About Me

My photo
Hi Friends, I am Sandeep CC and some people know me as System Administrator. I have started my professional career from 2008. I have been working as System Administrator on Linux Server and Windows Client. I am here to share my Knowledge in which I have experienced and which I have come across till now, It could be help to you people. In case anything wrong or any improvements in my post steps, Please comment to the post, Feel free to contact me by posting comments on this blog. Thanks and Regards, Sandeep CC

Thursday, August 11, 2011

SQUID Configuration On REDHAT LINUX-5



SQUID (PROXY SERVER)

Setup:

Server: sandeeplinux-server (192.168.4.1 Local Network IP)
Client: Linux & Windows XP/2003 etc...
Default Port NO: 3128

Requirement: This SQUID package available on RHEL5 DVD only
squid-2.6.STABLE6-3.el5

Installation Of Required Packages:

[root@sandeeplinux-server RHEL5_Total_Pack]# rpm -i squid-2.6.STABLE6-3.el5
warning: squid-2.6.STABLE6-3.el5: Header V3 DSA signature: NOKEY, key ID 37017186
[root@sandeeplinux-server RHEL5_Total_Pack]#

Configure SQUID config file:

NOTE: Modify squid.conf file (Before Modifying any Files take one backup copy)

[root@sandeeplinux-server ~]# cd /etc/squid
[root@sandeeplinux-server squid]# vi squid.conf

Uncomment Bellow lines in config file...



Access Control Lists

# Add in ACL your local network information
acl all src 192.168.1.0/255.255.255.0 (Allow here your local network Address)

One Sample Passage for ACL configuration

#Recommended minimum configuration:
acl all src 192.168.4.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blocksites dstdomain .orkut.com
acl blocksites dstdomain .facebook.com
acl blocksites dstdomain .youtube.com
http_access deny blocksites
acl banned src 192.168.4.3
http_access deny banned
acl localnetwork src 192.168.1.0/24
http_access allow localnetwork
acl blockfiles urlpath_regex /etc/squid/blocks.files.acl
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
acl business_hours time M T W H F 9:00-19:00
acl RestrictedHost src 192.168.1.3
http_access deny RestrictedHost
http_access allow business_hours
acl bad url_regex "/etc/squid/squid-block.acl"
http_access deny bad

Now Try To Start SQUID Service & Keep Permanently On:

[root@sandeeplinux-server squid]# service squid status
squid is stopped
[root@sandeeplinux-server squid]# service squid start
Starting squid: [OK]
[root@sandeeplinux-server squid]# chkconfig squid on
[root@sandeeplinux-server squid]#

Now Check SQUID/PROXY with Windows Client:

Go To Internet Explore --> Properties --> Connections --> LAN Settings --> Use a Proxy Server for your LAN --> Give server IP or Name --> Port 3128 --> OK



BLOCKED SITE EXAMPLE (ORKUT SITE)

For Writing our own Notice Messages and all modification you can do in /usr/share/squid/errors/English

[root@sandeeplinux-server English]# vi ERR_ACCESS_DENIED

Write Message Save & Exit and Restart once your squid server.



Thanks and Regards,
Sandeep CC
Posted by at

2 comments:

  1. AnonymousSeptember 27, 2011 at 5:42 PM

    please post this article


    sonu.ccna@gmail.com

    ReplyDelete
  2. nandFebruary 9, 2012 at 10:04 AM

    thnx sandeep but ..sry for interfare..u above mention ip 127.0.0.0/8 255.255.255.255 ..but i think it is wrong with my reckoning there 127.0.0.1/32 is set plz tell me i am wrong or right...thnx (kishor sasiit mohali)

    ReplyDelete

Subscribe to: Post Comments (Atom)