Build a Linux Secure Squid Proxy Server

This article describes how to use a very famous and common Squid Proxy Server in Linux, and focuses on how to use the access control policy provided by it to ensure the legitimate use of the proxy server.

The proxy server is used to obtain network information from a proxy network user.
Transfer Station. With the widespread use of proxy servers, a series of security problems emerge. Because the access control policy of the proxy server is not configured in detail, users can freely access many pornographic and reactionary illegal sites through the proxy server, these actions are often difficult to track and cause great inconvenience to management.

Squid is the agent server software for caching Internet Data in Linux. It receives user download requests and automatically processes the downloaded data. That is to say, when a user wants to download a home page, he can send an application to Squid to download it instead of Squid. Then Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained. When another user applies for the same page, Squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast. Currently, Squid can proxy HTTP, FTP, GOPHER, SSL, and WAIS protocols. It cannot proxy POP3, NNTP, and other protocols. Squid can work in many operating systems, such as AIX, Digital, Unix, FreeBSD, HP-UX, Irix, Linux, NetBSD, Nextstep, SCO, Solaris, OS/2, etc.

Install and configure Squid Server

Generally, there are two ways to install Squid: one is to obtain the RPM package of the software from Red Hat Linux 9; second, install from Squid's official site point http://www.squid-cache.org/download the software source code to compile and install. The latest stable version of the current online for the squid-2.5.STABLE10, the following version as an example to introduce the two installation methods.

Working principle of Squid Server

1. Install the RPM package

First, check whether squid has been installed:

# Rpm-qa | grep squid

Red Hat Linux9 comes with the Squid installation package. Place the first installation disc into the optical drive and mount the disc partition:

# Mount/mnt/cdrom

Then, go to the/mnt/cdrom/Red Hat/RPMS directory:

# Cd/mnt/cdrom/Red Hat/RPMS

Finally, execute the installation:

# Rpm-ivh squid-2.5.STABLE1-2.i386.rpm

Of course, we can also install the software when starting to install the system.

2. Install the source code package

Slave.

First, copy the file to the/tmp directory:

# Cp squid-2.5.STABLE10.tar.gz/tmp.

Then, unlock the file:

# Tar xzvf squid-2.5.STABLE10.tar.gz

After unzipping, generate a new directory squid-2.5.STABLE10 in/tmp and rename the directory to squid for ease of using the mv command:

# Music squid-2.5.STABLE10 squid

Switch to the squid directory:

# Cd squid

Then run/configure to specify the installation directory with./configure -- prefix =/directory/you/want. The default installation directory is/tmp/squid:

#./Configure

Finally, execute make all and make install:

# Make all

# Make install

After the installation is complete, the executable file of Squid is located in the bin subdirectory of the installation directory, and the configuration file is located in the etc subdirectory.

The Squid software provides users with many configuration and management documents related to configuration, application, library, log, etc. Squid has a main configuration file squid. conf. In the Red Hat environment, all Squid configuration files are located in the/etc/squid subdirectory. In this directory, the system also provides a default configuration file named squid. conf. default, however, in actual applications, the default configuration file has some problems, so before using Squid, you must first modify the relevant content of the configuration file.

The following describes the structure of the squid. conf file and some common options. The squid. conf configuration file can be divided into 13 parts. Although the Squid configuration file is huge, the size of the configuration file has reached more than 3000 lines. However, if you only provide Proxy services for a small or medium network and are only preparing to use one server, the configuration problem will become relatively simple, you only need to modify several options in the configuration file to meet the application requirements. These common options are:

1. http_port

This option defines the port that Squid listens to the HTTPD client connection request. The default value is 3128. If the HTTPD acceleration mode is used, the value is 80. Multiple ports can be specified, but all the specified ports must appear on a command line for the program to correctly identify.

2. cache_mem (bytes)

This option is used to specify the ideal memory value that Squid can use. This part of memory is used to store the following objects: In-Transit Objects (incoming object), Hot objects (Hot object, that is, the object frequently accessed by Users), Negative-Cached objects (passive storage objects ).

3. cache_dir Directory-Name Mbytes Level1 Level2

This option specifies the size of the swap space of the object and its directory structure. You can use multiple cache_dir commands to define multiple swap spaces, which can be distributed across different disk partitions. "Directory" specifies the top-level directory of the swap space. If you want to use the entire disk as the swap space, you can use this directory as the mount point to mount the entire disk. The default value is/var/spool/squid. Mbytes defines the total amount of available space.