Find the answer to your Linux question:
Results 1 to 8 of 8

Thread: proxy + debian

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    proxy + debian

    can somone direct mi to some GOOD squid howto , or any other proxy ? i searched google but didn't found anything good for someone whose setting up proxy for first time, and i found only basics but i need some extended configuration with authentication. thx.

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    what type of authentication?? against windows domain, ldap, htpasswd authentication.

    the reason I ask is I have a document explaining in very simple terms how to set it up and set up msntauth as well as ncsaauth, the first authenticates against NT domain, the other uses a password file on the server created with an apache tool.

  3. #3
    i'd like to set auth. with passwd file stored on server like you wrote.

  4. $spacer_open
  5. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    with debian you should be able to use apt to install squid
    #apt-get install squid

    this is where I got some information to go on

    I also have all my configs zipped up and can email them if you like, just PM me with email
    here is an excerpt of the the document for what you need
    squid.conf is going to use a password file locally on that machine created with the apache htpasswd tool.

    To create the password file follow these directions (assuming apache is installed) :

    #/usr/local/apache2/bin/htpasswd -c /usr/lib/squid/passwd testuser
    (-c creates a new file and will not be used in the future)
    it will then ask you for the password, repeat use the htpasswd in the same way to create all your users (without the -c) or use webmin to create them under squid and then proxy authentication. After these changes restart squid, either thru webmin or with #squid -k reconfigure. The main problem with this method is changing passwords. There are several utilites that allow for this but it will require a working apache server on that machine, here is one example site with a few utilities

    All changes to squid.conf or squidguard.conf required a restart of the squid server, squid ľk reconfigure to restart.
    and here is the important part of my squid.conf
    #Recommended minimum configuration:
    #auth_param digest program <uncomment and complete this line>
    #auth_param digest children 5
    #auth_param digest realm Squid proxy-caching web server
    #auth_param digest nonce_garbage_interval 5 minutes
    #auth_param digest nonce_max_duration 30 minutes
    #auth_param digest nonce_max_count 50
    #auth_param ntlm program <uncomment and complete this line to activate>
    #auth_param ntlm children 5
    #auth_param ntlm max_challenge_reuses 0
    #auth_param ntlm max_challenge_lifetime 2 minutes
    #auth_param basic program <uncomment and complete this line>
    auth_param basic program /usr/lib/squid/ncsa_auth /usr/lib/squid/passwd
    #auth_param basic program /usr/lib/squid/msnt_auth
    auth_param basic children 5
    auth_param basic realm whatever you want here
    auth_param basic credentialsttl 2 hour
    #Recommended minimum configuration&#58;
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    # We strongly recommend to uncomment the following to protect innocent
    # web applications running on the proxy server who think that the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost
    # Exampe rule allowing access from your local networks. Adapt
    # to list your &#40;internal&#41; IP networks from where browsing should
    # be allowed
    #acl our_networks src
    #http_access allow our_networks
    # And finally deny all other access to this proxy
    http_access allow localhost
    http_access allow password
    http_access deny all
    #http_access allow all

  6. #5
    ok i tryed to do somenthing in localhost first in LAN but when i put my localhost ip as a proxy server in web browser and i type f.e. a get , connection refused when attempting to connect to My very default cfg file is :

    # -----------------------------------------------------------------------------
    http_port 8080
    icp_port 3130
    htcp_port 4827
    visible_hostname kosmos
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    cache_peer parent 8080 3130 default
    acl QUERY urlpath_regex cgi-bin\?
    no_cache deny QUERY
    # -----------------------------------------------------------------------------
     cache_mem 32 MB
     maximum_object_size 25000 KB
    # minimum_object_size 0 KB
    # maximum_object_size_in_memory 8 KB
    # -----------------------------------------------------------------------------
     cache_dir ufs /var/spool/squid 500 24 256
     cache_access_log /var/log/squid/access.log
     cache_log /var/log/squid/cache.log
     cache_store_log /var/log/squid/store.log
     emulate_httpd_log off
     log_ip_on_direct on
     pid_filename /var/run/
    # -----------------------------------------------------------------------------
     ftp_user Squid@
     ftp_passive on
    # diskd_program /usr/lib/squid/diskd
    # unlinkd_program /usr/lib/squid/unlinkd
    # pinger_program /usr/lib/squid/
    # redirect_children 5
    # authenticate_children 5
    # authenticate_ttl 1 hour
    # authenticate_ip_ttl 0 seconds
    # authenticate_ip_ttl_is_strict on
    # -----------------------------------------------------------------------------
    acl all src
    acl manager proto cache_object
    acl localhost src
    acl SSL_ports port 443 563
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl CONNECT method CONNECT
    acl localnet src
    acl wybrane_slowa url_regex .*sex.* .*xparty.* .*xlaski.* .*orgie.*
    http_access deny wybrane_slowa
    http_access allow localnet
    http_access allow manager localnet
    http_access deny manager
    http_access deny !Safe_ports
    http_access allow localnet
    http_access deny all
    icp_access allow all

  7. #6
    only one more thing :] , everything works perfect exept redirecting, when squidGuard redirects some page , the page which to i'm redirected is displayed without images, can't figure out why.

    squidGuard cfg :
    dbhome /var/lib/squidguard/db
    logdir /var/log/squidguard
    dest porn &#123;
    	domainlist	porn/domains
    	urllist		porn/urls
    	expressionlist	porn/expressions
    dest moje &#123;
    	domainlist	moje/domains
    	urllist		moje/urls
    	expressionlist	moje/expressions
    acl &#123;
    	default &#123;
    		pass !porn !moje all 
    		redirect http&#58;//
    and onw when someone type adress with banned word ang get redirect , is displayed without pictures, same with any other page.

  8. #7
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    you need to make sure everything that comes up on that page is coming from an accessible link. you may have the domain for hotmail always allowed but hotmail pulls images from other places like this link below is the top image when I go to hotmail

    so unless is an always allowed domain then it will get blocked but the rest of hotmail will show up.

    try changing it to google and see if the image comes up there

    glad to see you got it working

  9. #8
    i changed it to google but the image didn't show , i also tryed to change it to http://localhost ( apache info page with 2 pictures from local drive ) and they also dod't show ,it is not a big problem , i can change the redirect page to text only page on localhost , but i'm just curious why it don't show pictures. Anyway rest of proxy works excellent :] thanks for help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts