Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Squid server


Published on

It describes step by step process of configuring squid server on RedHat Linux

Published in: Education, Technology

Squid server

  1. 1. Squid Proxy Server on RHEL
  2. 2. Introduction of Squid <ul><li>In Linux, Squid is the package used as proxy server. </li></ul><ul><li>Software application that run on your firewall machine to provide indirect Internet access to your network. </li></ul><ul><li>Squid supports http, ftp & provides limited support for protocols-TLS,SSL,gopher. </li></ul><ul><li>Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. </li></ul><ul><li>Released under the GNU General Public license, Squid is free software. </li></ul>
  3. 3. Why Squid Proxy server?? <ul><li>Web-site restriction </li></ul><ul><li>Authentication & Security </li></ul><ul><li>Caching </li></ul><ul><li>Bandwidth Management </li></ul><ul><li>Time-based usage </li></ul>
  4. 4. Configuration Information <ul><li>PACKAGE REQUIRED: #squid </li></ul><ul><li>DAEMON: /usr/sbin/squid </li></ul><ul><li>SCRIPT: /etc/init.d/squid </li></ul><ul><li>PORT: 3128 ( squid ) </li></ul><ul><li>CONFIGURATION: /etc/squid/squid.conf </li></ul><ul><li>SERVICE: service squid restart </li></ul>
  5. 5. <ul><li>#yum install squid </li></ul><ul><li># vi /etc/squid/squid.conf </li></ul><ul><li>Append following lines in squid.conf file: </li></ul><ul><li>acl our_networks src </li></ul><ul><li>http_access allow our_networks </li></ul><ul><li>acl badsites url-regex “/etc/squid/squid-block.acl” </li></ul><ul><li>http_access deny badsites </li></ul><ul><li>#chkconfig squid on </li></ul><ul><li># /etc/init.d/squid start </li></ul>Configuration Steps
  6. 6. <ul><li>#netstat -tulpn | grep 3128 </li></ul><ul><li># vi /etc/sysconfig/iptables </li></ul><ul><li>Append configuration: </li></ul><ul><li>-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT </li></ul><ul><li>Make sure that firewall is enabled. </li></ul><ul><li># /etc/init.d/iptables restart </li></ul><ul><li>Create /etc/squid/squid-block.acl file & enlist websites u want to block. </li></ul><ul><li>#/etc/init.d/squid restart </li></ul>
  7. 7. Browser settings <ul><li>Open Mozilla firefox. </li></ul><ul><li>Edit->preferences->advanced. </li></ul><ul><li>Click on network tab. </li></ul><ul><li>Click on “settings” under connection. </li></ul><ul><li>Now on “connection settings” window , select “Manual Proxy Configuration. </li></ul><ul><li>Set Squid proxy server ip addr & port 3128. If client is same m/c then for http_proxy set addr as ,otherwise sei ip addr of proxy server. </li></ul>
  8. 8. Snapshots of Proxy Server Configuration
  9. 9. Open Squid-configuration file
  10. 10. The configuration file has been opened. Allowing client to access squid services Blocking sites in squid-block.acl
  11. 11. Check squid services on or not
  12. 12. Starting Squid Verify if port 3128 open
  13. 13. Open iptables file
  14. 14. ip-tables file opened Append this line so that ip-tables allow access to proxy server
  15. 15. Enable Firewall
  16. 16. Restart ip-tables based Firewall
  17. 17. Create Squid-block.acl
  18. 18. Squid-Block.acl file opened Enlist websites you want to block
  19. 19. In edit go to preferences Click on settings Browser Settings/Client Configuration
  20. 20. Set proxy ip addr & port as 3128
  21. 21. Client Searching Blocking Sites…. Access Denied
  22. 24. Authentication <ul><li>Important feature of squid proxy. </li></ul><ul><li>NCSA type of authentication </li></ul>
  23. 25. Creating user name and password # htpasswd /etc/squid/passwd user1 Step # 1: Create a username/password
  24. 27. # chmod o+r /etc/squid/passwd
  25. 28. Step # 2: Locate ncsa_auth authentication helper # rpm -ql squid | grep ncsa_auth
  26. 29. <ul><li>Now open /etc/squid/squid.conf file # vi /etc/squid/squid.conf </li></ul><ul><li>Append (or modify) following configuration directive: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off </li></ul>Step # 3: Configure ncsa_auth for squid proxy authentication
  27. 31. The REQURIED term means that any authenticated user will match the ACL named ncsa_users Also find out ACL section and append/modify: acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users
  28. 32. Authentication Enter user name and password.
  29. 33. Restricting Web-access by time <ul><li>Steps: </li></ul><ul><li>Open squid.conf file : </li></ul><ul><li># vi/etc/squid/squid.conf </li></ul><ul><li>Now append the following lines in squid.conf file: </li></ul><ul><li>acl hours time W 17:00-18:00 </li></ul><ul><li>http_access allow ncsa_users hours </li></ul><ul><li>Restart the squid services. </li></ul>
  30. 34. User can access internet only between 17:00-18:00 on wed
  31. 35. Caching <ul><li>Caching is an important feature of squid proxy server. </li></ul><ul><li>It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages . </li></ul><ul><li>The caching information is maintained in log file: </li></ul><ul><li>/var/log/squid/access.log file. </li></ul>
  32. 37. Firewall <ul><li>Internet firewalls are intended to keep the flames of Internet out of your private LAN. Or, to keep the members of your LAN pure and chaste by denying them access the all the evil Internet temptations. </li></ul><ul><li>A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. </li></ul><ul><li>It is called a firewall because it prevent information or data loss from one place to another. </li></ul><ul><li>A firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. </li></ul><ul><li>A firewall provides a series of filters that screens information allowing only safe information to pass through to your network. </li></ul>
  33. 38. Types Of Firewall <ul><li>There are two types of firewalls: </li></ul><ul><li>Filtering Firewalls - that block selected network packets. </li></ul><ul><li>Proxy Servers (sometimes called firewalls) - that make network connections for you. </li></ul>
  34. 39. 1.Filtering Firewall <ul><li>A filtering firewall works at the network level. </li></ul><ul><li>Data is only allowed to leave the system if the firewall rules allow it. </li></ul><ul><li>As packets arrive they are filtered by their type, source address, destination address, and port information contained in each packet. </li></ul><ul><li>Filtering firewalls are more transparent to the user </li></ul>
  35. 40. 2.Proxy Servers <ul><li>Proxies are mostly used to control, or monitor, outbound traffic. </li></ul><ul><li>Some application proxies cache the requested data. </li></ul><ul><li>This lowers bandwidth requirements and decreases the access the same data for the next user </li></ul><ul><li>There are two types of proxy servers. </li></ul><ul><li>1.Application Proxies - that do the work for you. </li></ul><ul><li>2.SOCKS Proxies - that cross wire ports. </li></ul>
  36. 41. Application Proxies <ul><li>Proxy servers handle all the communications, they can log everything you do. </li></ul><ul><li>For HTTP (web) proxies this includes very URL they you see. </li></ul><ul><li>For FTP proxies this includes every file you download. </li></ul><ul><li>They can even filter out &quot;inappropriate&quot; words from the sites you visit or scan for viruses. </li></ul><ul><li>Application proxy servers can authenticate users </li></ul><ul><li>To a web user this would make every site look like it required a login. </li></ul><ul><li>The best example is a person telneting to another computer and then telneting from there to the outside world. </li></ul>
  37. 42. SOCKS Proxy <ul><li>A SOCKS server is a lot like an old switch board. </li></ul><ul><li>It simply cross wires your connection through the system to another outside connection. </li></ul><ul><li>Most SOCKS server only work with TCP type connections. </li></ul>
  38. 43. References <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>
  39. 44. <ul><li>DEMO </li></ul>
  40. 45. <ul><li>THANK YOU </li></ul>