(LINUX BASED WEB PROXY SERVER)

PRESENTED BY:

Javeria

11-arid-3303

MIT-3

University Institute of Information Technology , Rawalpindi(UIIT,UAAR)

Pakistan

Topics to be covered:

What is Web Proxy??

Purpose of using Proxy

Squid

Installation & Configuration Of Squid

Demo

Web Proxy

A web proxy is a is a server (a computer system or an

application) that acts as an intermediary for requests from

clients seeking resources from other servers.

browser Web proxy server

internet

Main purpose of using proxies

Improve Performance

o Caching

o Bandwidth control

Provides detailed logs of user activity

Filter Requests

Surfing Anonymously

Security

Some proxies

– Microsoft Proxy Server– Nginx– Ccproxy– Squid

SQUID

SQUIDSquid is a free, open source, mostly used proxy caching

server

Internet Service Providers (ISPs) have used Squid proxy servers since the early 1990s to provide faster download speeds for delivering rich media and streaming video.

Website operators frequently put a Squid proxy server as a content accelerator, caching frequently viewed content and easing loads on Web servers, to improve the experience of viewers, load balancing and handling traffic spikes for popular content.

Squid as Proxy Cache

Squid acts as a proxy cache. It behaves like an agent that receives requests from clients (web browsers) and passes them to the specified server.

When the requested objects arrive at the agent, it stores a copy in a disk cache.

When different clients request the same objects: these are served directly from the disk cache, much faster than obtaining them from the Internet.

This results in less network traffic and thus saves bandwidth.

FEATURES Squid provides a number of great features useful

for administrative purpose such as:

allow/ deny access to specific sites

allow/ deny access to specific clients/ users

block URL(s) with specific word

deny some port numbers Squid support the use of a database such as mySQL for

storing the access control list

With squid, you can also:

limit the number of connections from a client

allow some clients/users to use the cache at specific times

customize, or make your own error messages.

use proxy-authentication. In this scheme, you assign usernames and passwords to individuals. When they first use the proxy they are asked to authenticate themselves by entering their username and password.

Maintain user log

SQUID LOG FILE

sudo gedit /var/log/squid3/access.log

You can use this file to find out who is using squid server and what they are doing etc

Define ACLs in configuration file and apply rules on them.

ACLs have many options to restrict access based on source ip address, destination ip address, source domain, and destination domain. A properly configured set of ACLs can do things like:

○ restrict access to websites by IP address,○ limit or block websites by name,○ restrict web access by time and day, or○ regular expression matches, such as .exe files or “game”

in URL names.

Squid ACLs (Access Control Lists)

Squid ACLsSyntax to create and implement ACL:

○ acl aclname acltype argument ... ○ aclelement allow(/deny) aclname

Examples:○ acl blocked_websites dstdomain .reddit.com .twitter.com○ http_access deny blocked_websites

○ acl badURL url_regex valentine○ http_access deny badURL

○ acl pm_work time MTWHF 15:00-17:00○ http_access deny pm_work

ACL TYPES AVAILABLE

Squid knows about almost 25 types of ACL. Some of them are:src: source (client) IP addressesdst: destination (server) IP addressessrcdomain: source (client) domain namedstdomain: destination (server) domain nametime: time of day, and day of weekurl_regex: URL regular expression pattern matchingmaxconn: a limit on the maximum number of connections from a

single client IP addressmax_user_ip: a limit on the maximum number of IP addresses one

user can login from

There are a number of different access lists elements. Some are:http_access: Allows HTTP clients (browsers) to access the HTTP

port. This is the primary access control list.cache: Defines responses that should not be cached.url_rewrite_access: Controls which requests are sent through the

redirector pool.always_direct: Controls which requests should always be

forwarded directly to origin servers.never_direct: Controls which requests should never be forwarded

directly to origin servers.delay_access: Controls which requests are handled by what 

delay poollog_access: Controls which requests are logged. This is global and

overrides specific file access lists appended to access_log directives.

ACCESS LISTS ELEMENTS AVAILABLE

Squid resources Official web site:

http://www.squid-cache.org/

Contains:FAQLots of great information!

HARDWARE REQUIREMENTS FOR INSTALLING SQUID

LINUX operating system 128MB RAM minimum recommended Disk

512MB to 1GB for small user counts16GB to 24GB for large user counts

DOWNLOAD AND INSTALL

In Ubuntu:

sudo apt-get install squid[APT stands for “Advanced Packaging Tool”]

In Redhat / CentOS  

yum install squid[YUM stands for “Yellowdog Updater, Modified”]

EDIT CONFIGURATION FILE

Command to Open conf file:

sudo gedit /etc/squid3/squid.conf

Make these changes in conf file: http_access deny all > change it to http_access allow all acl blocked_websites dstdomain .twitter.com http_access deny blocked_websites

Save and close conf file

Restart squid

sudo service squid restart

CONNECT TO PROXY SERVER

Open Web Browser

Go to: Connection Settings Internet Properties LAN Settings Manual proxy configuration

Http proxy: ip address of proxy serverPort : 3128 (default port for Squid proxy server)

UNINSTALLING SQUID

In Ubuntu:

sudo apt-get remove squid

In Redhat / CentOS  

yum remove squid

THANK YOU!

Javeria(11-arid-3303)