#
#
GRWP,Tasgaon
Page 36
exceed this limit to satisfy the new requests. When the load
objects.
#
#Default:
cache_mem 8 MB
# TAG: cache_swap_low
(percent, 0-100)
# TAG: cache_swap_high
(percent, 0-100)
#
#
#
#
Defaults are 90% and 95%. If you have a large cache, 5% could be
hundreds of MB. If this is the case you may wish to set these
GRWP,Tasgaon
Page 37
# TAG: cache_dir
#
Usage:
#
#
#
#
#
#
#
#
#
#
#
#
"ufs" is the old well-known Squid storage format that has always
been there.
GRWP,Tasgaon
Page 38
# TAG: cache_access_log
#
#
#Default:
cache_access_log /var/log/squid/access.log
# TAG: cache_log
#
your cache's behavior goes. You can increase the amount of data
#
#Default:
cache_log /var/log/squid/cache.log
# TAG: cache_store_log
#
objects are ejected from the cache, and which objects are
saved and for how long. To disable, enter "none". There are
disable it.
#
#Default:
cache_store_log /var/log/squid/store.log
GRWP,Tasgaon
Page 39
# TAG: cache_swap_log
#
Location for the cache "swap.state" file. This log file holds
pathname here. Note you must give a full filename, not just
#
#
#
#
If have more than one 'cache_dir', and %s is not used in the name
##
cache_swap_log.00
cache_swap_log.01
cache_swap_log.02
#
#
GRWP,Tasgaon
Page 40
Web-deny
www.facebook .com
www.youtube.com
www.rediffmail.com
In this way we block this web site using acl statements. We also create recode for cashing most
frequently web pages.
SNAPSHOT 1:GRWP,Tasgaon
Page 41
SNAPSHOT 2:GRWP,Tasgaon
Page 42
When the requested web page is not accessible then proxy server give
following response to user.
For e.g. web site is www.facebook .com
ADVANTAGES
GRWP,Tasgaon
Page 43
FUTURE ENHANCEMENT
In advance we implement following features of proxy server
SMTP Proxy
Implementation of firewall in proxy server
GRWP,Tasgaon
Page 44
9. CONCLUSION
In our project finally we conclude that Proxy Server is a invisible to the user. All
internet request & returned responses appear to be directly with the addressed internet server. It is act as a
GRWP,Tasgaon
Page 45
both server as well as server. It reduces Network traffic and they could regulate, allowing disallowing
certain communication. It is able to share single internet connection.
Proxy server used in LAN connections, school, colleges etc.
10. Bibliography
Books:
GRWP,Tasgaon
Page 46
Web site:
www.squidproxy.net
www.adeelkml.tk
www.linux.org
GRWP,Tasgaon
Page 47