This document provides instructions for configuring a Squid proxy server on CentOS. It discusses obtaining information about the system like the OS distribution, hardware architecture, and installed application versions. It also outlines basic Squid configuration steps like backing up the default configuration file, checking the port Squid listens on, and ensuring the log file location is set correctly before starting Squid. Configuring access controls and caching policies would be covered in more depth in subsequent sections.
A proxy server acts as an intermediary between clients and the internet or other network resources. Squid is a caching and forwarding proxy server that can improve performance by caching frequently requested files. It can restrict access based on client IP, domain, or time of day. Configuring Squid involves installing it, editing the squid.conf file to define access controls and caching, and configuring clients to use the proxy. The access log can be tailed to view current proxy requests.
The document discusses proxies and caching. Proxies act as intermediaries between local networks and external networks like the Internet. They can improve performance by caching frequently requested web pages. Squid is an open source proxy caching server that operates by checking its cache for requested objects, retrieving objects from origin servers if needed, and storing cacheable objects in its local cache.
Squid Proxy Server on RHEL introduces Squid, a free and open-source proxy server software that provides caching, authentication, bandwidth management, and web filtering capabilities. It discusses configuring Squid on Red Hat Linux including installing packages, editing configuration files, starting services, and testing the proxy functionality. Browser and client settings are also covered to allow systems to route traffic through the Squid proxy server.
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
The Network File System (NFS) is the most widely used network-based file system. NFS’s initial simple design and Sun Microsystems’ willingness to publicize the protocol and code samples to the community contributed to making NFS the most successful remote access file system. NFS implementations are available for numerous Unix systems, several Windows-based systems, and others.
DHCP (Dynamic Host Configuration Protocol) is a network service that enables clients to obtain network settings (IP Address, Subnet Mask, Default Gateway, DNS Server, Hostname and Domain) automatically from a central server.
The document provides an overview of SSH (Secure Shell), including what it is, its history and architecture, how to install and configure it, use public-key authentication and agent forwarding, and set up port forwarding tunnels. SSH allows securely executing commands, transferring files, and accessing systems behind firewalls.
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
This Linux Tutorial will help you get started with Linux Administration. This Linux tutorial will also give you an introduction to the basic Linux commands so that you can start using the Linux CLI. Do watch the video till the very end to see all the demonstration. Below are the topics covered in this tutorial:
1) Why go for Linux?
2) Various distributions of Linux
3) Basic Linux commands: ls, cd, pwd, clear commands
4) Working with files & directories: cat, vi, gedit, mkdir, rmdir, rm commands
5) Managing file Permissions: chmod, chgrp, chown commands
6) Updating software packages from Linux repository
7) Compressing & Decompressing files using TAR command
8) Environment variables and Regular expressions
9) Starting and killing processes
10) Managing users
11) SSH protocol for accessing remote hosts
A proxy server acts as an intermediary between clients and the internet or other network resources. Squid is a caching and forwarding proxy server that can improve performance by caching frequently requested files. It can restrict access based on client IP, domain, or time of day. Configuring Squid involves installing it, editing the squid.conf file to define access controls and caching, and configuring clients to use the proxy. The access log can be tailed to view current proxy requests.
The document discusses proxies and caching. Proxies act as intermediaries between local networks and external networks like the Internet. They can improve performance by caching frequently requested web pages. Squid is an open source proxy caching server that operates by checking its cache for requested objects, retrieving objects from origin servers if needed, and storing cacheable objects in its local cache.
Squid Proxy Server on RHEL introduces Squid, a free and open-source proxy server software that provides caching, authentication, bandwidth management, and web filtering capabilities. It discusses configuring Squid on Red Hat Linux including installing packages, editing configuration files, starting services, and testing the proxy functionality. Browser and client settings are also covered to allow systems to route traffic through the Squid proxy server.
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
The Network File System (NFS) is the most widely used network-based file system. NFS’s initial simple design and Sun Microsystems’ willingness to publicize the protocol and code samples to the community contributed to making NFS the most successful remote access file system. NFS implementations are available for numerous Unix systems, several Windows-based systems, and others.
DHCP (Dynamic Host Configuration Protocol) is a network service that enables clients to obtain network settings (IP Address, Subnet Mask, Default Gateway, DNS Server, Hostname and Domain) automatically from a central server.
The document provides an overview of SSH (Secure Shell), including what it is, its history and architecture, how to install and configure it, use public-key authentication and agent forwarding, and set up port forwarding tunnels. SSH allows securely executing commands, transferring files, and accessing systems behind firewalls.
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
This Linux Tutorial will help you get started with Linux Administration. This Linux tutorial will also give you an introduction to the basic Linux commands so that you can start using the Linux CLI. Do watch the video till the very end to see all the demonstration. Below are the topics covered in this tutorial:
1) Why go for Linux?
2) Various distributions of Linux
3) Basic Linux commands: ls, cd, pwd, clear commands
4) Working with files & directories: cat, vi, gedit, mkdir, rmdir, rm commands
5) Managing file Permissions: chmod, chgrp, chown commands
6) Updating software packages from Linux repository
7) Compressing & Decompressing files using TAR command
8) Environment variables and Regular expressions
9) Starting and killing processes
10) Managing users
11) SSH protocol for accessing remote hosts
Proxy servers and firewalls both act as gateways between internal networks and external networks like the internet. Proxy servers improve performance by caching frequently requested content, control bandwidth usage, and filter requests. Firewalls protect internal networks from external threats by packet filtering, analyzing packets, providing proxy services, and logging and alerting administrators of potential threats. Popular proxy software includes Squid, ISA Server, and WinRoute, while popular firewall software includes ISA Server, Cisco PIX, Norton Internet Security, and ZoneAlarm.
The document provides an overview of the Red Hat Certified Engineer certification courses, including the objectives and topics covered in each course. The first course, RH033 Red Hat Linux Essentials, covers basic Linux commands, file navigation, text editing, and administration. The second course, RH133 Red Hat System Administration, focuses on system installation, hardware administration, users/groups, and networking. The third course, RH253 Red Hat Networking and Security Administration, teaches network services configuration and security topics.
Explore your prometheus data in grafana - Promcon 2018Grafana Labs
- new Prometheus features in Grafana that were added over the last year
- instant query
- heatmap
- template variable expansion
- new Explore UI with split views and better tab completion for promQL queries
This document provides an overview of a 5-day UNIX/Linux training course. The training covers topics such as Linux desktops and administration, Linux command line administration, networking, servers, and programming. Each day focuses on a different aspect of UNIX/Linux including installation, desktop environments, administration tasks from the command line interface, and networking. Common Linux distributions and benefits of UNIX/Linux are also discussed.
This document provides an overview of the ClearPass access management solution from Aruba, which includes ClearPass Policy Manager, ClearPass Guest, ClearPass Onboard, and ClearPass OnGuard. ClearPass Policy Manager acts as the core policy enforcement and authentication engine. ClearPass Guest enables secure guest access, ClearPass Onboard allows employees to securely onboard personal devices, and ClearPass OnGuard performs device posture checks. The document discusses how these ClearPass modules work together to provide flexible network access policies for BYOD, guests, and security compliance across wired and wireless infrastructures from multiple vendors.
A quick assortment of useful Group Policy concepts starting with a quick review of what Group Policies are, how they work, what they can do (in general).
