Sie sind auf Seite 1von 4

1.

Squid in Ubuntu Overview


A proxy server is a very useful tool for a network. It is commonly used in computer
networks to protect the network from attack, to filter nefarious web content and
pages requested by local users, and to speed up the delivery of web pages and web
content by caching (storing) commonly requested web pages, documents, and
media. Proxy servers are typically implemented on private, local area networks, to
filter, protect and cache content requested by users on that network, this is called
"proxy" or "transparent proxy." Proxy servers can also be implemented on the
remote side "in-front-of" destination webservers in order to protect those servers by
filtering requests, speeding up web page delivery, and caching frequently requested
files, this is called "reverse proxy."
Steps to install and configure Squid
Open a terminal, and type in the following commands to install Squid
sudo apt-get update
sudo apt-get install squid squid-common
Ways to start and stop Squid
sudo service squid start (stop|restart|status)
sudo /usr/sbin/squid (launch program directly)
sudo pkill -9 squid
Navigate to the Squid folder to find the squid.conf configuration file
cd /etc/squid
ls (you should see the squid.conf file)
Create a backup of the squid.conf file
sudo cp squid.conf squid.conf.bak
For testing purposes open Firefox and set it to send web requests to the Squid Proxy
Server (You will need to know your ip address)
ifconfig (write down your inet address e.g. 192.168.1.100)
Open Firefox
Edit > Preferences, Advanced > Network Tab > Connection-Settings:
Manual Proxy Configuration:
HTTP Proxy: your IP address or loopback address 127.0.0.1, Port: 3128
Click Ok and Close
Now if you try and go to a website like google you should see an ERROR - Access
Denied message from Squid (see bottom line). This means that Squid is working by
actively denying the traffic.
Now we need to configure Squid to allow web traffic through the proxy server. Open
squid.conf in your favorite text editor like gedit, nano, or vi
sudo nano squid.conf
or
sudo gedit squid.conf & (If gedit does not open from the terminal you can open
it as root user)

sudo su
gedit squid.conf &
To switch out of root user
su your-username (if you are root user the prompt is a "#" switch back to your user
account privilege)
If you chose to open with squid.conf with gedit, then turn on line numbering (Edit >
Preferences > View >Display Line Numbers)
Change the name of your Squid Proxy Server, around line 3399, change:
# TAG: visible_hostname
to
visible_hostname YourNameProxyServer
You can configure access rules for your Squid proxy server (lines 331 to 831 are for
Access Control). Notice that on lines 606 to 630 the local networks and usable ports
(services) are defined. Active configuration lines, are the lines that are not
commented out, i.e. they do not start with a # sign.
To re-enable web access uncomment line 676
#http_access allow localnet
to
http_access allow localnet
To verify the Web is now working, save your changes to the squid.conf file and
restart your Squid server.
service squid restart (or "sudo service squid restart" if you are no longer root)
Now resfresh your Firefox web browser and your homepage should be visible.
Now we can practice writing a custom ACL (access list) in the squid.conf file to block
specific domains and websites. We can write our custom ACL at the end of the acl
lines around line 631. From an empty line write the following lines to test domain
blocking:
acl blocked_websites dstdomain .msn.com .yahoo.com
http_access deny blocked_websites
Now restart your Squid server, and test to see if Squid denies access to your
blocked domains/websites in Firefox.

2. Now, you may search about the following lines and change them
as requested, in the Vi editor, you may search about those lines
by hitting the ESC and typing / key to writing the specific
lines to look for.

1. http_port : This is the default port for the HTTP proxy server, by default it is
3128, you may change it to any other port that you want, you may also add
the transparent tag to the end of the line like http_port 8888 transparent to
make Squid proxy act like a transparent proxy if you want.
2. http_access deny all : This line wont let anybody to access the HTTP proxy
server, thats why you need to change it to http_access allow all to start
using your Squid proxy server.
3. visible_hostname : This directive is used to set the specific hostname to a
squid server. You can give any hostname to squid.

3. Make a backup

Installing Squid3
Log in on Ubuntu Server, then type command below to Install squid2 in ubuntu server 12.04:
sudo apt-get install squid3 ccze

Configure Squid3
Create directory for Cache, on this case cache directory placed on
directory /home/precise/cache/. Then change the permissions cache directory to 777 and
owner proxy:proxy
sudo mkdir -p /home/precise/cache/
sudo chmod 777 /home/precise/cache/
sudo chown proxy:proxy /home/precise/cache/
Before editing squid configuration, Make a backup of your /etc/squid3/squid.conf file for future reference.
Squid.conf has nearly all the options listed and it is recommended to go through that file to know more
about squid options.
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.origin
sudo chmod a-w /etc/squid3/squid.conf.origin

Now edit /etc/squid3/squid.conf file, delete all options in /etc/squid3/squid.conf then replace with squid3
configuration below
sudo nano /etc/squid3/squid.conf

Das könnte Ihnen auch gefallen