Jopa Posted March 2, 2013 Posted March 2, 2013 (edited) Requirements: 1. Active Internet Connection via any means. 2. Super user or root access. Procedure: Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command: # yum install squid Step 2: Adding Squid to system start up (program starts when system boots up). # chkconfig --level 35 squid on Numbers 3 and 5 indicates the run-levels of Squid. ‘3‘ indicates text mode and ‘5‘ indicates GUI mode. Step 3: Now to start the Squid Service: # service squid start Step 4: To open the squid configuration file # vi /etc/squid/squid.conf If you see this error on the log file: “WARNING: Could not determine this machines public hostname. Please configure one or set ‘visible_hostname’ ”. This needs to be changed, and do something like this: visible_hostname yourhost Step 5: Defining Access Control Lists (ACL) Access Control Lists are used for purposes like: 1. restrict usages 2. limit web access for host(s). 3. To allow your network to use internet ACL Syntax: acl aclname acltype value aclname = rulename (something like personalnetwork ) acltype = type of acl like : src, dst (src:source ip | dst:destination ip) value = this could be ip address, networks, URLs , etc. Example: This example will allow the localhost to access the internet. acl localhost src 127.0.0.1/40 http_access allow localhost Step 6: Allowing a particular network ip range to access internet Find these lines in squid.conf file: # http_access allow localhost # http_access deny all Replace the above two lines like this: # acl personalnetwork src 10.10.1.0/24 # http_access allow localhost # http_access allow personalnetwork # http_access deny all Step 7: Restart your Squid server # service squid restart Note: if you encounter some error for using “/24“ change it to “ /255.255.255.0 “ and now restart your squid server Step 8: Blocking Internet access for a particular IP address # acl block_it src 10.10.1.20 # http_access deny block_it # acl personalnetwork src 10.10.1.0/24 # http access allow personalnetwork The above acl will block internet access only for 10.10.1.20 and the rest will have access. Step 9: Restricting internet access by time or Working hours # acl personalnetwork src 10.10.1.0/24 # acl working_hours time M T W H F 13:00-17:00 # acl block_it src 10.10.1.20 # http_access deny block_it # http_access allow personalnetwork working_hours Step 10: Block particular URL # acl block_website dst www.facebook.com # http_access deny block_website Step 11: Blocking a domain and its sub-domains # acl blocked_domain dstdomain .google.com # http_access deny blocked_domain Step 12: Blocking a list of websites using a text file We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal # touch /etc/squid/black_list.txt # chmod 444 /etc/squid/black_list.txt # vi /etc/squid/black_list.txt Enter the url of the websites need to be blocked like this www.xxx.com www.yyy.com Now create a create rules in ACL by opening the config file and type the below rules # acl black_list url_regex "/etc/squid/black_list.txt" # http_access deny black_list Also you can block URL’s containing specific words like this: # acl prevent_word url_regex sex # http_access deny prevent_word Case sensitive words can also be blocked like this ” -i sex ” Step 13: Block types of files for download # acl block_type url_regex .*\.exe$ # http_access deny block_type # acl block_type dstdom_regex \.br$ # http_access deny block_type Step 14: Prompting Username and Password from clients # htpasswd -c /etc/squid/squid_pass your_username When it prompts for the password enter a new password that you would like to authenticate. Now set permissions for this file # chmod o+r /etc/squid/squid_pass Now open the config file and add these lines # auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass # acl ncsa_user proxy_auth REQUIRED # http_access allow ncsa_user I hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux Edited March 30, 2018 by Fearless News Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.