Sunday, November 8, 2009

Linux Servers configuration: (Squid Server)

After hearing the word "SQUID” Are you thinking about a marine creature with a distinct head, having eight arms and two longer tentacles arranged in pairs?

clip_image002

Nope I’m not talking about that Squid :)

                             Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP).

clip_image004

                            Figure Showing squid server layout.

clip_image005

                                  My Experimentation Setup Layout.

clip_image006

                               Figure Showing Squid-Hierarchy-Schema.

#SQUID CONFIGURATION

NOTE: In this case 192.168.8.x is a squid server, port is 8080 in order to share internet throughout the network.

Requirements:

1) One host station.

2) One free port.

3) Package squid.

Task 1: Setup a Squid proxy server.

Step1: install package

# yum install -y squid

Step2: edit main configuration file

# vim /etc/squid/squid.conf

#(line 73) http_port 8080

Step3: service start

# service squid restart

# chkconfig squid on

Step4: go to url for checkup

#URL->edit->preference->general->connection settings->manual proxy->

http proxy-> 192.168.8.x port-> 8080

Step5: check yahoo.com first it will be blocked by stationX which u can conform from down line

Check for server1 it will come.

Task 2: INSERTING RULES:

Go to configuration file & search for INSERT (line 2517). Write down rules according to ur requirement. Few cases are here, for more cases go through file, u can give any ACL name & can deny-allow by ip/hostname.

Step1: To deny one site

#acl block url_regex .yahoo.com

#http_access deny block

Step2: To allow one network

#acl ournetworks src 192.168.8.0/24

#http_access allow ournetworks

Step3: To deny by time

#acl mytime time SMTWHFA 10:00-20:00

#http_access deny mytime

Step4: To deny one site by time

#acl block url_regex .google.com

#acl mytime time SMTWHFA 10:00-20:00

#http_access deny block mytime

Step5: Start service

# service squid restart

Step6: Go to url check for yahoo.com. It will show u access denied from 192.168.8.X, you can find it in last line and all other sites will be blocked by server1.

Task 3: Setting up "Child Proxy"

In order to make 192.168.8.x as child proxy we need one parent, here server1 is my parent and 3128 is parent proxy port.

Step1: Go to file & search for cache_peer(304 line) & edit like following

# cache_peer server1.example.com parent 3128 3130 default

Step2: start service

# service squid restart

Step3: Go to url & check.

check for yahoo.com it will be blocked & other sites will be accessed.

NOTE: For Exploring more on the acl options refer to the site: http://www.visolve.com/squid/squid24s1/access_controls.php

In case of any problem or queries or suggestions feel free to leave a comment here.. :)

 
Things You Should Know About Linux !!!