Proxy servers operate as an intermediary between a local network and Internet. Requests from local clients for web services can be handled by the proxy server. Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. As it stores data from frequently used Web pages and files, it can often give your users the data they need without their systems having to look to the Internet.
So let's begin the tutorial.
Firstly we should install the squid in our linux system.
It's different from each linux dist but here i will get the ubuntu OS for example. And there is no more difference on these steps just browse over internet to know how to install squid to your linux OS.
Ok get the terminal and type
apt-get install squid3
As i said this is for ubuntu. apt-get install will remains as same in other Linux OSs. But dunno about squid.
Then we have to set a static IP to our server. Go to System Settings and Networks. You can change the IP, Gateway, DNS there without bothering of the commands in the terminal.
To check surely the Squid has installed in the system go to etc folder in file system or root. Try to find something like squid. In this case it's "squid3".
Go to the terminal and type
sudo nano /etc/squid3/squid.conf
Using this command we are going to open the squid.conf with nano for editing purpose.
Then you will see a more than 5000 lines of doc in there.
press ctrl+w and searching menu will appear. type visible_hostname. It will go to the point that phrase exist and when you slowly scroll down you will see under the default: , after the visible_hostname localhost or something. Give it a desired name or it's better to use your machine host name (type in the terminal hostname and enter.)
Again press ctrl+w and type to search tag: acl.
now we are going to build access control list. In this scenario i'm going to do this.
- block internet to 192.168.100.250
- allow internet to all of other network users
- but block www.facebook.com for every user
So lets we write a ACL to achieve these settings
scroll down after pointing the tag: acl. after default: you will see there is a acl as "acl all src all".This is default. Now i'm gonna write following ACLs.
acl deny_host src 192.168.100.250
acl allow_network src 192.168.100.0/24
acl deny_web dstdomain "/etc/squid3/deny_web"
acl all src all - this is default one
src=source dst=destination dstdomain=destination domain
This is how we write acl to achieve above internet filtering. In the last acl we have open a acl called "deny_web" and we suggest it to look for certain destination domains where in /etc/squid3/deny_web. This was not in that folder but we are creating this to add the domains that we want to block. When you go to that directory you can see deny_web.conf file has there.
Are we done???
no we have to assign those ACLs to http access list. In acl list we are only saying to the squid "hey squid you are going inspect on these elements with these parameters". How we say to squid "don't allow these elements but you should allow these eliments through you". This is how it's gonna happen.
again ctrl+w search for tag: http_access. scroll down and after default: you will see there already an access rule saying http_access deny all. Remember this is the most important part. You should aware about this allow and deny. keep the http_access deny all at the bottom every time. It should be there. Or else there should be allow all. But if we want to permit only trusted connections and we want to abort all others deny all is huge privilege. Remember, squid read this rules top to bottom. So top one gets high priority.I will say you a simple trick to get easy with these rules.
Let assume you are in a position which is all post cards from your country(let say US) inspected by you. You got a following list to filter out the post cards.
- Deny post cards from New York.
- Deny post cards to new delhi in India
- Allow post cards from America
- Deny any
Let's say accidentally you got a post card that has "from: Ottawa,Canada to: colombo,sri lanka
ok you look at the list will see is it from new york? no.Is it to delhi in India? no. Is it from America? no. Then you see deny any. So you drop the post card. Let's say you are getting post card "from : Virginia,America to : Delhi,India". So you look at the list...Is it from New york? no. Is it to Delhi in India? oops.yes. it is. So you drop it. Because it says deny post cards to New Delhi in India. The important thing is you are not going to look at the third rule. "Allow post cards from America". Because you give high priority for top rules. Is it from America? yes it is. But it was not in the top of the other rules. So now you have dropped it. The Squid server (and most of ACLs) following like this method. It's agree with the first rule that's gonna be "true" with the situation by looking IP addresses, domain names, ports and other things inside the request packets and it will pass through it or block.
So let's make the Http_access list
http_access deny deny_host
http_access deny deny_web
http_access allow allow_network
http_access deny all
ok now you finish.
press ctrl+x and ask are you sure to save this changes. Give Y and press enter.
Now you should input what sites are going to block under the deny_web acl. To do that get the terminal and type sudo nano /etc/squid3/deny_web
then enter the web site to block. As to our example www.facebook.com. Type it and ctrl+x press y to save and press enter.
now you are done. Go to client machines and go to Internet Properties > Connections > LAN Settings . Tick "Use a proxy server for your LAN" and enter the IP of the server. And the port you can find go to server get the terminal and type nano /etc/squid3/squid.conf and ctrl+w , search for http_port.
There you will see what port squid is listening. Enter that port on the port: text box of proxy settings of the client machine. So check it out.
There you will see what port squid is listening. Enter that port on the port: text box of proxy settings of the client machine. So check it out.
No comments:
Post a Comment