Sections on the following concepts are included:
* Software Restriction Policies
* Group Policy Preferences
* Loopback Preferences
* Backing up your GPO's with PowerShell
I only had about 45 minutes to go through this, so the topics are glanced over, but it gives the viewer a decent idea of the various aspects of Group Policy.
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-nomad-troubleshooting-for-dummies/
The number of systems IT and support have to handle is growing faster and faster, while headcounts in those departments struggle to keep pace. This means less and less time to deal with any single system (like Notes), which leads to reduced operational efficiency. On top of that, newer personnel is often also unfamiliar with the HCL stack.
Come and join Christoph Adler on April 18 who will condense their whopping 20+ years of field experience with HCL Notes and Nomad troubleshooting into a single webinar. Get an eye-opening boost in knowledge and skills – whether you are an inquiring beginner or a seasoned admin. Benefit from real uses cases we encountered in the wild to learn how you can quickly and easily deal with many common situations and find out what to do if you can’t solve it on your own.
What you will learn
- Learn how to react fast and what to do when things go wrong with Notes or Nomad, and how to isolate and/or reproduce the issue.
- Understand where to look for information (logs, NSDs, etc.), how to easily collect it, and how to interpret what you find.
- Accelerate time to resolution when escalating to HCL support by having all the right things in hand from the start.
Palo alto networks next generation firewallsCastleforce
The document summarizes Palo Alto Networks next-generation firewalls which can identify applications, users, and content to provide visibility and granular control. This helps address challenges of uncontrolled use of internet applications in enterprises. The firewalls can see through ports and protocols to classify over 900 applications using techniques like App-ID, User-ID, and Content-ID. This gives IT unprecedented control over network activities.
ClearPass is a network access control solution that provides device visibility, connection policy enforcement, and user login management. It uses fingerprinting to identify devices and their types, and an adaptive policy engine to enforce wired, wireless, and VPN policies based on the device and user. ClearPass integrates with other security and infrastructure solutions through exchanges and APIs to enable features like automated defense, service chaining, BYOD onboarding, and guest access management. It collects data from various sources to build user and device profiles for adaptive trust and security monitoring through real-time policy actions and integration with IntroSpect for user entity behavior analytics.
The document discusses various topics related to Linux administration. It covers Unix system architecture, the Linux command line, files and directories, running programs, wildcards, text editors, shells, command syntax, filenames, command history, paths, hidden files, home directories, making directories, copying and renaming files, and more. It provides an overview of key Linux concepts and commands for system administration.
The document discusses the history and features of the Linux operating system. It notes that Linux was developed in 1991 by Linus Torvalds, a student at the University of Helsinki. Torvalds released the Linux source code publicly, allowing thousands of developers to contribute to its growth. Linux is an open-source operating system that provides many of the same functions as proprietary systems like Windows and macOS, including user interfaces, task management, and support for various hardware devices.
Linux allows multiple users to access the system simultaneously. Users are uniquely identified by their UID, and can be regular users or superusers. Superusers have full access while regular users have limited access. The system administrator manages users and groups. Users can be created with the useradd command and assigned to primary and supplementary groups. User properties like login, UID, home directory and shell are set during creation. Users can be modified, locked, unlocked and deleted using related commands. Groups organize users and are managed using groupadd, groupmod, and groupdel. Permissions allow controlling access for users and groups.
A firewall is a system or group of systems that controls network traffic between trusted and untrusted networks according to pre-configured rules. There are different types of firewalls including packet filtering, stateful packet inspection, application-level gateways, and circuit-level gateways. Firewalls work by examining packets and filtering traffic based on criteria like source/destination addresses and ports to enforce a security policy between networks.
A Project Report on Linux Server AdministrationAvinash Kumar
This is a Project Report on Linux Server Admin. It contains key network features which are installed on Linux. This project was conducted on RedHat Enterprise Linux 7.2.
The document outlines the configuration of a network including a LAN server and LAN client. It describes setting up Active Directory, DNS, DHCP services on the LAN server with IP scopes and reservations. It also covers installing DHCP relay on the server to facilitate IP addressing between the server and LAN client subnet, as well as allowing users to access file shares, join the domain, and login with Active Directory credentials.
Cisco IOS is a multitasking operating system used on most Cisco routers and switches to configure routing, switching, and other network features. IOS can be accessed through the console port for initial configuration, remotely via Telnet or secure SSH. The device memory includes ROM for booting, RAM for the running configuration, Flash for software images, and NVRAM for the startup configuration. IOS has different modes including user EXEC for basic commands, privileged EXEC for viewing and changing configurations, and global configuration for modifying the device configuration.
A firewall is hardware or software that filters network traffic by allowing or denying transmission based on a set of rules to protect networks from unauthorized access. There are two main types - network layer firewalls which filter at the IP address and port level, and application layer firewalls which can filter traffic from specific applications like FTP or HTTP. A DMZ (demilitarized zone) is a physical or logical sub-network exposed to an untrusted network like the internet that contains external-facing services, protected from internal networks by firewalls. Firewalls provide security benefits like restricting access to authorized users and preventing intrusions from untrusted networks.
URP? Excuse You! The Three Kafka Metrics You Need to KnowTodd Palino
What do you really know about how to monitor a Kafka cluster for problems? Is your most reliable monitoring your users telling you there’s something broken? Are you capturing more metrics than the actual data being produced? Sure, we all know how to monitor disk and network, but when it comes to the state of the brokers, many of us are still unsure of which metrics we should be watching, and what their patterns mean for the state of the cluster. Kafka has hundreds of measurements, from the high-level numbers that are often meaningless to the per-partition metrics that stack up by the thousands as our data grows.
We will thoroughly explore three key monitoring concepts in the broker, that will leave you an expert in identifying problems with the least amount of pain:
Under-replicated Partitions: The mother of all metrics
Request Latencies: Why your users complain
Thread pool utilization: How could 80% be a problem?
We will also discuss the necessity of availability monitoring and how to use it to get a true picture of what your users see, before they come beating down your door!
This document provides information about configuring and using the Squid caching proxy server. It discusses Squid versions and improvements between versions, how to configure access control lists and ports in Squid's configuration file squid.conf, and provides a sample configuration file with ACL rules and cache directory settings. Advantages discussed include improved caching and access control capabilities.
Squid Caching for Web Content Accerlationrahul8590
Squid is an open source web proxy and cache server that provides content filtering, access control, and caching capabilities to improve network performance; it sits between clients and external servers to filter web traffic based on configured rules and restrictions set by the network administrator using regular expressions and access control lists. Squid can also integrate with authentication servers like ncsa_auth to require passwords for user access through the proxy.
Proxy servers and firewalls both act as gateways between internal networks and external networks like the internet. Proxy servers improve performance by caching frequently requested content, control bandwidth usage, and filter requests. Firewalls protect internal networks from external threats by packet filtering, analyzing packets, providing proxy services, and logging and alerting administrators of potential threats. Popular proxy software includes Squid, ISA Server, and WinRoute, while popular firewall software includes ISA Server, Cisco PIX, Norton Internet Security, and ZoneAlarm.
The document provides an overview of the Red Hat Certified Engineer certification courses, including the objectives and topics covered in each course. The first course, RH033 Red Hat Linux Essentials, covers basic Linux commands, file navigation, text editing, and administration. The second course, RH133 Red Hat System Administration, focuses on system installation, hardware administration, users/groups, and networking. The third course, RH253 Red Hat Networking and Security Administration, teaches network services configuration and security topics.
Explore your prometheus data in grafana - Promcon 2018Grafana Labs
- new Prometheus features in Grafana that were added over the last year
- instant query
- heatmap
- template variable expansion
- new Explore UI with split views and better tab completion for promQL queries
This document provides an overview of a 5-day UNIX/Linux training course. The training covers topics such as Linux desktops and administration, Linux command line administration, networking, servers, and programming. Each day focuses on a different aspect of UNIX/Linux including installation, desktop environments, administration tasks from the command line interface, and networking. Common Linux distributions and benefits of UNIX/Linux are also discussed.
This document provides an overview of the ClearPass access management solution from Aruba, which includes ClearPass Policy Manager, ClearPass Guest, ClearPass Onboard, and ClearPass OnGuard. ClearPass Policy Manager acts as the core policy enforcement and authentication engine. ClearPass Guest enables secure guest access, ClearPass Onboard allows employees to securely onboard personal devices, and ClearPass OnGuard performs device posture checks. The document discusses how these ClearPass modules work together to provide flexible network access policies for BYOD, guests, and security compliance across wired and wireless infrastructures from multiple vendors.
A quick assortment of useful Group Policy concepts starting with a quick review of what Group Policies are, how they work, what they can do (in general).
Sections on the following concepts are included:
* Software Restriction Policies
* Group Policy Preferences
* Loopback Preferences
* Backing up your GPO's with PowerShell
I only had about 45 minutes to go through this, so the topics are glanced over, but it gives the viewer a decent idea of the various aspects of Group Policy.
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-nomad-troubleshooting-for-dummies/
The number of systems IT and support have to handle is growing faster and faster, while headcounts in those departments struggle to keep pace. This means less and less time to deal with any single system (like Notes), which leads to reduced operational efficiency. On top of that, newer personnel is often also unfamiliar with the HCL stack.
Come and join Christoph Adler on April 18 who will condense their whopping 20+ years of field experience with HCL Notes and Nomad troubleshooting into a single webinar. Get an eye-opening boost in knowledge and skills – whether you are an inquiring beginner or a seasoned admin. Benefit from real uses cases we encountered in the wild to learn how you can quickly and easily deal with many common situations and find out what to do if you can’t solve it on your own.
What you will learn
- Learn how to react fast and what to do when things go wrong with Notes or Nomad, and how to isolate and/or reproduce the issue.
- Understand where to look for information (logs, NSDs, etc.), how to easily collect it, and how to interpret what you find.
- Accelerate time to resolution when escalating to HCL support by having all the right things in hand from the start.
Palo alto networks next generation firewallsCastleforce
The document summarizes Palo Alto Networks next-generation firewalls which can identify applications, users, and content to provide visibility and granular control. This helps address challenges of uncontrolled use of internet applications in enterprises. The firewalls can see through ports and protocols to classify over 900 applications using techniques like App-ID, User-ID, and Content-ID. This gives IT unprecedented control over network activities.
ClearPass is a network access control solution that provides device visibility, connection policy enforcement, and user login management. It uses fingerprinting to identify devices and their types, and an adaptive policy engine to enforce wired, wireless, and VPN policies based on the device and user. ClearPass integrates with other security and infrastructure solutions through exchanges and APIs to enable features like automated defense, service chaining, BYOD onboarding, and guest access management. It collects data from various sources to build user and device profiles for adaptive trust and security monitoring through real-time policy actions and integration with IntroSpect for user entity behavior analytics.
The document discusses various topics related to Linux administration. It covers Unix system architecture, the Linux command line, files and directories, running programs, wildcards, text editors, shells, command syntax, filenames, command history, paths, hidden files, home directories, making directories, copying and renaming files, and more. It provides an overview of key Linux concepts and commands for system administration.
The document discusses the history and features of the Linux operating system. It notes that Linux was developed in 1991 by Linus Torvalds, a student at the University of Helsinki. Torvalds released the Linux source code publicly, allowing thousands of developers to contribute to its growth. Linux is an open-source operating system that provides many of the same functions as proprietary systems like Windows and macOS, including user interfaces, task management, and support for various hardware devices.
Linux allows multiple users to access the system simultaneously. Users are uniquely identified by their UID, and can be regular users or superusers. Superusers have full access while regular users have limited access. The system administrator manages users and groups. Users can be created with the useradd command and assigned to primary and supplementary groups. User properties like login, UID, home directory and shell are set during creation. Users can be modified, locked, unlocked and deleted using related commands. Groups organize users and are managed using groupadd, groupmod, and groupdel. Permissions allow controlling access for users and groups.
A firewall is a system or group of systems that controls network traffic between trusted and untrusted networks according to pre-configured rules. There are different types of firewalls including packet filtering, stateful packet inspection, application-level gateways, and circuit-level gateways. Firewalls work by examining packets and filtering traffic based on criteria like source/destination addresses and ports to enforce a security policy between networks.
A Project Report on Linux Server AdministrationAvinash Kumar
This is a Project Report on Linux Server Admin. It contains key network features which are installed on Linux. This project was conducted on RedHat Enterprise Linux 7.2.
The document outlines the configuration of a network including a LAN server and LAN client. It describes setting up Active Directory, DNS, DHCP services on the LAN server with IP scopes and reservations. It also covers installing DHCP relay on the server to facilitate IP addressing between the server and LAN client subnet, as well as allowing users to access file shares, join the domain, and login with Active Directory credentials.
Cisco IOS is a multitasking operating system used on most Cisco routers and switches to configure routing, switching, and other network features. IOS can be accessed through the console port for initial configuration, remotely via Telnet or secure SSH. The device memory includes ROM for booting, RAM for the running configuration, Flash for software images, and NVRAM for the startup configuration. IOS has different modes including user EXEC for basic commands, privileged EXEC for viewing and changing configurations, and global configuration for modifying the device configuration.
A firewall is hardware or software that filters network traffic by allowing or denying transmission based on a set of rules to protect networks from unauthorized access. There are two main types - network layer firewalls which filter at the IP address and port level, and application layer firewalls which can filter traffic from specific applications like FTP or HTTP. A DMZ (demilitarized zone) is a physical or logical sub-network exposed to an untrusted network like the internet that contains external-facing services, protected from internal networks by firewalls. Firewalls provide security benefits like restricting access to authorized users and preventing intrusions from untrusted networks.
URP? Excuse You! The Three Kafka Metrics You Need to KnowTodd Palino
What do you really know about how to monitor a Kafka cluster for problems? Is your most reliable monitoring your users telling you there’s something broken? Are you capturing more metrics than the actual data being produced? Sure, we all know how to monitor disk and network, but when it comes to the state of the brokers, many of us are still unsure of which metrics we should be watching, and what their patterns mean for the state of the cluster. Kafka has hundreds of measurements, from the high-level numbers that are often meaningless to the per-partition metrics that stack up by the thousands as our data grows.
We will thoroughly explore three key monitoring concepts in the broker, that will leave you an expert in identifying problems with the least amount of pain:
Under-replicated Partitions: The mother of all metrics
Request Latencies: Why your users complain
Thread pool utilization: How could 80% be a problem?
We will also discuss the necessity of availability monitoring and how to use it to get a true picture of what your users see, before they come beating down your door!
This document provides information about configuring and using the Squid caching proxy server. It discusses Squid versions and improvements between versions, how to configure access control lists and ports in Squid's configuration file squid.conf, and provides a sample configuration file with ACL rules and cache directory settings. Advantages discussed include improved caching and access control capabilities.
Squid Caching for Web Content Accerlationrahul8590
Squid is an open source web proxy and cache server that provides content filtering, access control, and caching capabilities to improve network performance; it sits between clients and external servers to filter web traffic based on configured rules and restrictions set by the network administrator using regular expressions and access control lists. Squid can also integrate with authentication servers like ncsa_auth to require passwords for user access through the proxy.
This document provides an overview of setting up a mail server on Linux. It discusses what Linux is and its features. It then describes the key components needed for a mail server, including Bind for DNS, Httpd for a web server, Dovecot for protocols, Postfix for accepting connections, and Squirrelmail for accessing the IMAP server. Instructions are provided on installing and configuring the necessary software packages to establish a functional mail server on a Linux system.
“PostgreSQL, Python and Squid” (otherwise known as, “using Python in PostgreSQL and PostgreSQL from Python”) presented at PyPgDay 2013 at PyCon 2013-Christophe Pettus
This document provides a guide to configure an Linux computer to share an internet connection with multiple other devices on a local network. It discusses planning the network topology, setting up DHCP and IP forwarding on the Linux box, and configuring firewall rules to masquerade traffic and allow sharing of a single public IP address among private devices.
This document outlines the internship report of Nguyen Le Chanh Duy at ATHENA over 8 weeks. The report details the process of building a mail server on Linux for an enterprise. Key activities included:
1) Configuring local virtual machines to test mail exchange using Postfix and Dovecot;
2) Installing a VPS and configuring it with Postfix, Dovecot and Squirrelmail to exchange mail successfully with external services like Gmail and Yahoo Mail.
3) Troubleshooting errors to ensure proper mail exchange. The intern gained experience with Linux server administration and mail server configuration.
The document is a resume for Shrankhla Narya, a user experience designer with experience conceptualizing and designing mobile applications for low-wage workers. She has a background in human-computer interaction, visual design, and ethnographic research. Her most recent project was designing a mobile app for day laborers in Texas to access records of employers with histories of wage theft.
Squid have a beak similar to birds. Their beak is made of chitin and used to grasp and tear food. Squid use their beak, along with their tentacles, to hunt for prey in the ocean.
This document records the location data of a pink-footed shearwater from June 2011 to January 2012 in latitude and longitude coordinates. It shows the bird traveling north from June to September then southward until disappearing from the record in early January, migrating along the eastern coasts of Asia and North America between its breeding and non-breeding ranges.
http://www.ip-location.khozz.com
Proxy server is the best way to keep your server healthy. It enables a system to connect to the internet without revealing the system IP address to the destination site.
This document provides information about setting up a mail server. It discusses what a mail server is and its main components, including Linux operating system requirements, DNS and web servers, MTA and MDA, webmail and chat clients. It describes how these components work together and the configuration process, including making user accounts. The document concludes that email is an important part of any website and careful configuration is needed to integrate it seamlessly.
This document discusses HTTP proxy servers. It defines a proxy server as a server that acts as an intermediary for requests from clients and acts as a client to the actual servers. An HTTP proxy server specifically handles HTTP requests. It can speed up browsing by caching frequently requested pages. It also anonymizes user requests and reduces load on the internet connection. The document then discusses the software Proxyfire as an example of a "distorting" HTTP proxy server and provides screenshots of its interface. It concludes by listing the hardware and software specifications of the system used.
This document provides instructions for setting up a DHCP server on a Linux CentOS system. It outlines steps to check if the DHCP package is installed, install it from the CentOS disc if needed, create and configure the dhcpd.conf script file, and start, stop, and restart the DHCP service. It also includes an example dhcpd.conf configuration with an IP range, gateway, DNS, and domain settings for a DHCP server lab setup with a Linux server and Windows clients.
Apache is a free and open-source web server software that can be installed on Linux and other operating systems. It provides users with web serving, security, and e-commerce functionality out of the box. The document outlines the step-by-step process to download, install, configure, and run the Apache web server on a Linux system. This includes creating directories, downloading and extracting Apache files, configuring settings in the httpd.conf file, and testing the installation by accessing the server locally in a web browser. Virtual hosting is also described as a way to host multiple domains from a single server using Apache.
The document discusses ISCSI server configuration. An ISCSI server acts as a storage target, allowing clients to access disks over IP networks using SCSI commands. The server software provides a target and the clients use an initiator. The steps shown configure an ISCSI server by installing packages, editing configuration files, restarting services, and logging clients in to access newly available disks over the network.
Nagios Conference 2013 - David Stern - The Nagios Light BarNagios
David Stern's presentation on The Nagios Light Bar.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
The document discusses configuring an Apache web server. It describes installing Apache packages, editing the configuration file to set the server name, document root, and default HTML file. It also covers adding authentication using .htaccess files, generating an SSL certificate, setting up the server for IP-based or name-based virtual hosting, and restarting Apache.
DNS server configurationDns server configurationThamizharasan P
The document discusses configuring a DNS server on a system. It recommends installing the bind package and modifying files in /var/named, including the main configuration file, forward lookup zone file, and reverse lookup zone file. It also notes that the DNS server IP should be added and the service restarted after configuration changes. Finally, it suggests adding client IP addresses and hostnames to the forward and reverse lookup zone files.
Este documento describe cómo configurar un proxy transparente en Ubuntu usando Squid, iptables y dhcp3-server. Explica cómo instalar y configurar Squid para funcionar en el puerto 3128, agregar reglas en iptables para redirigir y enmascarar el tráfico, y configurar dhcp3-server para asignar direcciones IP y datos de red a los clientes de forma automática. Una vez configurados estos programas, se habrá implementado un proxy transparente que enrutará todo el tráfico de la red local a través de Squid sin necesidad de configuración manual
This document provides a guide for configuring a Squid proxy server. It discusses requirements like hardware specifications, choosing an operating system, and installing Squid. It then describes basic Squid configuration steps like editing configuration files, starting Squid, and configuring web browsers to use the proxy. Finally, it covers more advanced topics like designing access control lists to control which clients and sites can access the proxy server. The overall document aims to guide readers through the entire process of setting up and managing a Squid proxy server.
The document discusses setting up a Squid proxy server on a Linux system to improve network security and performance for a home network. It recommends using an old Pentium II computer with at least 80-100MB of RAM as the proxy server. The document provides instructions for installing Squid and configuring the Squid.conf file to optimize disk usage, caching, and logging. It also explains how to set up the Squid proxy server to work with an iptables firewall for access control and protection from intruders.
A gateway server is a server through which the computers in a LAN access the Internet. This is
usually done through NAT. It should also provide firewall protection for the LAN and it can also serve
as a DNS and DHCPD server for the LAN. Some years ago I have been involved in a project for building gateway servers like this, using
slackware on old PCs. In this article I will try to explain the things that I have done on this project and
how I did them.
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsStuart McIntyre
As per the Quickr Wiki ( http://www-10.lotus.com/ldd/lqwiki.nsf/dx/20052009045545WEBCGW.htm ):
"This document contains the presentation from Quickr masterclass covering planning optimal deployments – crawl/walk/run.
