Scribd Logo
Upload

Welcome to Scribd!

  • Squid Web Proxy Configuration in Linux

    Uploaded by

    PSG
    28 views3 pages
    Squid Web Proxy Configuration in Linux

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Squid Web Proxy Configuration in Linux

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views3 pages

    Squid Web Proxy Configuration in Linux

    Uploaded by

    PSG
    Squid Web Proxy Configuration in Linux

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Squid Web Proxy configuration in

    Linux
    A proxy server is a device that usually sits between a client and the destination the user is trying to reach. It
    can provide security, anonymity, and even protection for the client behind the proxy. To help in this process
    is Squid, which is a web proxy server for Red Hat. It sits between the client and web server that the user is
    trying to connect to.
    Many times these devices are used when you want to control access to the Internet (think web filtering). As a
    web proxy, it can also cache data that users request from the Web and make it locally available, reducing the
    load on your external devices such as gateways and firewalls.
    Here, we look at how to set up a web proxy, define access control lists, and troubleshoot it.

    Task 1: Installing Squid


    Much as you did with the web server, you need to start by installing the package(s) needed for Squid. There
    is
    only
    one
    package
    required
    to
    install
    the
    Squid
    proxy
    server.
    Step 1. Install the package with the following command:

    # yum install -y squid


    Step 2. After its installed, verify:

    # rpm -qa | grep squid


    squid-3.1.4-1.el6.x86_64
    Next, you should turn on Squid at boot time. You use the chkconfig command to do this.
    Step 3. Enable Squid to start at boot:

    # chkconfig squid on
    Step 4. Verify the service will start at boot:

    # chkconfig squid list


    squid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
    Now that you know the package is installed and will start at boot, you can turn your attention to
    configuration.

    Task2: Configuring Web Proxy Server


    When setting up your proxy server, you need to know the following items:

    /etc/sysconfig/squid

    Startup options for the config file

    /etc/squid/squid.conf
    /var/spool/squid
    /var/log/squid

    Main config file for the service


    Cache location on the proxy server
    Log files for the proxy server

    As with most services you configure, the first item on the agenda is the main config file.
    I want to warn you first that although this config file has huge amounts of documentation and numerous
    examples, it contains over 4,000+ lines, so make sure you put aside some time if you plan to take on reading
    and going through this whole config file! As with Apache, configuring a web proxy server can be a daunting
    and sometimes lengthy process until you have it set up correctly.
    Lets look at some of the main configuration options:

    http_port Specifies the port to listen on


    visible_hostname Identifies the name of the Squid server
    hierarchy_stoplist Provides a list of words that tell the Squid server to handle the request
    access_log Keeps track of the web pages that are downloaded
    acl Defines an access control list
    http_access Defines which system or networks have access
    You can use the default port to run the Squid proxy, which will make testing a little easier. However, you can
    set the visible_hostname option to the name of your server:

    # nano /etc/squid/squid.conf
    visible_hostname = RHEL01
    You should also define the URL syntax for which the Squid server should not handle.
    An example would be form data that you want the server to submit directly and not cache your private data:

    hierarchy_stoplist cgi-bin ?
    Acl QUERY urlpath_regex cgi-bin \?
    cache deny QUERY

    Task
    3:
    Firewall
    and
    SElinux
    Configuration for Squid Server
    The firewall and SELinux requirements for Squid are actually quite simple. Squid uses port 3128 by default
    for its communication, so you should open this port on the firewall. Both the TCP and UDP protocols are
    used.
    Step 1. Use the iptables command to create your firewall rules:

    # iptables -I INPUT 5 -p tcp -m tcp dport 3128 -j ACCEPT


    # iptables -I INPUT 5 -p udp -m udp dport 3128 -j ACCEPT
    Step 2. Save the rules you just created:

    # service iptables save


    Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
    Step 3. Restart the firewall service for the changes to take effect:

    # service
    iptables:
    iptables:
    iptables:
    iptables:

    iptables restart
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: filter [ OK ]
    Unloading modules: [ OK ]
    Applying firewall rules: [ OK ]

    By default, you do not have to change SELinux for your Squid setup. You should know what the available
    options are, though:

    squid_use_tproxy
    Allows Squid to run as a transparent proxy
    (TPROXY)
    squid_connect_any
    Allows Squid to connect to all ports, not just
    HTTP, FTP, and Gopher ports
    If you want to enable either of these features, just make sure to adjust the SELinux Boolean value
    appropriately.
    As you can see, the firewall rules and SELinux requirements are really light for Squid. Before starting the
    service, though, we need to cover Squid security a little more in depth.

    You might also like