After hearing the word "SQUID” Are you thinking about a marine creature with a distinct head, having eight arms and two longer tentacles arranged in pairs?
Nope I’m not talking about that Squid :)
Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP).
Figure Showing squid server layout.
My Experimentation Setup Layout.
Figure Showing Squid-Hierarchy-Schema.
#SQUID CONFIGURATION
NOTE: In this case 192.168.8.x is a squid server, port is 8080 in order to share internet throughout the network.
Requirements:
1) One host station.
2) One free port.
3) Package squid.
Task 1: Setup a Squid proxy server.
Step1: install package
# yum install -y squid
Step2: edit main configuration file
# vim /etc/squid/squid.conf
#(line 73) http_port 8080
Step3: service start
# service squid restart
# chkconfig squid on
Step4: go to url for checkup
#URL->edit->preference->general->connection settings->manual proxy->
http proxy-> 192.168.8.x port-> 8080
Step5: check yahoo.com first it will be blocked by stationX which u can conform from down line
Check for server1 it will come.
Task 2: INSERTING RULES:
Go to configuration file & search for INSERT (line 2517). Write down rules according to ur requirement. Few cases are here, for more cases go through file, u can give any ACL name & can deny-allow by ip/hostname.
Step1: To deny one site
#acl block url_regex .yahoo.com
#http_access deny block
Step2: To allow one network
#acl ournetworks src 192.168.8.0/24
#http_access allow ournetworks
Step3: To deny by time
#acl mytime time SMTWHFA 10:00-20:00
#http_access deny mytime
Step4: To deny one site by time
#acl block url_regex .google.com
#acl mytime time SMTWHFA 10:00-20:00
#http_access deny block mytime
Step5: Start service
# service squid restart
Step6: Go to url check for yahoo.com. It will show u access denied from 192.168.8.X, you can find it in last line and all other sites will be blocked by server1.
Task 3: Setting up "Child Proxy"
In order to make 192.168.8.x as child proxy we need one parent, here server1 is my parent and 3128 is parent proxy port.
Step1: Go to file & search for cache_peer(304 line) & edit like following
# cache_peer server1.example.com parent 3128 3130 default
Step2: start service
# service squid restart
Step3: Go to url & check.
check for yahoo.com it will be blocked & other sites will be accessed.
NOTE: For Exploring more on the acl options refer to the site: http://www.visolve.com/squid/squid24s1/access_controls.php
In case of any problem or queries or suggestions feel free to leave a comment here.. :)