Discussing simplistic deployment architectures which can be linearily scaled over time (e.g. from POC to simple-non-clustered to clustered)
Sharing of key tips/recommendations from SVT and Perf - so as to help avoid expensive crit-sits in the field
Tuning for performance, stability and reliability"
Please note, I do not claim any ownership of this presentation, just am uploading to allow sharing via the Quickr Blog. Any questions/comments/issues, just let me know!
This document provides instructions for installing, securing, and maintaining FreeBSD servers. It discusses pre-installation planning including partitioning, software selection, and kernel customization. Post-installation tasks covered include rebuilding the operating system to incorporate updates, installing software via packages and ports, and preparing for automated upgrades. The goal is to provide a secure, optimized system tailored to the server's purpose through careful configuration and removal of unnecessary components.
This document discusses changes to Hyper-V virtualization from Windows Server 2008 to 2012. Key changes include the ability to share virtual hard disks between VMs, improved quality of service controls, and more robust resource sharing between host and guest systems. The new features make Hyper-V more reliable and scalable for server virtualization needs over the next 2-3 years.
The document discusses setting up a FreeBSD router to act as a captive portal, wireless router, and firewall. It provides recommended hardware, installation instructions, and steps to configure the wireless card and set up the captive portal. The router allows administering a UNIX system with practical applications while continuing to learn.
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
The document provides information on various topics for the CompTIA CASP exam, including:
1. Virtual Trusted Platform Modules (vTPM) which provide secure storage and cryptographic functions to virtual machines.
2. SELinux which added Mandatory Access Control to the Linux kernel to control access between subjects and objects.
3. Differences between common storage protocols like iSCSI, Fibre Channel over Ethernet, and NFS vs CIFS.
It also covers topics like dynamic disk pools vs RAID, Microsoft Group Policies, and differences between network attached storage and storage area networks.
This document discusses Squid Proxy in Red Hat Enterprise Linux 6 (RHEL 6). It provides instructions on installing RHEL 6, including selecting packages during installation such as PHP, MySQL, and Eclipse IDE. It then discusses proxy servers and their uses such as filtering content, caching to improve performance, and load balancing between multiple web servers. Common proxy types include forward, reverse, and open proxies.
Prizm Content Connect is a lightweight document viewer flash control that allows applications to display and interact with different file formats like Microsoft Office documents. It provides a universal viewing solution and acts as a document container for embedding documents in a custom form or webpage. The viewer is lightweight, flexible and allows integrating an end-to-end solution using Office or other native format documents in a custom solution.
Interoperability refers to the ability of diverse systems and organizations to work together. Key points about file systems include: FAT stores file information in a file allocation table, FAT32 supports smaller clusters and larger volumes than FAT, and NTFS provides advanced features like permissions, encryption, and compression. A hub is a common connection point that copies packets to all ports so all network segments can see traffic. TCP/IP is the set of protocols used for the Internet and similar networks. DHCP dynamically assigns IP addresses and related information to clients to reduce administration workload. Server logs contain error information that can help trace and fix problems. Network documentation should include information about capacity planning and security.
Apache can function as both a forward and reverse proxy server. To configure it as a proxy, enable the proxy module, turn on proxy requests, and specify which clients can access the proxy. The proxy caches frequently accessed pages to improve performance and reduce bandwidth. It also provides security, access control, and logging of internet traffic on the network.
Features supported by squid proxy serverProxies Rent
Squid is a widely-used cheap proxy cache for Linux and UNIX platforms. The chapter discusses its configuration, the settings required to get it running, how to configure the system to do transparent proxying, how to gather statistics about the cache's use with the help of programs like Calamaris and cachemgr, and how to filter web contents with squidGuard.
Recommended Software and Modifications for Server SecurityHTS Hosting
Certain scripts and software are recommended for ensuring the security of a server. These include some modifications and third-party software that can be installed for gaining enhanced server security.
Drupal Continuous Integration with Jenkins - The BasicsJohn Smith
Please check out our new SlideShow of setting up and configuring a Jenkins Continuous Integration server for use within a Drupal development environment. We walk you through the steps of installing Ubuntu 10.04 LTS, Jenkins, Drush and several other PHP coding tools and Drupal Modules to help check your code against current Drupal standards. Then we walk you through creating a git post-receive script, and Jenkins job to pull it all together.
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
The document provides information on various topics for the CompTIA CASP exam, including:
1. A virtual trusted platform module (vTPM) which provides secure storage and cryptographic functions to virtual machines similarly to a physical TPM chip.
2. SELinux, which added mandatory access control to the Linux kernel to require authorization for processes to access files.
3. A storage area network (SAN) that provides block-level access to consolidated storage over a dedicated network, rather than using a local area network.
4. Issues with using BitLocker to encrypt the drive of a computer with multiple operating systems installed, such as only being available on certain Windows versions and requiring recovery keys
This document provides information about installing and configuring Linux, Apache web server, PostgreSQL database, and Apache Tomcat on a Linux system. It discusses installing Ubuntu using VirtualBox, creating users and groups, setting file permissions, important Linux files and directories. It also covers configuring Apache server and Tomcat, installing and configuring PostgreSQL, and some self-study questions about the Linux boot process, run levels, finding the kernel version and learning about NIS, NFS, and RPM package management.
The document discusses database security for MySQL databases. It covers types of security threats to databases like server compromise, data theft, and denial of service. It then discusses best practices for securing the database server location, installation, configuration, user accounts, and operations. Specific topics covered include choosing a secure MySQL version, restricting network access to the database, using secure remote administration techniques, and optimizing database types and permissions.
Wissbi is an open source toolset for building distributed event processing pipelines easily. It provides basic commands like wissbi-sub and wissbi-pub that allow receiving and sending messages. Filters can be written in any language and run in parallel as daemon processes configured through files. This allows constructing complex multi-stage data workflows. The ecosystem also includes tools like a log collector and metric collector that use Wissbi for transport. It aims to minimize operating effort through a simple design that relies mainly on filesystem operations and standard Unix tools and commands.
The document provides information about LAMP technology and its components - Linux, Apache HTTP Server, MySQL, and PHP. It discusses the advantages of using LAMP including easy coding with PHP/MySQL and low cost hosting. It also provides installation instructions and examples of basic commands for Linux, Apache, MySQL, and PHP.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
3. ABSTRACT
This “Do it yourself” guide is intended for any computer users who would like to improve their
internet experience by creating local copies of frequently visited sites making them load faster when
requested in future using Squid web cache.
“Sharing copies of software is everybody's natural right and nobody should ever take that away”, says
Richard Stallman, Australia.
Bill Gates once said, “the use of unauthorized copies of windows will get users addicted and eventually
Microsoft would find a way to charge them.”
4. INTRODUCTION
The need for the set up, configuration and deployment of a proxy server emanates from the need to
improve the internet experience-getting better internet speeds or rather response times when requesting
initially accessed web pages without necessary paying more to your ISP. This can be achieved by
setting up a proxy server within your local network which can cache previously accessed pages making
them load faster when requested in future.
A proxy server receives requests from clients, searches within itself for the resource requested and if
unavailable, the requests are forwarded to other servers on the internet. The responses are then cached
prior to sending responses to client connected to it via a LAN.
The server may also have limited content filtering features that may allow one to limit access to certain
resources perhaps totally or only grant access based on time, user of the system among other criteria
chosen during the design of the content filter's access control lists.
Proxy servers are not only meant to be used by ISP's, large companies, research institutions and
government institutions but may also be used in homes for instance to control what the children can
access over the internet and the amount of time they can be on line on a given day besides
accomplishing the improved speed satisfaction.
5. REQUIREMENTS FOR SETTING UP SQUID PROXY SERVER
Normally, a properly configured squid proxy server would not require high performance hardware
system to run efficiently. However, the following portion below has to be put into consideration.
Squid proxy server requires a considerably large RAM; at least 512MB for a small organization. Low
memory will significantly result in reduction in speed.
The other major consideration is disks. The faster the disk read and write speeds the faster squid will
operate. As a result, SCSI disks are normally preferred just because of the speed. The other advantage
of SCSI is that it can access seven different drives allowing for multiple reads and writes without a
slowdown in access. SATA disks can however, be used as they considerably fast speeds, are cheap and
are more readily available in larger sizes. ATA may be a poor option more so if they are on the same
channel, as the system has to wait simply because only one disk can be accessed at a time.
Choosing a suitable Operating System
Assuming you are working on a shoe-string budget, we shall opt for “your freedom first”, as the
controversial Richard Stallman puts it, stability, cost and the extent of support desired and thus, an open
source solution that is more secure and under which squid runs more efficiently than some proprietary
solutions available in the market, no malice intended whatsoever. We still need the proprietary
software.
There are a plethora of free and Open Source Linux distributions to choose from. The following are the
factors used to select CentOS(Community enterprise Operating System) as the distribution of choice:
1. It is stable
2. It is free
3. It is readily available for download
4. It is packaged with most applications required for the implementation of a proxy server.
5. It is a actively supported by its large community of users who mostly use it for server
applications.
6. The Linux Community will always have security patches available even within an hour of
discovering security vulnerabilities. Faster than what you get for the proprietary software as
6. they normally have smaller teams working on their source code.
Choosing a Proxy server application
The proxy server of choice is Squid web proxy cache as it can both act as web cache and has minimal
content-filtering features. Besides which it is free, well documented, rich in features and readily
available for download.
Other proxy servers that can be implemented on Linux are such as Oops, 3proxy which is freeware and
ipcorp which is still new in the market and not much information is presently available on the same.
Configuring proxy server
The following section describes the most frequently used options when configuring a squid proxy
server and as a result does not cover all the features that squid offers as this is beyond the scope of this
guide. This is probably going to be covered by someone else or probably is already covered.
NB: This document does not cover the installation process.
STEP I : Knowing your system
It is necessary to know the Hardware architecture, Operating system and its release number, the
application versions and the kernel number as some configurations may vary depending on any of the
above features. For instance, Squid version 2.6 and above configurations vary significantly that a
person whose previously used versions lower than 2.5 would not consider negligible.
These information is necessary and should be put into consideration when seeking for answers in Linux
forums, posting comments in blogs, mailing lists and other online communities. Below is a description
of how to obtain the above mentioned information:
Operating System distribution and release
The Linux distribution being used and its release can be retrieved prior to downloading of the disk
images. However, if the disks were downloaded by someone else or the system is already installed, one
7. can normally obtain this information during installation and on start up of the installed system. Hence,
our system will run on CentOS release 5.2 (final).
Hardware architecture
This may be categorized using bus-width, processor type etc. The most common architectures are:
a) x86 - This represents 32-bit systems and may be written as i386, i586, i686 and so forth.
b) x86-64 - This representation shows that a system has a 64-bit bus size.
Checking if applications are installed and their versions
This can be done on the terminal which can be accessed in the following manner. Go to Applications >
Accessories > Terminal to open gnome-terminal.
Alternatively, this can be accessed by pressing
ALT+F2 to open the run application and typing in “gnome-terminal” followed by clicking on the Run
button to run the terminal.
[admin@server ~]$ rpm -q squid
squid-2.6.STABLE6-5.el5_1.3
[admin@server ~]$
The above command shows that squid version 2.6 revision 6 is installed in release 5.2 of CentOS.
[admin@server ~]$ rpm -q iptables
iptables-1.3.5-4.el5
8. [admin@server ~]$
iptables version packaged in CentOS release 5.2 is version 1.3.5 and will be used in redirecting
requests from certain ports to the proxy server.
Kernel version
One can tell the kernel version using the uname command on the gnome terminal with the -r argument
as shown below to print the kernel version:
[admin@server ~]$ uname -r
2.6.18-92.el5
[admin@server ~]$
Interpretation of the output above is the kernel in use is release 2.6.18 minor revision 92. The minor
revisions are specific or relevant to a given Linux distribution while the major version number is
standard across the Linux distributions.
It is in good practice that you upgrade the base operating system installed prior to commencing the
configuration process. This will allow both the base system and the configurations to be updated unlike
attempting to upgrade an already configured system which would retain the configuration files.
STEP II: Basic Configurations
This section aims to get squid proxy to start successfully.
1. The first and critical step in configuring squid proxy server is confirming the existence of a default
configuration file which is normally in the /etc/squid/ directory and backing it up. These can be done as
shown in the following steps.
[admin@server ~]$ cd /etc/squid/
[admin@server squid]$ file squid.conf
squid.conf: ASCII English text
[admin@server squid]$ cp squid.conf squid.conf.default
[admin@server squid]$
9. Interpretation:
The first instruction changes the current directory to the directory where the squid configuration sits.
After which the the next instruction checks the type of file squid.conf (default configuration file) is.
Lastly, the default configuration file is backed up to squid.conf.default which can be used to restore the
default configuration in the event of a failure.
The default squid configuration file looks as shown below when opened from gedit, a text editor.
10. The lines that commence with the hash(#) symbol are comments hence, are not read by the squid
daemon. The comments are include instructions and examples of how to make configurations.
2. Check that the port to which squid should listen for is configured. The default is port 3128.
Whenever the redirecting application for instance the router or firewalling application sits on
the same server as the proxy then you only need to change the destination port to the port the
proxy is listening on. This makes squid listen on a port rather than a socket as would be the case
when we are redirecting requests from an external system. This is done as shown in the line
below:
...Snippet from /etc/squid/squid.conf....................................................................................................
http_port 3128
...Snippet from /etc/squid/squid.conf.....................................................................................................
3. Ensure that the cache_dir is set to an exiting location.
...Snippet from /etc/squid/squid.conf....................................................................................................
cache_dir ufs /var/sqool/squid 100 16 256
...Snippet from /etc/squid/squid.conf....................................................................................................
where, 100 denotes a cache size of 100MB
For configuration purposes, let the default http_access should be allowed to deny all connections this
line by default appears as shown below:
...Snippet from /etc/squid/squid.conf....................................................................................................
#Default:
# http_access deny all
...Snippet from /etc/squid/squid.conf....................................................................................................
11. To activate the above rule uncomment the line “http_access deny all”. Note that “all” as used is an
access control list that defines all ip addresses from any network. However, best practices would be to
copy the comment and append it below the comment to avail it for future reference or for the purposes
of rollback in the case of erroneous alterations.
STEP III: Start Squid
Prior to starting squid proxy server, swap directories should be created. This can be done using the
instruction “squid -z” as a privileged user or as the super user.
[root@server admin]# squid -z
2009/06/15 09:01:20| Creating Swap Directories
[root@server admin]#
Once this is done, ensure squid service run as a user with adequate permissions to read and write to the
cache directories and the log files.
Finally, start squid using the following command:
[root@server admin]# /etc/rc.d/init.d/squid start
Starting squid: .................... [ OK ]
[root@server admin]#
These can also be done as follows:
[root@server admin]# /sbin/service squid start
Starting squid: .................... [ OK ]
[root@server admin]#
To confirm that squid proxy server is running after start up, the status parameter may be sent to the
service command on specifying the service of interest as shown below:
[root@server admin]# /sbin/service squid status
12. squid (pid 5228) is running...
This is necessary to do as squid 2.6 STABLE6 has a bug and by default would print out that start up
failed even when startup is successful, for example the following sequence of commands would output
as shown in the figure below:
The above described bug does not interfere with the running of squid and as a result may be
overlooked. This bug should have been corrected in subsequent releases currently being squid 3.x.
To configure squid to start every time the system starts up, the following command may be executed.
[root@server admin]# /sbin/chkconfig --level 345 squid on
[root@server admin]#
In the above command, the digits 3, 4 and 5 specify the run levels in which if the system boots into
13. squid should run. Whereby, the default runlevel for squid is runlevel 5 which is the graphical mode
however, servers normally run in runlevel 3(text mode) which is more hardy and less prone to attacks
and failure and it is for this reason preferred for servers.
You can confirm that the configuration is effected using the following command:
[root@server admin]# /sbin/chkconfig --list squid
squid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@server admin]#
And as can be noted in the above output, Linux operating system normally has six distinct run levels
whereby, the run levels symbolize the following states:
Run level State
0 Shutdown
1 Maintenance
2 <user / distribution defined>
3 Text-mode
4 <user / distribution defined>
5 Graphical-Mode
6 Restart
Run levels 2 and 4 by default are not configured however, may be configured to conform to the desires
of the user or as thought necessary by a given Linux community.
STEP IV: Configure client browser
For this section, we shall use Mozilla Firefox 3.0.5 beta for illustration however, there exists a plethora
of other web browsers such as Safari, Internet explorer, Opera among others.
Procedure:
1. Click on the “Edit” menu on the browsers main menu.
2. Select the “Preferences” option.
3. On the pop up window, select “Advanced”
15. 5. Select click the “Settings...” button
6. Select the “Manual proxy configuration” radio button
7. Enter proxy IP address and its ports number.
The resulting image should be as shown below:
16. The proxy setting for the squid server and the port that squid listens for connection are 192.168.0.101
and 3128 respectively.
8. Restart the configuration to effect the new configuration.
Once the above configuration is done and squid is already running, an attempt to access a page on the
Internet via your browser would result in the following page. Below, is the default error page which can
be tailored to suite the tastes of the organization such as shown later in this guide.
17. The error page displays the URL of the page that the client attempted to access, the email address of the
person to be contacted in case access is denied erroneously, date and time of denial and the name of the
server that hosts the squid process among others.
This error page may be modified to suit the preferences of a given organization or network in general.
18. STEP III: Advanced Configurations
Since we've confirmed that squid is running with the default ACL restriction (http_access deny all)
enforced, we shall proceed to the next stage of designing, testing and enforcing custom ACLs that
satisfy the network needs for squid proxy.
STEP I: Things to remember
The ACL rule set are enforced / read from top to bottom . This means that if two rules contradict the
first of the contradicting rules shall be enforced. In the example below, instruction number 3 holds true
thus nobody shall be able to chat using google talk.
REMEMBER: The numbers are used for illustration and do not exist in the actual file.
...Snippet from /etc/squid/squid.conf....................................................................................................
1. acl google-talk port 5223 #XMPP over SSL
2. http_access accept google-talk
3. http_access deny google-talk
...Snippet from /etc/squid/squid.conf....................................................................................................
You can join ACLs to form a single rule. For example, the below ruleset implies deny google talk
access between Monday and Friday as from !0:00 a.m. To 2:00 p.m
...Snippet from /etc/squid/squid.conf....................................................................................................
acl google-talk port 5223 #XMPP over SSL
acl working-hours time M T W H F 10:00-14:00
http_access deny google-talk working-hours
...Snippet from /etc/squid/squid.conf....................................................................................................
19. Do not give ambiguity a chance. For instance, If a rule may stipulates, “allow clients on the MYNET
network to access the proxy server”. This is a valid rule and is not wrong by any standards but
remember it doesn't specify what happens to those not in the MYNET network thus, those not in the
MYNET network may still be able to access the proxy server. This ambiguity can be catered for by
creating a complimenting pair of rules. E.g.
http_access allow MYNET
http_access deny !MYNET
Design and implementation of ACLs
1. Write the rules in plain English
2. Convert them to ACLs using the supported squid acl types.
3. Concatenate ACLs where necessary to form a common rule.
For instance,
Only MYNET would use proxy
MYNET proxy clients should not access the following sites: www.facebook.com, www.myspace.com.
These would be converted to ACLs as follows:
acl MYNETWORK src 192.168.0.0/24
acl unwanted-sites url_regex -i “/acl/unwanted-sites.txt”
where, the file unwanted-sites.acl would contain a list of the sites each in a new line. E.g. As shown
below:
www.facebook.com
www.myspace.com
Finally, enforce the desired rules using the ACLs above created.
http_access allow MYNETWORK
http_access deny !MYNETWORK
http_access deny unwanted-sites
20. For list type ACLs that require maintenance or updating from time to time, it is advisable to create
them in a text file to avoid making erroneous alterations during the process of updating ACLs. These
ACLs can the stored in a specified order to install order in our case, “/etc/squid/acl/”.
The ACLs that have been created on my squid proxy server are as shown below:
These ACLS are used to create the rules shown below:
...Snippet from /etc/squid/squid.conf....................................................................................................
21. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access deny porn
http_access deny downloads
http_access allow social lunchtime
http_access deny social !lunchtime
http_access allow non_porn
http_access allow MYNET
http_access deny !MYNET
...Snippet from /etc/squid/squid.conf....................................................................................................
A list of the resource to be filtered may appear as a regular ASCII text file as this shown below:
[root@server admin]# cat /etc/squid/acl/social-sites.acl
facebook.com
hi5.com
myspace.com
[root@server admin]#
Squid ACLs
For the sake of order, we shall create a folder called acl inside the squid directory where we shall store
our ACLs. This we do as follows:
[root@server admin]# cd /etc/squid/
[root@server squid]# mkdir acl
[root@server squid]#
The ACLs used in this server can be categories into two:
a) Inline Acls
b) External ACLs
22. a) Inline ACLs
These are the ACLs defined within the file squid.conf some of them inlude:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl MYNET src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl working-hours time M T W T F 09:00-16:00
acl lunchtime time M T W T F 12:30-13:50
acl multimedia urlpath_regex -i .(mp3|avi|mpg|mpeg|asf|wmv|ra|rm|ram|asx|asf|afx|divx|m3u|viv|vivo|
vo|flv|swf)$
b) External ACLs
These are ACL that are defined in external files for our scenario we store them in the directory,
/etc/squid/acl . Squid can have ACLs of any extension as long as they are flat files.
23. Streaming
Streaming of multimedia has a tendency to grab large volumes of internet traffic thus, would result in
slowed internet speeds. Multimedia are way larger and thus would require more bandwidth to the
organization. Since streaming wouldn't add value to the organization, blocking streaming would break
no bone.
acl streaming req_mime_type -i application/octet-stream
acl streaming req_mime_type -i application/x-mplayer2
acl streaming req_mime_type -i video/x-ms-asf
acl streaming req_mime_type -i audio/midi
acl streaming req_mime_type -i audio/mpeg
acl streaming req_mime_type -i video/x-msvideo
acl streaming req_mime_type -i video/x-flv
Streaming is blocked using mime-types as shown above however, and is blocked using http_access
and http_reply_access as opposed to http request and this is shown below.
http_access deny streaming
http_reply_access deny streaming
Converting Squid to work in transparent caching mode
STEP I: Configure Squid to listen for transparent connections
As of Squid version 2.6 the squid service can be made to work on transparent mode by simply
appending the word transparent beside the proxy port number as shown below:
...Snippet from /etc/squid/squid.conf....................................................................................................
http_port 3128 transparent
...Snippet from /etc/squid/squid.conf.....................................................................................................
24. However, this is not all. We also need to configure iptables or a routes to redirect requests to the squid
server without making it necessary for one to make proxy configurations on the server clients. This
makes it difficult for the clients to circumvent the proxy server by removing proxy configurations from
the web browser they are using.
STEP II: Configure iptables to support Squid
Iptables is a RedHat Linux firewall application that could be used to redirect requests to the proxy
server. This can be done at the command line as follows:
[root@server admin]# iptables -F
[root@server admin]# iptables -t nat -F
[root@server admin]# iptables -t mangle -F
[root@server admin]# iptables -A INPUT -i eth0 -j ACCEPT
[root@server admin]# iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-
port 3128
[root@server admin]# iptables --table nat --append POSTROUTING --out-interface ppp0 -j
MASQUERADE
[root@server admin]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
In the configuration above, eth0 is the Network interface Card connected to the LAN whereas PPP0 is
the dial up modem that the squid server uses to connect to the internet. This configuration only
redirects port 80 to the proxy server however, it should redirect all ports that should be filtered to the
proxy server or the squid service to be precise.
The SSL port 443 and other secure communications should not be redirected to squid as the SSL key
would be altered and as a result no communication would occur as the host and client attempting to
communicate would close session as they would detect this as a “man in the middle attack”. This is
simply because squid does not support tunneling.
Restoring iptables script
One would be required to reload the configurations each time on rebooting the server using the
following command.
[root@server admin]# iptables-restore << /etc/sysconfig/iptables
However, this can be overcome by inserting the following line in the file /etc/rc.local using a text editor
of choice and as a result the configuration would be automatically reloaded on restarting the system.
The file will thus appear as shown below:
[root@server admin]# cat /etc/rc.local
#!/bin/sh
25. #
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
iptables-restore /etc/sysconfig/iptables
[root@server admin]#
Testing and Deployment
To test that squid is operating in transparent mode which is technically known as intercepting proxy
mode since the requests are hijacked, remove the proxy configurations form the client initially being
used for testing and change the system gateway to the squid server IP address and then attempt to
access a resource located on the Internet. If the results returned are those desired then your proxy
server is working alright.
Squid logs and administration
The squid proxy server may require regular administration to ensure it effectively filters content as
desired by the network administrators. This is necessary as the proxy clients are likely to identify
loopholes in the proxy configurations or even discover ways of circumventing the proxy server.
Updating of the ACL is necessary, and can be done with guidance from the squid generated logs that
inform the administrator of sites being visited, clients IP addresses, method used e.g. POST, GET, host
URL, action taken by the proxy server and the like.
a) Access logs
[root@server admin]# tail -f /var/log/squid/access.log
1245044255.491 0 192.168.0.240 TCP_MISS/503 1630 GET
http://tracker.thepiratebay.org/announce? - DIRECT/tracker.thepiratebay.org text/html
1245044382.269 82742 192.168.0.240 TCP_MISS/503 1626 GET
http://tracker.thepiratebay.org/scrape? - DIRECT/tracker.thepiratebay.org text/html
1245044382.269 66439 192.168.0.240 TCP_MISS/503 1630 GET
http://tracker.thepiratebay.org/announce? - DIRECT/tracker.thepiratebay.org text/html
1245044585.260 82105 192.168.0.240 TCP_MISS/503 1630 GET
26. http://tracker.thepiratebay.org/announce? - DIRECT/tracker.thepiratebay.org text/html
1245044592.423 1 192.168.0.240 TCP_MISS/503 1630 GET
http://tracker.thepiratebay.org/announce? - DIRECT/tracker.thepiratebay.org text/html
1245044605.450 1 192.168.0.240 TCP_MISS/503 1626 GET http://tracker.thepiratebay.org/scrape?
- DIRECT/tracker.thepiratebay.org text/html
1245044658.257 91210 192.168.0.240 TCP_MISS/503 1630 GET http://weather.noaa.gov/cgi-
bin/mgetmetar.pl? - DIRECT/weather.noaa.gov text/html
1245044908.245 82174 192.168.0.240 TCP_MISS/503 1630 GET
http://tracker.thepiratebay.org/announce? - DIRECT/tracker.thepiratebay.org text/html
1245050874.281 0 192.168.0.101 TCP_DENIED/403 1458 GET http://www.google.com/search? -
NONE/- text/html
1245051556.559 0 192.168.0.101 TCP_DENIED/403 1458 GET http://www.google.com/search? -
NONE/- text/html
b) Cache logs
[root@server admin]# tail -f /var/log/squid/cache.log
2009/06/15 10:27:07| 0 Objects expired.
2009/06/15 10:27:07| 0 Objects cancelled.
2009/06/15 10:27:07| 0 Duplicate URLs purged.
2009/06/15 10:27:07| 0 Swapfile clashes avoided.
2009/06/15 10:27:07| Took 26.2 seconds ( 4.8 objects/sec).
2009/06/15 10:27:07| Beginning Validation Procedure
2009/06/15 10:27:07| Completed Validation Procedure
2009/06/15 10:27:07| Validated 126 Entries
2009/06/15 10:27:07| store_swap_size = 744k
2009/06/15 10:27:08| storeLateRelease: released 0 objects
These logs are a very vital part of proxy administration and can help identify configuration loop holes
and unhandled sections prior to any reports being made by the clients.
27. SUMMARY AND CONCLUSION
A well configured proxy is very valuable to an organization however, a poorly configured proxy server
may present greater risks than in the absence of one thus, great care is necessary while setting up a
proxy server.
Squid is free and Open Source and is even better than most proprietary proxy servers in the market. Its
major flaw is the need for technical know how unlike the proprietary solutions which have easy to use
interfaces thus making them easier to configure and deploy.
There exist Graphical User Interfaces for configuring squid thus making it easier to configure.
However, great care is needed when choosing the right one to use as some delete the default
configuration file and create custom ones which in some cases may make squid to fail to start.
28. RECOMMENDATIONS
1. Individuals and firms in Kenya should use Squid and other Open Source Solutions prior to paying
dearly for proprietary options. Squid web cache is licensed under GNU GPL which permits anybody to
download, modify and redistribute it under GNU GPL.
2. For the purpose of content filtering, Dansguardian may be used as it is capable of tunneling hence,
can handle https connections which are likely to break when handled by squid which does minimal
content filtering.