Presentation is loading. Please wait.

Presentation is loading. Please wait.

Squid Jon Larsen Omaha Linux User Group May 2nd, 2006.

Published bySharleen Stewart Modified over 7 years ago

Similar presentations

Presentation on theme: "Squid Jon Larsen Omaha Linux User Group May 2nd, 2006."— Presentation transcript:

1 Squid Jon Larsen Omaha Linux User Group May 2nd, 2006

2 What is a proxy? proxy : the authority or power to act for another (source: Merriam-Webster Dictionary) A Web proxy provides a connection path for HTTP/HTTPS requests.

3 What is a cache? Cache : A hiding place esp. for preserving provisions (source: Merriam-Webster Dictionary) A cache stores objects from visited websites, such as images, PDF and HTML files.

4 What is Squid? ● Squid is a caching proxy ● Provide a single connection path for many client programs ● Can authenticate users to grant Internet access ● Provide time of day bandwidth allocation ● Monitor Usage ● Restrict Content

5 Installing Squid ● Generally, Squid is installed on your Gateway/Firewall box in which your internal LAN is connecting through ● Can be installed using apt-get, yum or yast or compiled from source ● Should be configured to run from init.d ● Requires a directory to store objects

6 Configuration ● The Squid configuration file is usually stored as /etc/squid/squid.conf ● On Fedora/CentOS/RedHat systems, the conf file is heavily annotated and self explanatory ● Items normally changed on a new installation: – http_port – dns_nameservers – cache_dir – http_access

7 Configuration http_port By default, Squid listens on port 3128. This can be changed or multiples can be specified. http_port 3128 http_port 8080 If you are on a firewall with multiple NICs, you may specify which ip address to listen http_port 10.0.0.1:3128

8 Configuration: dns_nameservers You can specify which DNS nameservers to use for your Squid proxy, overriding the system default. dns_nameservers 10.0.0.1 127.0.0.1

9 Configuration: cache_dir The cache_dir directive allows you to specify the directory in which to place your cached objects, and well as the maximum cache size to use to store cached objects. cache_dir ufs /var/spool/squid 100 16 256 Cache size will be 100MB, 16 directories with 256 subdirectories – change as you see fit.

10 Configuration: http_access An acl and http_access controls who can connect to the proxy. For simplicity, we will allow all clients to connect from our lan. http_access allow all - or - acl our_networks src 10.0.0.0/24 http_access allow our_networks http_access allow localhost http_access deny all

11 Running Squid Before you can run Squid, you need to setup the cache_dir you specified in the squid.conf file. The directory must be writable by squid. You can create the directory by running: squid -z

12 Running Squid Cont. Simply run squid using the init script: /etc/rc.d/init.d/squid start - or - /etc/init.d/squid start

13 Configuring Clients For a client such as a web browser to access the Squid proxy, you must configure the Connection Options using the manual setting. Put in the IP address/FQDN of your proxy and the port you are connecting to 10.0.0.1 3128 10.0.0.1 8080

14 Configuring Clients Alt Method You can use your firewall to intercept incoming port 80 requests and redirect them to your Squid proxy, removing the need to configure the client with the proxy ip and port. Example: iptables -A PREROUTING -t nat -i eth1 -p tcp \ --dport 80 -j REDIRECT --to-port 3128

15 ACL Access Control Lists ACL lists can be created to do content filtering or preventing certain objects from being cached (ie. MPEG files) Prevent MPEG files from being cached: acl MPG url_regex.mpg$ no_cache deny MPG

16 ACL Access Control Lists Cont. Content filtering can be done using two methods. A redirector or with a regex expression. Squidguard is a well known redirector Our example will be a regex on a file of keywords or urls.

17 ACL Access Control Lists Cont. The regex works using files which can be downloaded and stored in /etc/squid. acl porn url_regex "/etc/squid/porn" acl noporn url_regex "/etc/squid/noporn" deny_info ERR_EXAMPLE_ACCESS_DENIED porn http_access allow noporn all http_access deny porn all

18 Reference ● Squid website – http://www.squid-cache.org ● Squid Wiki – http://wiki.squid-cache.org ● Squidguard – http://www.squidguard.org ● Squid: The Definitive Guide – O'Reilly, ISBN: 0-596-00162-2

19 Omake From the Wireless Hacks book published by O'Reilly (ISBN: 0-596-00559-8) Hack #91 Using a squid cache remotely with SSH tunneling can allow you to use a squid running on your home firewall box to browse websites using wireless Internet access from your laptop – securely.

20 Omake Step 01 Configure and test Squid on your firewall Step 02 Create the tunnel from your laptop ssh -L3128:localhost:3128 mysquid.house -f -N Step 03 Configure your browser proxy

Download ppt "Squid Jon Larsen Omaha Linux User Group May 2nd, 2006."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Virtual Private Servers VPS David Nevala Lukins Annis PS.

Virtual Private Servers VPS David Nevala Lukins Annis PS.
SQUID Running SQUID in freeBSD Sufi Faruq Ibne Abubakar AKTEL, TMIB Bangladesh.

SQUID Running SQUID in freeBSD Sufi Faruq Ibne Abubakar AKTEL, TMIB Bangladesh.
UPSIDE-DOWN-TERNET – 2014 John BlackSpring 2014. Scamps.

UPSIDE-DOWN-TERNET – 2014 John BlackSpring Scamps.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Danguardian and Squid Proxy Installation and Configuration.

Danguardian and Squid Proxy Installation and Configuration.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.

IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
14 July 2004 1 CONFIGURING A PROXY SERVER IN LINUX BY ROHIT KAUL CS, BITS-PILANI.

14 July CONFIGURING A PROXY SERVER IN LINUX BY ROHIT KAUL CS, BITS-PILANI.
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.

DNS Setup DNS CONFIGURATION. DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information.

Similar presentations

Ads by Google