Annvix:Documentation/Squid

From linsec.ca
Jump to: navigation, search

This page contains content from the old Annvix.org wiki and has been moved here to preserve content. These pages have been retained for historical and nostalgic purposes only.
Please be aware that Annvix is no longer in development!


Squid

Squid is a robust, enterprise class, caching proxy server. Bluntly put, if you need a proxy, it is probably one of the best solutions available.

It is not, however, the most simple tool you can work with.

If you get dizzy and feel faint at the thought of configuring Apache through configuration files, managing sendmail with m4 and sendmail.mc or managing permissions with pam, then this is not the tutorial for you.

Note that there are a lot of good tutorials out there, but the complexity of the task in comparison to the detail of this tutorial means that reading and understanding documentation elsewhere will be absolutely required.

  1. Install squid, probably something like 
    apt-get install squid
  2. Spend some time getting to know the configuration file at /etc/squid.conf
  3. Add squid to services
    • srv --add squid
  4. I wish I thought this was an optional step
    Figure out what you did wrong by examining /var/log/service/squid/current
  5. Eventually get started and observe logs generated in /var/log/squid/access.log

Tips

  • You can create password files for the access control lists with htpasswd
  • If you want to do transparent proxying, you will need to use the keyword transparent in addition to the directions you will find in most places. You should also look at the Router documentation.


  • The line numbers are added for reference, but my testing squid.conf looks like this: 
1       http_port 3128 transparent
2       httpd_accel_host virtual
3       httpd_accel_port 80
4       httpd_accel_with_proxy on
5       httpd_accel_uses_host_header on
6       hierarchy_stoplist cgi-bin ?
7       acl QUERY urlpath_regex cgi-bin \?
8       cache deny QUERY
9       acl apache rep_header Server ^Apache
10      broken_vary_encoding allow apache
11      access_log /var/log/squid/access.log squid
12      refresh_pattern ^ftp:           1440    20%     10080
13      refresh_pattern ^gopher:        1440    0%      1440
14      refresh_pattern .               0       20%     4320
15      acl all src 0.0.0.0/0.0.0.0
16      acl manager proto cache_object
17      acl localhost src 127.0.0.0/8
18      acl localhost src 192.168.0.0/24
19      acl localhost src 10.0.0.3/32
20      acl to_localhost dst 127.0.0.0/8
21      acl whitelist dstdomain "/etc/squid/whitelist"
22      acl SSL_ports port 443 563
23      acl Safe_ports port 80          # http
24      acl Safe_ports port 21          # ftp
25      acl Safe_ports port 443 563     # https, snews
26      acl Safe_ports port 70          # gopher
27      acl Safe_ports port 210         # wais
28      acl Safe_ports port 1025-65535  # unregistered ports
29      acl Safe_ports port 280         # http-mgmt
30      acl Safe_ports port 488         # gss-http
31      acl Safe_ports port 591         # filemaker
32      acl Safe_ports port 777         # multiling http
33      acl CONNECT method CONNECT
34      http_access allow localhost
35      http_access deny !Safe_ports
36      http_access deny CONNECT !SSL_ports
37      http_reply_access allow all
38      icp_access allow all
39      cache_mgr youremail@youraddress.com
40      coredump_dir /var/spool/squid
Retrieved from "http://linsec.ca/index.php?title=Annvix:Documentation/Squid&oldid=567"
Personal tools
other sites