Article Title: proxy server settings in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Author: H2KILL
Preface:
This document describes how to use squid and squidGuard to configure proxy servers in linux. The www Proxy service is used as an example to describe how to filter harmful sites and restrict users' access to the internet.
I. Introduction
Squid is the most popular agent server software in Linux. It has powerful functions and supports proxies for HTTP, FTP, Gopher, SSL, WAIS, and other protocols. It is easy to set up, you only need to make slight changes to the configuration file to run the proxy server. In addition, Squid has the page cache function. It receives the user's download application and automatically processes the downloaded data. That is to say, when a user wants to download a home page, it sends an application to Squid to download it for it, and then Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, Squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast.
SquidGuard is an auxiliary software for squid to implement filtering, redirection, and access control. It is a free software with powerful functions, easy installation, easy configuration, and fast processing speed. Functions: restrict access by some users based on the web server or URLs list; block access by some users to the web server and URLs on the blacklist; some users are blocked from accessing URLs that match regular expressions. In the URL path, domain name access is enhanced, and IP access is prohibited. The blocked URL is redirected to a smart CGI information page; redirects an unauthorized user to a registration page. It has access rules based on the date, Week, and specific time of the day. different user groups have different rules. However, you cannot filter or check the text in the document and the JavaScript or Vbscript language in HTML.
Ii. Installation
1. Install squid:
Downloading squid-2.4.stable2-src.tar.gz from www.squid-cache.orgcontains local/usr/local/squid/src.
Before compiling Squid, create a user and group dedicated to run Squid. Here, create a group and user named squid, and set the user directory to/usr/local/squid.
# Su squid
$ Cd/usr/local/squid/src
$ Tar xvzf squid-2.4.STABLE2-src.tar.gz
$ Squid-2.4.STABLE2 cd
$./Configure
$ Make
$ Make install
(Installed in the/usr/local/squid directory by default)
2. Install Berkeley DB 2.x:
Download db-2.7.7.tar.gz from the http://www.sleepycat.com and under the/usr/local/squidGuard/src/directory
$ Su
# Cd/usr/local/squidGuard/src/
# Tar xvzf db-2.7.7.tar.gz
# Cd db-2.7.7
# Cd build_unix
# ../Dist/configure
# Make
# Make install
(Installed in the/usr/local/BerkeleyDB directory by default)
Note: squidGuard does not support Berkeley DB 3.x
3. Install squidGuard
Slave/
# Cd/usr/local/squidGuard/src/
# Tar xvzf squidGuard-1.1.4.tar.gz
# Cd squidGuard-1.1.4
#./Configure -- with-sg-config =/usr/local/squidGuard. conf
-- With-sg-logdir =/usr/local/squidGuard/logs
-- With-sg-dbhome =/usr/local/squidGuard/db
# Make
# Make test // test OK to perform the next installation
# Make install
Iii. Configuration
1. Configure squid:
Modify the squid configuration file/usr/local/squid/etc/squid. conf:
Http_port 8080
# Use the proxy port of squid, which is lower than 1024. squid must run as root
Http_access allow all
# Allow all users to access http through proxy
Redirect_program/usr/local/squid/bin/squidGuard-c/usr/local/squidGuard. conf
# Squid enable squidGuard for filtering and forwarding
Other parameters:
Cache_mem: Set the memory size used by the proxy service. It is generally recommended to set the memory size to 1/3 of the physical memory.
Cache_dir: Specifies the cache directory path. The default value is/usr/local/squid/cache.
Maximum_object_size: specify the maximum object size that Squid can receive. The default value of Squid is 4 MB, which can be set as needed.
Cache_dir: Set the cache location and size. The general format is as follows:
Cache_dir/usr/local/squid/cache 100 16 256
/Usr/local/squid/cache represents the cache location; 100 represents the maximum cache size of 100 MB; 16 and 256 represent the number of level-1 and level-2 directories.
