Squid3

Description

Squid3 is a popular appliaction that used as web proxy cache server which provides proxy and cache services for HTTP, HTTPS, FTP, gopher and other popular network protocols. Squid can implement caching of Domain Name Server (DNS) lookups and caching and proxying Secure Sockets Layer (SSL) requests, and perform transparent caching.in addition, Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol (WCCP)

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance

Usage

Syntax

squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal]

Options

       -a port   Specify HTTP port number (default: 3128).
       -d level  Write debugging to stderr also.
       -f file   Use given config-file instead of
                 /etc/squid3/squid.conf
       -h        Print help message.
       -k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
                 Parse configuration file, then send signal to 
                 running copy (except -k parse) and exit.
       -s | -l facility
                 Enable logging to syslog.
       -u port   Specify ICP port number (default: 3130), disable with 0.
       -v        Print version.
       -z        Create missing swap directories and then exit.
       -C        Do not catch fatal signals.
       -D        OBSOLETE. Scheduled for removal.
       -F        Don't serve any requests until store is rebuilt.
       -N        No daemon mode.
       -R        Do not set REUSEADDR on port.
       -S        Double-check swap during rebuild.
       -X        Force full debugging.
       -Y        Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.

Command 

Start Squid3 Service :  

cyborg@cyborg:~$ sudo service squid3 start
[sudo] password for cyborg: 
squid3 start/running, process 4690

Getting Start With Squid3 : 

Before Proceeding With Anything Make A Backup Of Conf File :

sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.default

Configuring Squid as an HTTP proxy

Squid Proxy can be used as an HTTP proxy to bypass local network restrictions, or mask your true location to the world.

Basic Setup

To use Squid as an HTTP proxy, using only the client IP address for authentication.

  1. Edit the Squid configuration file and add the following lines:

    /etc/squid3/squid.conf

    acl client src 12.34.56.78 # Home IP http_access allow client

    Be sure to replace client with a name identifying the connecting computer, and 12.34.56.78 with your local IP address. The comment # Home IP isn’t required, but comments can be used to help identify clients.

  2. Once you’ve saved and exited the file, restart Squid:

    sudo service squid3 restart
  3. At this point you can configure your local browser or operating system’s network settings  as an HTTP proxy. Once you’ve made the change to your settings, test the connection by pointing your browser at a website that tells you your IP address, such as ifconfig, What is my IP, or by Googling What is my ip.

  4. Additional clients can be defined by adding new acl lines to /etc/squid3/squid.conf. Access to the proxy is granted by adding the name defined by each acl to the http_access allow line.

Advanced Authentication

The following configuration allows for authenticated access to the Squid proxy service using usernames and passwords.You will need the htpasswd utility.

    1. Create a file to store Squid users and passwords, and change ownership:

      sudo touch /etc/squid3/squid_passwd
      sudo chown proxy /etc/squid3/squid_passwd
    2. Create a username password pair:

      sudo htpasswd /etc/squid3/squid_passwd user1

      Replace user1 with a username. You will be prompted to create a password for this user:

      
      
         New password:
         Re-type new password:
         Adding password for user user1

You can repeat this step at any time to create new users.

  1. Edit the Squid configuration file and add the following lines:

    /etc/squid3/squid.conf

     auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd 
     acl ncsa_users proxy_auth REQUIRED
     http_access allow ncsa_users
  2. Once you’ve saved and exited the file, restart Squid:

    sudo service squid3 restart
  1. At this point, you can configure your local browser or operating system’s network settings to use as an HTTP proxy. You will need to specify that the server requires authentication, and provide the username and password. How to do this will depend on your choice of OS and browser. Once you’ve made the settings change, test the connection by pointing your browser at a website that tells you your IP address, such as ifconfig, What is my IP, or by Googling What is my ip.

  2. To remove a user’s access to the proxy, you must delete their entry in the squid_passwd file. Each user is represented in the file on a single line in the format of user:passwordhash:

    /etc/squid3/squid_passwd

    user1:\$p948w3nvq3489v6npq396g user2:\$q3cn478554387cq34n57vn

    If you are using Nano, the command Control+k will remove the entire line where the cursor rests. Once you’ve saved and exited the file, restart Squid:

    sudo service squid3 restart

Anonymizing Traffic

In order to mask your IP address from servers you connect to, you will need to add the following lines to the Squid configuration file.

/etc/squid3/squid.conf

 forwarded_for off
 request_header_access Allow allow all
 request_header_access Authorization allow all
 request_header_access WWW-Authenticate allow all
 request_header_access Proxy-Authorization allow all
 request_header_access Proxy-Authenticate allow all
 request_header_access Cache-Control allow all
 request_header_access Content-Encoding allow all
 request_header_access Content-Length allow all
 request_header_access Content-Type allow all
 request_header_access Date allow all
 request_header_access Expires allow all
 request_header_access Host allow all
 request_header_access If-Modified-Since allow all
 request_header_access Last-Modified allow all
 request_header_access Location allow all
 request_header_access Pragma allow all
 request_header_access Accept allow all
 request_header_access Accept-Charset allow all
 request_header_access Accept-Encoding allow all
 request_header_access Accept-Language allow all
 request_header_access Content-Language allow all
 request_header_access Mime-Version allow all
 request_header_access Retry-After allow all
 request_header_access Title allow all
 request_header_access Connection allow all
 request_header_access Proxy-Connection allow all
 request_header_access User-Agent allow all
 request_header_access Cookie allow all
 request_header_access All deny all

Once you’ve saved and exited the file, restart Squid:

sudo service squid3 restart

Partial Source : https://www.linode.com

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?