1 sudo apt-get install squid
Change configuration
2 sudo vim /etc/squid/squid.conf
# Squid normally listens to port 3128 (assign IP address)
http_port 192.168.1.5:3128
http_port 192.168.1.5:3128
#Default: (assign 20% from your RAM) (calculation: xRAM*20/100)
cache_mem 38 MB
cache_mem 38 MB
#Default: (maximal download package size on your hard disk)
maximum_object_size 16384 KB
maximum_object_size 16384 KB
#Default: (maximal download package size on your RAM)
maximum_object_size_in_memory 32 KB
maximum_object_size_in_memory 32 KB
#Default: (get free hard disk space policy)
cache_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
#Default: (get free memory space policy)
memory_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
#Default: (assign 80% of your /var partition in MBs) (calculation: xGB*1024*80/100)
cache_dir ufs /var/spool/squid 6062 16 256
cache_dir ufs /var/spool/squid 6062 16 256
#Default: (hide internal IP address)
forwarded_for off
forwarded_for off
#Default: (turn off squid information in http packages)
via off
via off
#Default:
# none: (use visible_hostname instead of none)
visible_hostname proxy
# none: (use visible_hostname instead of none)
visible_hostname proxy
Restart Squid
2 sudo /etc/init.d/squid restart
Change configuration
Allow IP address:
3 sudo vim /etc/squid/squid.conf
# Example rule allowing access from your local network.
acl office src 192.168.1.41-192.168.1.44
acl class src 192.168.1.11-192.168.1.31
acl laptop src 192.168.1.59
http_access allow laptop
http_access allow office
http_access allow class
Allow Samba users:
3 sudo apt-get install smbclient
4 sudo vim /etc/squid/squid.conf
find following lines and uncomment them:
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Add following line and change DOMAINNAME to your domain:
auth_param basic program /usr/lib/squid/smb_auth -W DOMAINNAME
auth_param basic program /usr/lib/squid/smb_auth -
# Example rule allowing access from your local network.
acl domainusers proxy_auth REQUIRED
http_access allow localhost
http_access allow domainusers
acl domainusers proxy_auth REQUIRED
http_access allow localhost
http_access allow domainusers
4 sudo /etc/init.d/squid restart
On samba server
create a file /usr/local/samba/lib/netlogon/proxyauth and add following line to file
allow
change proxyauth to group internet: sudo chgrp internet proxyauth
change permission of proxyauth: sudo chmod 640 proxyauth
If you want to allow all users to connect to internet you just write
chgrp users proxyauth
If you only want to allow members of the group internet to connect to the Internet you just write
chgrp internet proxyauth
Test proxy
5 use Firefox on a other machine and try to connect to http://checker.samair.ru/
Install squidguard
6 sudo apt-get install squidguard apache2
Enable squidguard
7 sudo vim /etc/squid/squid.conf
jump to the end of the file and add following lines:
# Tag redirect program
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
SquidGuard configuration
8 sudo vim /etc/squid/squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/lib/squidguard/db
logdir /var/log/squid
# DESTINATION CLASSES:
#
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gamble {
domainlist gamble/domains
urllist gamble/urls
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
}
acl {
default {
pass !adv !aggressive !drugs !gamble !porn !spyware !violence
}
}
Setup blacklist script updater
9 wget -c http://squidguard.shalla.de/Downloads/shalla_update.sh
10 vim shalla_update.sh
squidGuardpath=”/usr/bin/squidGuard”
squidpath=”/usr/sbin/squid”
httpget=”/usr/bin/wget”
tarpath=”/bin/tar”
chownpath=”/bin/chown”
dbhome=”/var/lib/squidguard/db”
squidGuardowner=”proxy.proxy”
Instead of $squidpath –k reconfigure:
/etc/init.d/squid restart
11 chmod +x shalla_update.sh
12 sudo mv shalla_update.sh /etc/cron.weekly/
13 sudo /etc/cron.weekly/shalla_update.sh
13 sudo /etc/cron.weekly/shalla_update.sh
Create Permission Denied Website
14 sudo mkdir /usr/lib/cgi-bin
15 sudo cp /usr/share/doc/squidguard/examples/squidGuard.cgi.gz /usr/lib/cgi-bin/
16 sudo gunzip /usr/lib/cgi-bin/squidGuard.cgi.gz
17 sudo chmod +x /usr/lib/cgi-bin/squidGuard.cgi
18 sudo mkdir /var/www/images
19 Create following pictures with Photo Shop
1 logo.jpg
2 white.jpg
sudo cp logo.jpg /var/www/images
sudo cp white.jpg /var/www/images
20 sudo vim /usr/lib/cgi-bin/squidGuard.cgi
change: $image = "/images/blocked.gif";
to: $image = "/images/white.jpg";
change: $redirect =”http://admin.your-domain/images/blocked.gif”;
to: $redirect =”http://192.168.1.5/images/white.jpg”;
change: $proxymaster =”operator\@your-domain”;
to: $proxymaster =”wec_vtc\@online.com.kh”;
change: “http://info.your-domain/images/eto.small.gif”;
to: “http://192.168.1.5/images/logo.jpg”;
change: “http://www.your-domain/”;
to: “http://www.wec-ap.org/”;
Restart Squid
21 sudo /etc/init.d/squid restart
Test proxy
22 use Firefox on a other machine and try to connect to http://www.drugs.com
Note:
if you have problems with squidGuard: try to change permission from dbhome and start optimizing db again: (sudo –u proxy = run command with proxy rights)
sudo chown proxy.proxy –R /var/lib/squidguard/db
sudo –u proxy squidGuard –C all
No comments:
Post a Comment