interview question and answer

June 24, 2012

SQUID Configuration On RHEL-5

SQUID Configuration On RHEL-5
  SQUID (PROXY SERVER)
Setup:


Server: maheshlinux-server (192.168.4.1 Local Network IP)

Client: Linux & Windows XP/2003 etc...

Default Port NO: 3128



Requirement: This SQUID package available on RHEL5 DVD only

squid-2.6.STABLE6-3.el5

Installation Of Required Packages:

[root@maheshlinux-server RHEL5_Total_Pack]# rpm -i squid-2.6.STABLE6-3.el5

warning: squid-2.6.STABLE6-3.el5: Header V3 DSA signature: NOKEY, key ID 37017186

[root@maheshlinux-server RHEL5_Total_Pack]#

Configure SQUID config file:


NOTE: Modify squid.conf file (Before Modifying any Files take one backup copy)



[root@maheslinux-server ~]# cd /etc/squid

[root@maheshlinux-server squid]# vi squid.conf

Uncomment Bellow lines in config file...




Access Control Lists

# Add in ACL your local network information

acl all src 192.168.1.0/255.255.255.0 (Allow here your local network Address)



One Sample Passage for ACL configuration



#Recommended minimum configuration:

acl all src 192.168.4.0/255.255.255.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl blocksites dstdomain .orkut.com

acl blocksites dstdomain .facebook.com

acl blocksites dstdomain .youtube.com

http_access deny blocksites

acl banned src 192.168.4.3

http_access deny banned

acl localnetwork src 192.168.1.0/24

http_access allow localnetwork

acl blockfiles urlpath_regex /etc/squid/blocks.files.acl

deny_info ERR_BLOCKED_FILES blockfiles

http_access deny blockfiles

acl business_hours time M T W H F 9:00-19:00

acl RestrictedHost src 192.168.1.3

http_access deny RestrictedHost

http_access allow business_hours

acl bad url_regex "/etc/squid/squid-block.acl"

http_access deny bad



Now Try To Start SQUID Service & Keep Permanently On:



[root@maheshlinux-server squid]# service squid status

squid is stopped

[root@maheshlinux-server squid]# service squid start

Starting squid: [OK]

[root@maheshlinux-server squid]# chkconfig squid on

[root@maheshlinux-server squid]#



Now Check SQUID/PROXY with Windows Client:



Go To Internet Explore --> Properties --> Connections --> LAN Settings --> Use a Proxy Server for your LAN --> Give server IP or Name --> Port 3128 --> OK



BLOCKED SITE EXAMPLE (ORKUT SITE)



For Writing our own Notice Messages and all modification you can do in /usr/share/squid/errors/English

[root@maheshlinux-server English]# vi ERR_ACCESS_DENIED

Write Message Save & Exit and Restart once your squid server.










No comments: