|Squid Setup Guide|
Sebatino's Guide to Setting up Squid
In case you want to experiment with a cache server, then try this one, Squid Web Proxy Cache (or in short proxy). Before I begin explaining the whole thing, let me first gave you an overview why I used squid proxy.
In my environment, 150 PCs are connected to my 2 proxy servers. These stations are mostly used by students here. My boss instructed me to block all adult sites and any content that contradict our religion and beliefs (btw, were Catholics! Big deal! heh), and to disable mIRC connection (i dont know why, but its a different topic to be covered, I only intend this guide for internet connection only for workstations). So this is why I turned to Linux and force to learn it (now i love it! hehe)
So here we go, download the source (2.3stable4 at the present) from http://www.squid-cache.org/Versions/v2/2.3/
Once you have downloaded the file, untar it (tar -zxvf file.tar.gz) and then read the INSTALL & README files.
Now, to install squid, run the following commands:
./configure --prefix=/usr/local/squid make all make install
Once that is done we now have to edit squid.conf which should be located in /usr/local/squid. If it is not there, run updatedb followed by locate squid.conf and you should find it.
First, open up squid.conf (pico rules once again!) then look for http_port under NETWORK OPTIONS. The default is 3128 but you can also add 80 separated by space as long as it is not used. This port will go to your workstation browser proxy settings. If you have 220.127.116.11 as your proxy server ip local address, then on the browser proxy setting you will have 18.104.22.168 on port 3128 or 80.
Second, if you are on PPP connection and your ISP has given you their proxy setting for your browsers, try considering to put it in cache heirarchy since we have our own proxy settings (people with connection aside from a modem, you could skip this one). Look for cache_peer under OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM section. It will take the form of
cache_peer hostname type proxy_port icp_port [options] so I have cache_peer proxy.anyhosts.com parent 8088 3130
Note: If you dont want save the object fetched in your machine then put proxy-only on options
Third, we must know what workstation's ip address will be allowed or connected to your server. Lets try for example, 192.168.1.0 network, so meaning to say all those PCs connected to that network shall have internet access. Go to ACCESS CONTROLS. Here we will define some access lists, there are already have some lists by default, so leave it! Write somewhere after those defaults in that section where you could find it easily for debugging purposes. The format takes the form of
acl aclname acltype string1 ... acltype is one of src dst srcdomain dstdomain url_pattern urlpath_pattern time port proto method browser user string is the connecting client so we should have; acl anyname src 192.168.1.0/255.255.255.0
So now, that network is on the access list, lets allow them for connection they want. Go further down on the current section, look for http_access. There are also several default config, so leave it there, and write this at the bottom of the last default configuration;
http_access allow anyname
When you exit and save the current changes, try starting the squid daemon by issuing
squid -k reconfigure and/or /etc/rc.d/init.d/squid start
Lets check if squid is running
ps -aux | grep squid
If it is, try to configure your workstation be sure to include the squid proxy server ip add as the workstation gateway and the browser proxy setting I stated awhile ago. Btw, you can check out the logs at /var/log/squid. access.log is for those clients accessing the proxy and cache.log is for debugging purposes (this is where you should look if somethings goes wrong).
Ooppss, I forgot what my boss instructs me.. block adult sites! Open up squid.conf, go directly to ACCESS LIST then add this
acl pornsite url_regex xxxsite.com . . . acl pornsite url_regex until.all.the.known.pornsite.blocked.com
Then scroll down to your http_access section, insert this on top of our last entry on this section;
http_access deny pornsite
Restart squid and were done!
Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!
Copyright © 1997 - 2013 Private World Domination Inc. All rights reserved.