• Save
Squid server
Upcoming SlideShare
Loading in...5
×
 

Squid server

on

  • 6,354 views

It describes step by step process of configuring squid server on RedHat Linux

It describes step by step process of configuring squid server on RedHat Linux
<comment>

Statistics

Views

Total Views
6,354
Views on SlideShare
6,240
Embed Views
114

Actions

Likes
11
Downloads
0
Comments
8

9 Embeds 114

http://harshitht.blogspot.in 51
http://humtumht.blogspot.in 22
http://harshitht.blogspot.com 22
http://humtumht.blogspot.com 10
http://www.harshitht.blogspot.in 4
http://htharshit.blogspot.in 2
http://harshitht.blogspot.de 1
http://www.slashdocs.com 1
https://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • please enable the download link..........
    Are you sure you want to
    Your message goes here
    Processing…
  • Can you pls enable the save option. Let other share your knowledge.
    Are you sure you want to
    Your message goes here
    Processing…
  • Pls enable download
    Are you sure you want to
    Your message goes here
    Processing…
  • pls allow to download Sir.
    Are you sure you want to
    Your message goes here
    Processing…
  • i m providing acl our_network 192.168.1.0/24
    which ip should i provide and what is that 24?
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Squid server Squid server Presentation Transcript

  • Squid Proxy Server on RHEL
  • Introduction of Squid
    • In Linux, Squid is the package used as proxy server.
    • Software application that run on your firewall machine to provide indirect Internet access to your network.
    • Squid supports http, ftp & provides limited support for protocols-TLS,SSL,gopher.
    • Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process.
    • Released under the GNU General Public license, Squid is free software.
  • Why Squid Proxy server??
    • Web-site restriction
    • Authentication & Security
    • Caching
    • Bandwidth Management
    • Time-based usage
  • Configuration Information
    • PACKAGE REQUIRED: #squid
    • DAEMON: /usr/sbin/squid
    • SCRIPT: /etc/init.d/squid
    • PORT: 3128 ( squid )
    • CONFIGURATION: /etc/squid/squid.conf
    • SERVICE: service squid restart
    • #yum install squid
    • # vi /etc/squid/squid.conf
    • Append following lines in squid.conf file:
    • acl our_networks src 172.16.179.136/255.255.240.0
    • http_access allow our_networks
    • acl badsites url-regex “/etc/squid/squid-block.acl”
    • http_access deny badsites
    • #chkconfig squid on
    • # /etc/init.d/squid start
    Configuration Steps
    • #netstat -tulpn | grep 3128
    • # vi /etc/sysconfig/iptables
    • Append configuration:
    • -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
    • Make sure that firewall is enabled.
    • # /etc/init.d/iptables restart
    • Create /etc/squid/squid-block.acl file & enlist websites u want to block.
    • #/etc/init.d/squid restart
  • Browser settings
    • Open Mozilla firefox.
    • Edit->preferences->advanced.
    • Click on network tab.
    • Click on “settings” under connection.
    • Now on “connection settings” window , select “Manual Proxy Configuration.
    • Set Squid proxy server ip addr & port 3128. If client is same m/c then for http_proxy set addr as 127.0.0.0 ,otherwise sei ip addr of proxy server.
  • Snapshots of Proxy Server Configuration
  • Open Squid-configuration file
  • The configuration file has been opened. Allowing client to access squid services Blocking sites in squid-block.acl
  • Check squid services on or not
  • Starting Squid Verify if port 3128 open
  • Open iptables file
  • ip-tables file opened Append this line so that ip-tables allow access to proxy server
  • Enable Firewall
  • Restart ip-tables based Firewall
  • Create Squid-block.acl
  • Squid-Block.acl file opened Enlist websites you want to block
  • In edit go to preferences Click on settings Browser Settings/Client Configuration
  • Set proxy ip addr & port as 3128
  • Client Searching rediff.com Blocking Sites…. Access Denied
  •  
  •  
  • Authentication
    • Important feature of squid proxy.
    • NCSA type of authentication
  • Creating user name and password # htpasswd /etc/squid/passwd user1 Step # 1: Create a username/password
  •  
  • # chmod o+r /etc/squid/passwd
  • Step # 2: Locate ncsa_auth authentication helper # rpm -ql squid | grep ncsa_auth
    • Now open /etc/squid/squid.conf file # vi /etc/squid/squid.conf
    • Append (or modify) following configuration directive: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
    Step # 3: Configure ncsa_auth for squid proxy authentication
  •  
  • The REQURIED term means that any authenticated user will match the ACL named ncsa_users Also find out ACL section and append/modify: acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users
  • Authentication Enter user name and password.
  • Restricting Web-access by time
    • Steps:
    • Open squid.conf file :
    • # vi/etc/squid/squid.conf
    • Now append the following lines in squid.conf file:
    • acl hours time W 17:00-18:00
    • http_access allow ncsa_users hours
    • Restart the squid services.
  • User can access internet only between 17:00-18:00 on wed
  • Caching
    • Caching is an important feature of squid proxy server.
    • It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages .
    • The caching information is maintained in log file:
    • /var/log/squid/access.log file.
  •  
  • Firewall
    • Internet firewalls are intended to keep the flames of Internet out of your private LAN. Or, to keep the members of your LAN pure and chaste by denying them access the all the evil Internet temptations.
    • A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network.
    • It is called a firewall because it prevent information or data loss from one place to another.
    • A firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network.
    • A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.
  • Types Of Firewall
    • There are two types of firewalls:
    • Filtering Firewalls - that block selected network packets.
    • Proxy Servers (sometimes called firewalls) - that make network connections for you.
  • 1.Filtering Firewall
    • A filtering firewall works at the network level.
    • Data is only allowed to leave the system if the firewall rules allow it.
    • As packets arrive they are filtered by their type, source address, destination address, and port information contained in each packet.
    • Filtering firewalls are more transparent to the user
  • 2.Proxy Servers
    • Proxies are mostly used to control, or monitor, outbound traffic.
    • Some application proxies cache the requested data.
    • This lowers bandwidth requirements and decreases the access the same data for the next user
    • There are two types of proxy servers.
    • 1.Application Proxies - that do the work for you.
    • 2.SOCKS Proxies - that cross wire ports.
  • Application Proxies
    • Proxy servers handle all the communications, they can log everything you do.
    • For HTTP (web) proxies this includes very URL they you see.
    • For FTP proxies this includes every file you download.
    • They can even filter out &quot;inappropriate&quot; words from the sites you visit or scan for viruses.
    • Application proxy servers can authenticate users
    • To a web user this would make every site look like it required a login.
    • The best example is a person telneting to another computer and then telneting from there to the outside world.
  • SOCKS Proxy
    • A SOCKS server is a lot like an old switch board.
    • It simply cross wires your connection through the system to another outside connection.
    • Most SOCKS server only work with TCP type connections.
  • References
    • www.cyberciti.biz
    • www.magazine.redhat.com
    • www.hubpages.com
    • www.linuxhomenetworking.com
    • DEMO
    • THANK YOU