Squid Proxy

From Wiki

Revision as of 21:42, 14 December 2011 by Admin (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Setup Squid Proxy Server

apt-get install squid

Installs basic - but with no options.

Config Squid Proxy for Inital Use

The following options were added into /etc/squid/squid.conf

http_port 3128
//as an alternative to above, as I just wanted to access squid locally, I had:
http_port 127.0.0.1:3128  

That Should be It!
To allow individual Clients besides Localhost

acl phi src 136.201.146.211
http_access allow phi

Info and basic settings got from:
http://www.howtoforge.com/linux_secure_browsing_squid
Main One = http://www.debianhelp.co.uk/squid.htm



Bandwidth Delay/Limit using Squid Proxy Server ->

Example Used:

delay_pools 1 
delay_class 1 3 
delay_access 1 allow users 
delay_access 1 deny all 
delay_parameters 1 -1/-1 64000/64000 6000/64000 
#asumed 256 is top speed 
#1250=10 Kbps

http://www.squid-cache.org/mail-archive/squid-users/200411/0692.html

More Info at: http://knowlinux.blogspot.com/2006/04/bandwidth-throttling-using-squid.html

Logging on Squid Proxy Server

If you want to log all the access made to the Squid Proxy Server, which is very useful for debugging access requests, do the following:

vi /etc/squid/squid.conf
#uncomment the following:
cache_access_log /var/log/squid/access.log

Thats it.

Use identd to log users

In squids logs ( /var/log/squid/access.log ), you can have the username appear. Typically people may ssh in and portfoward port 3128 and then use localhost:3128 in their Internet Browser.

Install oidentd

apt-get install oidentd

oidentd listens on port 113. oidentd runs as a daemon and can be controlled in /etc/init.d/ Other identd packages don't come with init scripts.

Test identd

telnet localhost 113, and then enter: port1, port2 (where port1 and port2 are source and destination ports. Choose any numbers to test).

root@server:~# telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
1234,80
1234,80:ERROR:NO-USER
Connection closed by foreign host.

Edit Squid Config

vi /etc/squid/squid.conf
       acl ident_aware_hosts src 127.0.0.1/255.255.255.255
       ident_lookup_access allow ident_aware_hosts
       ident_lookup_access deny all

/etc/init.d/squid restart

That should be it. You can now tail your squid logs, and usernames will appear.

Personal tools