Squid proxy server is used to filter
web traffic and reducing and fine tuning internet bandwidth.
Squid was originally developed as
the Harvest object cache, part of the Harvest project at the University of
Colorado Boulder. Further work on the program was completed at the University
of California, San Diego and funded via two grants from the National Science
Foundation. Duane Wessels forked the “last pre-commercial version of Harvest”
and renamed it to Squid to avoid confusion with the commercial fork called
Cached 2.0, which became Net Cache. Squid version 1.0.0 was released in July
1996.
Squid is now developed almost
exclusively through volunteer efforts.
Squid Proxy Server Profile
Packages : squid*
Service Name: squid
Default port : 3128
Config File : /etc/squid/squid.conf
Log file Path: /var/log/squid
Environment : RHEL 7, Centos 7 and RHEL 6
Installation process
[root@server
~]# yum install squid*
Installed:
squid.x86_64 7:3.3.8-12.el7_0
Dependency
Installed:
libecap.x86_64 0:0.2.0-8.el7 perl-Compress-Raw-Bzip2.x86_64
0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBI.x86_64
0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-Digest.noarch 0:1.17-245.el7
perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch
0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
Complete!
Enable and start the Service
[root@server
~]# systemctl enable squid
ln
-s '/usr/lib/systemd/system/squid.service'
'/etc/systemd/system/multi-user.target.wants/squid.service'
[root@server
~]# systemctl start squid
[root@server
~]# systemctl status squid
squid.service
- Squid caching proxy
Loaded: loaded
(/usr/lib/systemd/system/squid.service; enabled)
Active: active
(running) since Sun 2016-04-17 13:47:33 IST; 34s ago
Process: 7989 ExecStart=/usr/sbin/squid
$SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 7983
ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 7999 (squid)
CGroup: /system.slice/squid.service
├─7999 /usr/sbin/squid -f
/etc/squid/squid.conf
└─8001 (squid-1) -f /etc/squid/squid.conf
Apr
17 13:46:53 server.arkit.co.in squid[7989]: 2016/04/17 13:46:53| WARNING: Could
not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr
17 13:47:13 server.arkit.co.in squid[7989]: 2016/04/17 13:47:13| WARNING: Could
not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr
17 13:47:33 server.arkit.co.in squid[7989]: 2016/04/17 13:47:33| WARNING: Could
not determine this machines public hostname. Please configure one or set
'visible_hostname'.
Apr
17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: will start 1 kids
Apr
17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: (squid-1) process
8001 started
Apr
17 13:47:33 server.arkit.co.in systemd[1]: Started Squid caching proxy.
Allow firewall port for squid
[root@server
~]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@server
~]# firewall-cmd --reload
success
Default port of squid proxy is 3128
that’s why we have to allow port 3128.
Access Control List
Open the configuration file and
write the ACL as per requirement in ACL we can do so many things
- Restricting un-wanted (BAD) URL’s
- Restrict access to internet based on time period
- Restrict Downloads
- Restrict file type downloads
- Allow Networks to enable Internet access
- Download speed control
[root@server
~]# vim /etc/squid/squid.conf
To allow Network we have to write
below ACL lines
acl localnet src 192.168.4.0/24
http_access allow localnet
To allow ports using ACL
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports
Block bad sites
acl badsites url_regix "/etc/squid/badsites"
http_access deny badsites
write the bad sites in the file
[root@server
~]# cat /etc/squid/badsites
.facebook.com
.twitter.com
.youtube.com
.linkedin
.msn.com
.myspace.com
.flickr.com
.google
Block File downloads
acl blockfiles urlpath_regix "/etc/squid/blockfiles.acl"
http_access deny blockfiles
Block file type downloads, below is
the example file to deny mp3, mp4, flv avi, 3gp, mpg and mpeg.
[root@server
~]# cat /etc/squid/blockfiles.acl
\.torrent$
\.mp3.*$
\.mp4.*$
\.3gp.*$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Ff][Ll][Vv].*$
Time based access, which deny
internet access from morning 10 Hours to 19 Hours
acl work_hours time 10:00-19:00
http_access deny work_hours
restricting download speed ACL
acl speedcontrol src 192.168.4.0/24
delay_pools 1
delay_class 1 2
delay_parameters 1 524288/524288 52428/52428
delay_access 1 allow speedcontrol
Go to Client Side
then change the proxy address in
your browser then try to access the website
IE Settings > Internet options > Connections > Lan Settings >
IE Settings > Internet options > Connections > Lan Settings >
provide IP address and port number
Now see the logs watch the squid
logs
/var/log/squid/ log file directory
/var/log/squid/ log file directory
The logs are a valuable source of
information about Squid workloads and performance. The logs record not only
access information, but also system configuration errors and resource
consumption (eg, memory, disk space). There are several log file maintained by
Squid. Some have to be explicitly activated during compile time, others can
safely be deactivated during.
- /var/log/squid/access.log : Most log file analysis program are based on the entries in access.log. You can use this file to find out who is using squid server and what they are doing etc
- /var/log/squid/cache.log : The cache.log file contains the debug and error messages that Squid generates. If you start your Squid using the default RunCache script, or start it with the -s command line option, a copy of certain messages will go into your syslog facilities. It is a matter of personal preferences to use a separate file for the squid log data.
- /var/log/squid/store.log : The store.log file covers the objects currently kept on disk or removed ones. As a kind of transaction log it is ususally used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analysing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).
HOW DO I VIEW SQUID LOG FILES / LOGS?
You can use standard UNIX / Linux
command such as grep / tail to view log files. You must login as root or sudo
command to view log files.
Display log files in real time
Use
tail command as follows:
~]# tail -f
/var/log/squid/access.log
OR
~]$ sudo tail -f
/var/log/squid/access.log
Search log files
Use grep command as follows: ~]#grep ‘string-to-search’ /var/log/squid/access.log
Use grep command as follows: ~]#grep ‘string-to-search’ /var/log/squid/access.log
No comments:
Post a Comment