Cache_effective_user: sets the valid users who use the cache. The default value is user nobody. If there is no user nobody in the system, it is best to create one or run Squid as a non-root user. Run as squid
Cache_effective_group: sets a valid user group for caching. The default group is nogroup. If there is no nogroup in the system, it is best to create a group. Here is the squid group.
(Use the default value for other parameters !)
2. Configure squidGuard:
Modify the squidGuard configuration file/usr/local/squidGuard. conf:
Logdir/usr/local/squidGuard/logs # log directory Definition
Dbhome/usr/local/squidGuard/db # db directory Definition
Time testtime {# time rule Definition
Weekly mtwhf-
Weekly-
Date *-01-
Date 2001.10.01-2001.10.09
}
Src admin {# source Group Definition
Ip address 192.168.100.18
}
Src client {
Ip 192.168.100.20 192.168.100.21 192.168.100.22
Ip 192.168.200.0/24
}
Dest porn {# target group definition
Domainlist porn/domains
Urllist porn/urls
Expressionlist porn/expressions
}
Acl {# access rule Definition
Admin within testtime {
Pass! Porn all
} Else {
Pass all
}
Client {
Pass! In-addr! Porn all
}
Default {
Pass none
Redirect http://admin.foo.com
(# You can also redirect to a cgi page containing some information, as shown below:
Http://admin.foo.com/cgi/blocked? Clientaddr = % a & clientname = % n & clientuser = % I & clientgroup = % s & targetgroup = % t & url = % u)
}
}
# Vi db/porn/domains
(Domain list file: mainly blocking some defined sites)
Co. za
Sex.com
(As shown above, it can block hack. co. za, sex.com, www.sex.com, and whatever.sex.com, but unlike. * [^.] sex.com, it does not match ssex.com)
# Vi db/porn/urls
(Url list files mainly block some sites and some columns)
Qihui.com/sex
Valen.sohu.com/album
(If blocking is possible)
# Vi db/porn/expressions
(The expression list file mainly blocks some URL accesses that match the expression)
(^ | [\? + =/]) (. *) (Girl )(.*)([\? + =/] | $)
(The above regular expression can block the access to the girl site in the URL, such as www.girlzine.com, girl.huabao.net, www.huayu.net/girl?www.universiti.com/girl, etc)
Note: squidGuard has strict syntax requirements on the configuration file. If the Configuration File Syntax is incorrect, squidGuard can still run, but squidGuard has entered emergency mode. In this case, the proxy service does not have any blocking effect, all accesses via this proxy can be passed. You can view the log files of logs/squidGuard to find errors, for example:
17:08:44 [2430] parse error in configfile/usr/local/squidGuard. conf line 8
17:08:44 [2430] going into emergency mode
.......
Line 1 of the configuration file is incorrect. squidGuard enters emergency mode.
For detailed description of configuration, see http://www.squidguard.org/
4. Run:
$ Chmod 777/usr/local/squid/logs
(Set logs to writable for all users. In this way, unspecified squid proxy customers can access the proxy server normally and generate files such as access. log and cache. log in the logs directory .)
$/Usr/local/squid/bin/squid-z
(Manually create the squid cache directory/usr/local/squid/cache .)
#/Usr/local/squid/bin/squid
(Squid is executed in the background. If you want to run squid on the front-end: If you want to run Squid on the front-end, execute the command:
$/Usr/local/squid/bin/squid-NCd1
This command officially starts Squid. If everything is normal, you will see a line of output:
Ready to serve requests)
# Ps ax | grep squid
20198? S 0: 00/usr/local/squid/bin/squid
20200? S 0: 27 (squid)
20310? S 0: 00 (squidGuard)-c/usr/local/squidGuard. conf
20311? S 0: 00 (squidGuard)-c/usr/local/squidGuard. conf
20312? S 0: 00 (squidGuard)-c/usr/local/squidGuard. conf
20313? S 0: 00 (squidGuard)-c/usr/local/squidGuard. conf
20314
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.