Wednesday, December 19, 2012

Set up The Squid Proxy (Minimum Configuration) on ubuntu 10.04


  1. To install Squid :
1.1 Type the following command in a terminal :
          sudo aptitude install squid
     2.  Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
              sudo nano /etc/squid/squid.conf
   2.1.Naming the proxy
It is important that Squid knows the name of the machine. To do this, locate the line : visible_hostname.
Changed to
       visible_hostname <machine name>

Note: you can find the machine name in /etc/hostname file in linux :
      sudo vi /etc/hostname

2.2 Choosing the Port
By default, the proxy server will use port 3128. To choose another port, locate the line:
http_port 3128
and change the port number, if we want to listen on custom port :
http_port 3177

2.3.Choosing the interface
By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only.
For Example : If the network card connected to your LAN has IP 172.16.1.1, change the line:
http_port 172.16.1.1:3177

2.4. Setting access rights and priorities :
By default, nobody else is allowed to connect to the proxy server. A list of permissions must be created.
For example, we will define a group encompassing the local network.
acl lanhome src 172.16.0.0/255.255.0.0
‘lanhome’ can be any name which we want to specify in squid config file for the private domain

2.5. Authorizing access to group :
Now that the group is defined, we will authorise it to use the proxy.
Locate the line http_access allow ... and add below (before the line http_access deny all):
http_access allow lanhome

Note : Allow the use of non-standard ports
By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems for websites using other ports.
For example: http://toto.com:81/images/titi.png will be blocked by Squid
To avoid this deadlock,
find the line
http_access deny! Safe_ports
and then edit it to:
# http_access deny! Safe_ports

3.Starting the Proxy
Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart

4. Server logs
There are three types of logs are generated by squid.Found in the /var/log/squid.

  1. accesslog

Most log file analysis program are based on the entries in access.log.
Squid  allow the administrators to configure their logfile format and log output method with great flexibility. Previous versions offered a much more limited functionality.

  1. cache.log
The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (e.g. memory, disk space

  1. store.log
This file covers the objects currently kept on disk or removed ones. As a kind of transaction log (or journal) it is usually used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analyzing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).