Proxy
servers operate as an intermediary between a local network and
Internet. Requests from local clients for web services can be handled by
the proxy server. Squid is a high-performance HTTP and FTP caching
proxy server. It is also known as a Web proxy cache. As it stores data
from frequently used Web pages and files, it can often give your users
the data they need without their systems having to look to the Internet.
From
squid web proxy server you can control what should be access on your
network from internet. It could be act as a filter that could filter
everything from porn site to advertise , videos.
In our example we
will configure squid web proxy server and filter sites and deny
permission to specific host from accessing internet.
Configure squid web proxy server
Squid rpm is required to configure squid web proxy server check it for install if not found install it.
Check the hostname and ip address of server it will be use in editing of squid.conf
Main
Squid configuration file is squid.conf in the /etc/squid/ directory.
This file contains over 4000 lines in , but only a few are active by
default. Most of this file is filled with comments that describe most
directives and associated options. To make editing easier use show line
numbers options and locate desire tag from line number. We suggest you
not to cram line number use them only to locate the desire tag as a
simple enter can change the number of all lines in file.
open /etc/squid/squid.conf for editing
Show hidden line with : set nu option on vi command mode.
You need to add three lines to the squid.conf file in the /etc/squid/ directory before activating Squid
First editing is about hostname locate visible_hostname tag near about line no 2835.
Go in the end of this tag near about line no and add the hostname which you have checked in pervious command.
By default squid works on port no 3128 but can change this. Port tag is located near line no 73
For our example we using the default port.
Next editing is to create access control list. Access control tag is located near the line no 2226
We will create three access list.
- First to block host with ip address 192.168.1.7 from accessing internet.
- Second to block a particular site.
- Third to allow our lab network for accessing internet.
Final editing is to implement whatever access list you have configured in access list tag go to http access tag near line no 2482
In the end of this tag near line no 2529 apply the configured access list
Be
very careful about the order of access list alway put http_access deny
all line in the end of all line.
Whatever access list defined below the
http_access deny all line will never be checked.
You have made necessary changed in squid.conf now save it and return to command prompt.
We
have created a access list web_deny to filter the web traffic. We have
set http_access deny web_deny tag in squid.conf. Now you can add the url
of those websites in this file which you want block.
Now create /etc/squid/web_deny file.
For testing purpose in our example we are blocking www.google.com
You can add any sites url in this file which you want to block.
You have completed all necessary steps now start the squid service.
Squid client configuration
On client set the ip configuration. Set proxy servers ip 192.168.1.3 to default getway and dns server ip on client system.
Now open the web browser and set the port number and ip address of proxy server in connection tab.
If you can successful retrieve website mean squid is working correctly.
Now try to open www.google.com
Now go system which ip address is 192.168.1.7 and try to access after doing same setting
Now proxy works in clients controlled by Linux server.
No comments:
Post a Comment