Results 1 to 3 of 3
Thread: squid proxy help help
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
04-12-2010 #1
- Join Date
- Apr 2010
- Posts
- 2
squid proxy help help
i am not really a linux person and i have centos installed on my vps. i've installed squid 3 tar gz on my server. however my host support installed for me the rpm after that as i was told that the source code was much harder for me. i did the configuration but still it does not work at all.
/etc/httpd/conf.d/squid.conf
/etc/squid/squid.conf
/etc/squid/squid.conf.default
/root/squid-3.1.1/src/squid.conf.default
/root/squid-3.1.1/src/squid.conf.documented
/usr/share/doc/squid-3.1.0.15/squid.conf.documented
/usr/src/redhat/BUILD/squid-3.1.0.15/src/squid.conf.default
/usr/src/redhat/BUILD/squid-3.1.0.15/src/squid.conf.documented
The configuration which i did at was the
/usr/share/doc/squid-3.1.0.15/squid.conf.documented as i felt it similar to the conf file which i saw for 2.6 and its much easier for me to read through. so i just did my editing and saved it but still i was not able to get it run.
squid 3.1.1 was the one which i installed from source.
squid 3.1.0.15 was the rpm which my host installed for me
-
04-12-2010 #2
- Join Date
- Apr 2010
- Posts
- 2
i did the configuration without any changes with reference to this
2.1) Configure auth_param
We will enable ncsa authentication to access our squid server. Find the following lines:
#auth_param basic program <uncomment and complete this line>
#auth_param basic childred 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
Change it to:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
2.2) Create proxy_auth acl
Here we will create proxy_auth acl to prompt user/pass to everyone who wants to use our anonymous proxy. Find the following line:
#INSERT YOUR OWN RULES(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
We will insert our proxy_auth rule below the above line.
#INSERT YOUR OWN RULES(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
2.3) Disable Forwarded Client IP
By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server. Find the following line squid.conf:
forwarded_for on
Change it to:
forwarded_for off
2.4) Configure IPs
Now we will generate rules for outgoing IPs, i.e. if anyone connects to any IP of my server, so it will go with the same IP to the destination server. In this way we can connect several clients on different IPs and all IPs act as an anonymous proxy. Find the following line:
# TAG: tcp_outgoing_address
Add the following lines below it:
acl ip1 myip 192.168.0.1
tcp_outgoing_address 192.168.0.1 ip1
acl ip2 myip 192.168.0.2
tcp_outgoing_address 192.168.0.2 ip2
acl ip3 myip 192.168.0.3
tcp_outgoing_address 192.168.0.3 ip3
acl ip4 myip 192.168.0.4
tcp_outgoing_address 192.168.0.4 ip4
acl ip5 myip 192.168.0.5
tcp_outgoing_address 192.168.0.5 ip5
You can add as many IPs as you like, just use the same pattern as above.
2.5) Enable Anonymizer (Anonymous Proxy)
Put the following lines at the bottom of your squid.conf:
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Configuration is finished, save the file.
3) User Management
Now it's time to create the squid_passwd file, in which we will put our users for authentication using ncsa. For this we need the htpasswd command to generate a user/pass.
Create the file to hold the usernames and passwords:
touch /etc/squid/squid_passwd
3.1) Create New User
htpasswd /etc/squid/squid_passwd proxyadmin
Where /etc/squid/squid_passwd is a file, in which all users go, and proxyadmin is a username which will be added with the password given.
3.2) To Update Password
Use the same command for existing users.
htpasswd /etc/squid/squid_passwd proxyadmin
4) Service Management
Run the squid service and add it up at startup.
service squid start
-
04-16-2010 #3
- Join Date
- Apr 2010
- Location
- Bangalore, India.
- Posts
- 12
reply to proxy help
Hi razormouse
u can try this configuration in /etc/squid/squid.conf file....
and dont touch other conf files...
first for authentication add username proxyadmin and set the password
#htpasswd /etc/squid/squid_passwd proxyadmin
new password:
re-type new password:
Adding password for user proxyadmin
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
locate the nsca_auth authentication helper
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
edit configuration file
#vim /etc/squid/squid.conf
(edit the file)
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
#for ur network
acl mynetwork src 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5
http_access allow mynetwork
http_access deny all
:wq(save the configuration)
just restart the service
#/etc/init.d/squid restart
hope it will be fine...........