Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, i am not really a linux person and i have centos installed on my vps. i've installed squid 3 tar gz on my server. however my host support installed ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    2

    squid proxy help help


    Hi,

    i am not really a linux person and i have centos installed on my vps. i've installed squid 3 tar gz on my server. however my host support installed for me the rpm after that as i was told that the source code was much harder for me. i did the configuration but still it does not work at all.


    /etc/httpd/conf.d/squid.conf
    /etc/squid/squid.conf
    /etc/squid/squid.conf.default
    /root/squid-3.1.1/src/squid.conf.default
    /root/squid-3.1.1/src/squid.conf.documented
    /usr/share/doc/squid-3.1.0.15/squid.conf.documented
    /usr/src/redhat/BUILD/squid-3.1.0.15/src/squid.conf.default
    /usr/src/redhat/BUILD/squid-3.1.0.15/src/squid.conf.documented


    The configuration which i did at was the
    /usr/share/doc/squid-3.1.0.15/squid.conf.documented as i felt it similar to the conf file which i saw for 2.6 and its much easier for me to read through. so i just did my editing and saved it but still i was not able to get it run.


    squid 3.1.1 was the one which i installed from source.
    squid 3.1.0.15 was the rpm which my host installed for me

  2. #2
    Just Joined!
    Join Date
    Apr 2010
    Posts
    2
    i did the configuration without any changes with reference to this

    2.1) Configure auth_param

    We will enable ncsa authentication to access our squid server. Find the following lines:

    #auth_param basic program <uncomment and complete this line>
    #auth_param basic childred 5
    #auth_param basic realm Squid proxy-caching web server
    #auth_param basic credentialsttl 2 hours

    Change it to:

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
    auth_param basic childred 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours


    2.2) Create proxy_auth acl

    Here we will create proxy_auth acl to prompt user/pass to everyone who wants to use our anonymous proxy. Find the following line:

    #INSERT YOUR OWN RULES(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

    We will insert our proxy_auth rule below the above line.

    #INSERT YOUR OWN RULES(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    acl ncsaauth proxy_auth REQUIRED
    http_access allow ncsaauth


    2.3) Disable Forwarded Client IP

    By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server. Find the following line squid.conf:

    forwarded_for on

    Change it to:

    forwarded_for off


    2.4) Configure IPs

    Now we will generate rules for outgoing IPs, i.e. if anyone connects to any IP of my server, so it will go with the same IP to the destination server. In this way we can connect several clients on different IPs and all IPs act as an anonymous proxy. Find the following line:

    # TAG: tcp_outgoing_address

    Add the following lines below it:

    acl ip1 myip 192.168.0.1
    tcp_outgoing_address 192.168.0.1 ip1
    acl ip2 myip 192.168.0.2
    tcp_outgoing_address 192.168.0.2 ip2
    acl ip3 myip 192.168.0.3
    tcp_outgoing_address 192.168.0.3 ip3
    acl ip4 myip 192.168.0.4
    tcp_outgoing_address 192.168.0.4 ip4
    acl ip5 myip 192.168.0.5
    tcp_outgoing_address 192.168.0.5 ip5

    You can add as many IPs as you like, just use the same pattern as above.


    2.5) Enable Anonymizer (Anonymous Proxy)

    Put the following lines at the bottom of your squid.conf:

    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Content-Language allow all
    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    request_header_access Proxy-Connection allow all
    request_header_access User-Agent allow all
    request_header_access Cookie allow all
    request_header_access All deny all

    Configuration is finished, save the file.


    3) User Management

    Now it's time to create the squid_passwd file, in which we will put our users for authentication using ncsa. For this we need the htpasswd command to generate a user/pass.

    Create the file to hold the usernames and passwords:

    touch /etc/squid/squid_passwd


    3.1) Create New User

    htpasswd /etc/squid/squid_passwd proxyadmin

    Where /etc/squid/squid_passwd is a file, in which all users go, and proxyadmin is a username which will be added with the password given.


    3.2) To Update Password

    Use the same command for existing users.

    htpasswd /etc/squid/squid_passwd proxyadmin


    4) Service Management

    Run the squid service and add it up at startup.

    service squid start

  3. #3
    Just Joined!
    Join Date
    Apr 2010
    Location
    Bangalore, India.
    Posts
    12

    Smile reply to proxy help

    Hi razormouse

    u can try this configuration in /etc/squid/squid.conf file....
    and dont touch other conf files...

    first for authentication add username proxyadmin and set the password

    #htpasswd /etc/squid/squid_passwd proxyadmin
    new password:
    re-type new password:
    Adding password for user proxyadmin

    Make sure squid can read passwd file:
    # chmod o+r /etc/squid/passwd

    locate the nsca_auth authentication helper
    # rpm -ql squid | grep ncsa_auth
    Output:
    /usr/lib/squid/ncsa_auth

    edit configuration file
    #vim /etc/squid/squid.conf
    (edit the file)

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours

    acl ncsaauth proxy_auth REQUIRED
    http_access allow ncsaauth

    #for ur network
    acl mynetwork src 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5
    http_access allow mynetwork
    http_access deny all
    :wq(save the configuration)

    just restart the service
    #/etc/init.d/squid restart

    hope it will be fine...........

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •