Squid Configuration Installation
Squid Configuration Installation
Squid Configuration Installation
2014/07/21
forwarded_for off
[root@prox ~]# systemctl start squid
success
[root@dlp ~]# firewall-cmd --reload
success
Set Basic Authentication and limit squid for users to require authentication.
[1] Install a package which includes htpasswd.
[root@prox ~]# yum -y install httpd-tools
[2] Configure Squid to set Basic Auth.
[root@prox ~]# vi /etc/squid/squid.conf
acl CONNECT method CONNECT
# line 26: add follows for Basic Auth
#
Example
# line 14: uncomment
LogFile /var/log/clamd.scan
# line 66: uncomment
PidFile /var/run/clamd.scan/clamd.pid
# line 70: uncomment
TemporaryDirectory /var/tmp
# line 85: uncomment
LocalSocket /var/run/clamd.scan/clamd.sock
# line 101: uncomment
TCPSocket 3310
[root@prox ~]# touch /var/log/clamd.scan
[root@prox c_icap-0.4.2]# cd
ServerAdmin [email protected]
# line 170: change hostname
ServerName prox.srv.world
# line 568: add
[Unit]
Description=c-icap service
After=network.target
[Service]
Type=forking
PIDFile=/var/run/c-icap/c-icap.pid
ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
KillMode=process
[Install]
WantedBy=multi-user.target
[5] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]# curl -L -O
http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz
[root@prox squidclamav-6.14]# cd
redirect http://www.srv.world/error.html
# line 27: change( same with clamd )
clamd_local /var/run/clamd.scan/clamd.sock
[6] Configure Squid.
[root@prox ~]# vi /etc/squid/squid.conf
# add follows to the end
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]# systemctl start c-icap
dbhome /var/lib/squidGuard/db
logdir /var/log/squidGuard
# define 'deny' category
dest deny {
# define prohibited domain list in 'deny' category
domainlist deny/domains
# define prohibited URL list in 'deny' category
urllist deny/urls
}
acl {
default {
# permit all except 'deny' category
redirect http://www.srv.world/error.html
}
}
[root@prox ~]# mkdir -p /var/lib/squidGuard/db/deny
yahoo.co.jp
example.com
[root@prox ~]# vi /var/lib/squidGuard/db/deny/urls
# write URLs you'd like to prohibit to access
www.yahoo.co.jp/deny/
www.example.com/
[root@prox ~]# squidGuard -C all