Find the answer to your Linux question:
Results 1 to 8 of 8
can somone direct mi to some GOOD squid howto , or any other proxy ? i searched google but didn't found anything good for someone whose setting up proxy for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2005
    Posts
    22

    proxy + debian


    can somone direct mi to some GOOD squid howto , or any other proxy ? i searched google but didn't found anything good for someone whose setting up proxy for first time, and i found only basics but i need some extended configuration with authentication. thx.

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    what type of authentication?? against windows domain, ldap, htpasswd authentication.

    the reason I ask is I have a document explaining in very simple terms how to set it up and set up msntauth as well as ncsaauth, the first authenticates against NT domain, the other uses a password file on the server created with an apache tool.

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Posts
    22
    i'd like to set auth. with passwd file stored on server like you wrote.

  4. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    with debian you should be able to use apt to install squid
    #apt-get install squid

    this is where I got some information to go on
    http://www.swelltech.com/support/usersguide/ch14.html
    and
    http://www.linuxhomenetworking.com/linux-adv/squid.htm

    I also have all my configs zipped up and can email them if you like, just PM me with email
    here is an excerpt of the the document for what you need
    squid.conf is going to use a password file locally on that machine created with the apache htpasswd tool.

    To create the password file follow these directions (assuming apache is installed) :

    #/usr/local/apache2/bin/htpasswd -c /usr/lib/squid/passwd testuser
    (-c creates a new file and will not be used in the future)
    it will then ask you for the password, repeat use the htpasswd in the same way to create all your users (without the -c) or use webmin to create them under squid and then proxy authentication. After these changes restart squid, either thru webmin or with #squid -k reconfigure. The main problem with this method is changing passwords. There are several utilites that allow for this but it will require a working apache server on that machine, here is one example site http://sarg.sourceforge.net/chpasswd.php with a few utilities


    All changes to squid.conf or squidguard.conf required a restart of the squid server, squid ľk reconfigure to restart.
    and here is the important part of my squid.conf
    Code:
    #Recommended minimum configuration:
    #auth_param digest program <uncomment and complete this line>
    #auth_param digest children 5
    #auth_param digest realm Squid proxy-caching web server
    #auth_param digest nonce_garbage_interval 5 minutes
    #auth_param digest nonce_max_duration 30 minutes
    #auth_param digest nonce_max_count 50
    #auth_param ntlm program <uncomment and complete this line to activate>
    #auth_param ntlm children 5
    #auth_param ntlm max_challenge_reuses 0
    #auth_param ntlm max_challenge_lifetime 2 minutes
    #auth_param basic program <uncomment and complete this line>
    auth_param basic program /usr/lib/squid/ncsa_auth /usr/lib/squid/passwd
    #auth_param basic program /usr/lib/squid/msnt_auth
    auth_param basic children 5
    auth_param basic realm whatever you want here
    auth_param basic credentialsttl 2 hour
    Code:
    #Recommended minimum configuration&#58;
    #
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    #
    # We strongly recommend to uncomment the following to protect innocent
    # web applications running on the proxy server who think that the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost
    #
    # INSERT YOUR OWN RULE&#40;S&#41; HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    
    # Exampe rule allowing access from your local networks. Adapt
    # to list your &#40;internal&#41; IP networks from where browsing should
    # be allowed
    #acl our_networks src 192.168.1.0/24 192.168.2.0/24
    #http_access allow our_networks
    
    # And finally deny all other access to this proxy
    http_access allow localhost
    http_access allow password
    http_access deny all
    #http_access allow all

  5. #5
    Just Joined!
    Join Date
    Jan 2005
    Posts
    22
    ok i tryed to do somenthing in localhost first in LAN but when i put my localhost ip as a proxy server in web browser and i type f.e. www.google.com a get , connection refused when attempting to connect to www.google.com. My very default cfg file is :

    Code:
    # -----------------------------------------------------------------------------
    
    http_port 8080
    icp_port 3130
    htcp_port 4827
    visible_hostname kosmos
    
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    
    cache_peer w3chace.icm.edu.pl parent 8080 3130 default
    
    acl QUERY urlpath_regex cgi-bin\?
    no_cache deny QUERY
    
    # -----------------------------------------------------------------------------
    
     cache_mem 32 MB
     maximum_object_size 25000 KB
    # minimum_object_size 0 KB
    # maximum_object_size_in_memory 8 KB
    
    # -----------------------------------------------------------------------------
    
     cache_dir ufs /var/spool/squid 500 24 256
     cache_access_log /var/log/squid/access.log
     cache_log /var/log/squid/cache.log
     cache_store_log /var/log/squid/store.log
     emulate_httpd_log off
     log_ip_on_direct on
     pid_filename /var/run/squid.pid
     client_netmask 255.255.255.255
    
    # -----------------------------------------------------------------------------
    
     ftp_user Squid@
     ftp_passive on
    # diskd_program /usr/lib/squid/diskd
    # unlinkd_program /usr/lib/squid/unlinkd
    # pinger_program /usr/lib/squid/
    # redirect_children 5
    # authenticate_children 5
    # authenticate_ttl 1 hour
    # authenticate_ip_ttl 0 seconds
    # authenticate_ip_ttl_is_strict on
    
    # -----------------------------------------------------------------------------
    
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl CONNECT method CONNECT
    
    acl localnet src 10.0.0.1/10.0.0.101
    
    acl wybrane_slowa url_regex .*sex.* .*xparty.* .*xlaski.* .*orgie.*
    http_access deny wybrane_slowa
    
    http_access allow localnet
    http_access allow manager localnet
    http_access deny manager
    
    http_access deny !Safe_ports
    
    http_access allow localnet
    http_access deny all
    
    icp_access allow all

  6. #6
    Just Joined!
    Join Date
    Jan 2005
    Posts
    22
    only one more thing :] , everything works perfect exept redirecting, when squidGuard redirects some page , the page which to i'm redirected is displayed without images, can't figure out why.

    squidGuard cfg :
    Code:
    dbhome /var/lib/squidguard/db
    logdir /var/log/squidguard
    
    
    
    
    dest porn &#123;
    	domainlist	porn/domains
    	urllist		porn/urls
    	expressionlist	porn/expressions
    &#125;
    
    dest moje &#123;
    	domainlist	moje/domains
    	urllist		moje/urls
    	expressionlist	moje/expressions
    &#125;
    
    acl &#123;
    
    	default &#123;
    		pass !porn !moje all 
    		redirect http&#58;//hotmail.com
    	&#125;
    &#125;
    and onw when someone type adress with banned word ang get redirect , http://hotmail.com is displayed without pictures, same with any other page.

  7. #7
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    you need to make sure everything that comes up on that page is coming from an accessible link. you may have the domain for hotmail always allowed but hotmail pulls images from other places like this link below is the top image when I go to hotmail
    http://att.atdmt.com/b/MSMSNMATCVON/...499_728x90.gif

    so unless atdmt.com is an always allowed domain then it will get blocked but the rest of hotmail will show up.

    try changing it to google and see if the image comes up there

    glad to see you got it working

  8. #8
    Just Joined!
    Join Date
    Jan 2005
    Posts
    22
    i changed it to google but the image didn't show , i also tryed to change it to http://localhost ( apache info page with 2 pictures from local drive ) and they also dod't show ,it is not a big problem , i can change the redirect page to text only page on localhost , but i'm just curious why it don't show pictures. Anyway rest of proxy works excellent :] thanks for help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •