Squid Proxy Configuration:-

Installation and Configuration of Squid on Linux machine.

#yum install squid

Or

Download the rpm package and install….

For using squid proxy server Required 2NIC card, Assign LAN IP address to your Primary NIC,

And Assign Broadband/public IP in Secondary NIC card….

Use Public DNS in network configuration setup

And restart the service

#service network restart

#chkconfig network on

And try to ping the public gateway and your local LAN gateway address for successful ping request…

Before going to configuration file this proxy will only work in 180.190.29.X series network

To join other subnet to work,pls add this below command..

#route add -net 180.190.30.0 netmask 255.255.255.0 gw 180.190.29.1

#route add -net 180.190.40.0 netmask 255.255.255.0 gw 180.190.29.1

-net:- other subnetwork address

gw:- localnetwork proxy server gateway…

And finally add this command in /etc/rc.local it will work even after reboot….

And now we wants to configure squid in configuration file..

#vi /etc/squid/squid.conf

Defaultly SQUID binds to http_port 3128. But usually it is changed to 8080.

ACCESS CONTROL(ACL):-

In squid we configure things by writing rules. They are known as ACL rules.A simple ACL rule:

acl aclname acltype string1http_access allow|deny aclnameaclname = name of the ruleacltype = the type of string we are using eg:src, dststring = can be IPs, networks, URLs etcacl mynetwork src 192.168.0.0/255.255.255.0http_access allow mynetwork

NOTE: Specify the rules before the line

#http_access deny all Its because the rules are parsed from top to bottom.

To block internet usage from a particular IP address:

Write this rule:#acl block_ip src 192.168.0.XX#http_access deny block_ip

It should be above these lines#acl mynetwork src 192.168.0.0/255.255.255.0#http_access allow mynetwork

Else the rule will be cancelled because of the above rule[mynetwork]. Always keep in mind that Squid interprets rules from top to bottom.

To block internet usage from two or more IP addresses By ACL Lists:

Write this rule:

#acl block_ips src IP1 IP1#http_access deny block_ips

Eg:#acl block_ips src 192.168.0.21 192.168.0.22#http_access deny block_ips

Or you can define rules like this:#acl block_ips src 192.168.0.21#acl block_ips src 192.168.0.22#http_access deny block_ips

To block a particular URL:For blocking the URL www.yahoo.comFor blocking only one URL use the acl_type dst.

#acl block_site dst www.yahoo.com#http_access deny block_siteYou can see that site yahoomail is still accessible. So it blocks single URL only.To block only one domain:Eg for blocking all systems from accessing orkut.com

#acl block_site1 dstdomain .orkut.com

#http_access deny block_site1

To block a list of sites from / specified in a file:First we have to create a file and save all the URLs we want to block in that.In this example file is saved in /etc/squid/block_list.txt.

[root@proxy ~]# cat /etc/squid/block_list.txtwww.hotmail.comwww.ibm.comwww.hp.com

#acl block_list url_regex "/etc/squid/block_list.txt"#http_access deny block_list

Blocking the sites with Keywords:

[root@proxy ~]# cat /etc/squid/block_list0.txthotmailibmhp

#acl block_list1 url_regex -i "/etc/squid/block_list0.txt"#http_access deny block_list1

Note : -i -Specifies the case sensitive.

Finally restart the squid service…

Note:- while providing access for particular site images will not load so, check in “/var/log/squid/access.log” file there you should see some lines containing a "TCP_DENIED" followed by the URL containing the images or the other stuff that is not loading. BTW I've looked at Facebook pictures, and looks like they are pulled from fbcdn.net, so add that in your file and reload squid to test again

#service squid restart

#chkconfig squid on

And add the proxy server ip address and port number in your Windows /linux machine IE/Mozilla for working on the same…

In IE Tools-> Internet Options-> Connections Tab-Lan Settings there add the proxy server IP address as mentioned below

Click ok and close the IE and open check for the changes…..