PRESENTED BY: Javeria 11-arid-3303 MIT-3University Institute of Information Technology , Rawalpindi(UIIT,UAAR) Pakistan
Topics to be covered: What is Web Proxy?? Purpose of using Proxy Squid Installation & Configuration Of Squid Demo
Web ProxyA web proxy is a is a server (a computer system or anapplication) that acts as an intermediary for requests fromclients seeking resources from other servers. internet browser Web proxy server
Main purpose of using proxies Improve Performance o Caching o Bandwidth control Provides detailed logs of user activity Filter Requests Surfing Anonymously Security
Some proxies – Microsoft Proxy Server – Nginx – Ccproxy – Squid
SQUIDSquid is a free, open source, mostly used proxy cachingserverInternet Service Providers (ISPs) have used Squid proxyservers since the early 1990s to provide faster downloadspeeds for delivering rich media and streaming video.Website operators frequently put a Squid proxy server as acontent accelerator, caching frequently viewed content andeasing loads on Web servers, to improve the experience ofviewers, load balancing and handling traffic spikes forpopular content.
Squid as Proxy Cache Squid acts as a proxy cache. It behaves like an agent that receives requests from clients (web browsers) and passes them to the specified server. When the requested objects arrive at the agent, it stores a copy in a disk cache. When different clients request the same objects: these are served directly from the disk cache, much faster than obtaining them from the Internet. This results in less network traffic and thus saves bandwidth.
Squid provides a number of great features useful for administrative purpose such as: allow/ deny access to specific sites allow/ deny access to specific clients/ users block URL(s) with specific word deny some port numbers Squid support the use of a database such as mySQL for storing the access control list
limit the number of connections from a client allow some clients/users to use the cache at specific times customize, or make your own error messages. use proxy-authentication. In this scheme, you assign usernames and passwords to individuals. When they first use the proxy they are asked to authenticate themselves by entering their username and password. Maintain user log
sudo gedit /var/log/squid3/access.log You can use this file to find out who is using squid server and what they are doing etc
(Access Control Lists) Define ACLs in configuration file and apply rules on them. ACLs have many options to restrict access based on source ip address, destination ip address, source domain, and destination domain. A properly configured set of ACLs can do things like: ○ restrict access to websites by IP address, ○ limit or block websites by name, ○ restrict web access by time and day, or ○ regular expression matches, such as .exe files or “game” in URL names.
ACL TYPES AVAILABLE Squid knows about almost 25 types of ACL. Some of them are: src: source (client) IP addresses dst: destination (server) IP addresses srcdomain: source (client) domain name dstdomain: destination (server) domain name time: time of day, and day of week url_regex: URL regular expression pattern matching maxconn: a limit on the maximum number of connections from a single client IP address max_user_ip: a limit on the maximum number of IP addresses one user can login from
ACCESS LISTS ELEMENTS AVAILABLE There are a number of different access lists elements. Some are: http_access: Allows HTTP clients (browsers) to access the HTTP port. This is the primary access control list. cache: Defines responses that should not be cached. url_rewrite_access: Controls which requests are sent through the redirector pool. always_direct: Controls which requests should always be forwarded directly to origin servers. never_direct: Controls which requests should never be forwarded directly to origin servers. delay_access: Controls which requests are handled by what delay pool log_access: Controls which requests are logged. This is global and overrides specific file access lists appended to access_log directives.
Official web site: http://www.squid-cache.org/ Contains: FAQ Lots of great information!
HARDWARE REQUIREMENTS FOR INSTALLING SQUID LINUX operating system 128MB RAM minimum recommended Disk 512MB to 1GB for small user counts 16GB to 24GB for large user counts
DOWNLOAD AND INSTALL In Ubuntu: sudo apt-get install squid[APT stands for “Advanced Packaging Tool”] In Redhat / CentOS yum install squid[YUM stands for “Yellowdog Updater, Modified”]
EDIT CONFIGURATION FILE Command to Open conf file: sudo gedit /etc/squid3/squid.conf Make these changes in conf file: http_access deny all > change it to http_access allow all acl blocked_websites dstdomain .twitter.com http_access deny blocked_websites Save and close conf file Restart squid sudo service squid restart
CONNECT TO PROXY SERVEROpen Web BrowserGo to: Connection Settings Internet Properties LAN Settings Manual proxy configuration Http proxy: ip address of proxy server Port : 3128 (default port for Squid proxy server)
UNINSTALLING SQUID In Ubuntu: sudo apt-get remove squid In Redhat / CentOS yum remove squid