Skip to content

Squid installation and configuration in ubuntu 12.04

September 8, 2013

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL. Following are the basic squid configuration

  1. Become Root
  • A sudo su
  • B Supply the student password
  1. Verify that you a network connections
  • Ifconfig –a

In case of DHCP Enable and does not ip Address try the fallowing.

  • Dhclient
  • /etc/init.d/networking restart
  1. Update apt package

Update is used to resynchronize the package from their resource, as it update the from the debian server package list files to local apt- get database. /etc/apt/source. list are package location

  • Apt-get update
  1. Search squid

Apt-get cache is a command used to get and manipulate information from Ubuntu package

  • apt-cache search “squid” | grep “^squid
  1. Install Squid

Install two packages of Squid

Squid

Squid-common

  • apt-get install squid squid-common
  1. Verify Squid was installed and running properly
  • service squid3 status

The service runs a System V init script or upstart job.

squid3, is the service.

status, asks the startup script list a PID if the process is running

6 Verify that squid is installed proprerly

  • service squid3 status
  • service run the System intials inti Script or upstart jobs
  • squids3 is the squid service
  • status ask the start up scrip list.
  • ps -eaf | grep -v grep | grep squid3
  • ps -eaf, show all processes
  • grep -v grep, filter out the grep process.
  • grep suid3, show only the squid process.

7 startup Script for Squid

  • ls -l /etc/init.d/squid3

squid startup script is lie on /etc/init.d/squid3.

8 Resstart the squid Squid with /etc/init.d/squid3

  • cd /etc/init.d
  • ./squid3 stop
  • ./squid3 start

9 Restart SSHD with the “service” command

  • service squid3 status

Note, if squid is running a process number is displayed call the PID(process ID). As 5568

  • ps -eaf | grep -v grep | grep 5568
  • service squid3 stop
  • ps -eaf | grep -v grep | grep squid3
  • service squid3 start
  • ps -eaf | grep -v grep | egrep ‘(squid3|3410)’
  • ps -eaf, display all processes.
  • grep -v grep, filter out the grep command.
  • egrep ‘(sshd|3410)’ search for any process containing the string squid or 3410.

10 Restart scripts for Squid

  • update-rc.d squid3 defaults

11 Verify script was restarted

  • find /etc/rc*.d/* -print | xargs ls -l | grep squid3
  • find /etc/rc*.d/* -print, list all the file in /etc/rc*.d/*
  • xargs ls -l, Use the xargs command to issue provide a long list of each file that find displays.
  • grep squid3, only display files containing squid3.  

12 Backup the Squid Configuration files

  • cd /etc/squid3cp squid.
  • conf squid.conf.BKP
  • ls -l squid.conf

13 Configure HTTP Proxy for testing proxy

Click on Manual proxy configuration,

HTTP Proxy: Supply Ubuntu Server IP Address

Port: 3128

14 View Squid Access Log

  • grep -i denied /var/log/squid3/access.log

                                          B Access control implementation

 1 TAG: visible_hostname line number.

  • cd /etc/squid3/
  • grep -n “visible_hostname localhost” squid.conf

This will produce the line number that will be used in the next step.  (In my case, Line Number: 3761)

  • vi +3761 squid.conf
  • The cursor should be on the start of the line that looks like the below
  • # visible_hostname localhost
      1. Change the Visible Hostname
  • Type “dw” This will delete all character in front of the word visible_hostname.
  • Right cursor over the where the “l” is highlighted in the word localhost.
  • Type “cw” This will allow VI to change the word.
  • Rename localhost to whatever you want to call the Squid Proxy Server.
  • In my case, I am calling it ComputerSecurityStudent.
  • Press the <Esc> key
  • Type “:wq!”
  • Press the <Enter> key.
  • Restart Squid

3 Test visible_hostname

Go Back to your Firefox Web Browser

  • Place http://www.cnn.com in the URI box.
  • Although CNN’s access is still denied,
  • localhost was changed to ComputerSecurityStudent.

4 Allow Access

  • ifconfig | grep eth | awk ‘{print $1}’The first returned interface will be used in the next step.
  • ifconfig eth0 | grep “inet addr:” | head -1
  • In my case, Ubuntu’s IP address is 192.168.1.104.
  • To convert this IP address simply replace the last octet of the IP with 0.
  • My subnet is 192.168.1.0
  • Since the Mask is 255.255.255.0, I know that this converts to a /24. E.g., 11111111.11111111.11111111.00000000
      1. Search For Possible Internet Network
  • cd /etc/squid3/
  • grep -n “192.168.0” squid.conf

Actually, use the IP Address 192.168.0 because this is a default rule in the squid.conf file.

    • This will produce the line number that will be used in the next step.  (In my case, Line Number: 703)
  • vi +703 squid.conf

5 Create Duplicate Entry

  • Press “yy” to make a copy of the line that contains “192.168.0.0”
  • Press “p” to past the copied line.
  • Continue to Next Step.

7View and Save Entry

  • Press “x” to delete the “#” character.
  • Right arrow over first number in the IP address and press “x” to delete the IP Address.
  • Press “i” to get into insert mode and type in the correct subnet and range.
  • Press the <Esc> key
  • Type “:wq!”
  • Press the <Enter> key.

6 Search for allow localnet

  • The cursor should be on the “#” character in the below line.E.g., #http_access allow localnet
  • Press the “x” key to delete the “#” character
  • Press the <Esc> key
  • Type “:wq!” to save the file
  • Press the <Enter> key
  • Restart Squid
  • Test Proxy server Access

7 Deny Access to Certain Websites

7.1 Search for “TAG: http_access”

  • cd /etc/squid3/
  • grep -n “TAG: http_access” squid.confThis will produce the line number that will be used in the next step.  (In my case, Line Number: 792)
  • vi +792 squid.conf

7.2 Deny Access to Certain Websites

  • Press Shift and “o” to add a blank line above the below line.
    • E.g., # TAG: http_access
  • Add the following two line
    • acl block_websites dstdomain .facebook.com .youtube.com
    • http_access deny block_websites
    • Press <Enter> to add spacing.
  • Press the <Esc> key to get out of insert mode.
  • Type “:wq!” to save and quit the file.
  • Press the <Enter> key

Advertisements

From → Linux

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: