Scribd
Upload
105 views5 pages

Squid Configuration Installation

Uploaded by

Hamza

This document provides instructions for installing and configuring Squid as a proxy server with additional security features. It describes how to: 1. Install and configure basic Squid proxy server functionality. 2. Add basic authentication to Squid using htpasswd. 3. Install ClamAV and configure it with c-icap to scan traffic for viruses. 4. Install SquidGuard to filter content and block prohibited domains and URLs.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt

Squid Configuration Installation

Uploaded by

Hamza
105 views5 pages
This document provides instructions for installing and configuring Squid as a proxy server with additional security features. It describes how to: 1. Install and configure basic Squid proxy server functionality. 2. Add basic authentication to Squid using htpasswd. 3. Install ClamAV and configure it with c-icap to scan traffic for viruses. 4. Install SquidGuard to filter content and block prohibited domains and URLs.

Original Title

squid-configuration-installation

Copyright

© © All Rights Reserved

Available Formats

PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

This document provides instructions for installing and configuring Squid as a proxy server with additional security features. It describes how to: 1. Install and configure basic Squid proxy server functionality. 2. Add basic authentication to Squid using htpasswd. 3. Install ClamAV and configure it with c-icap to scan traffic for viruses. 4. Install SquidGuard to filter content and block prohibited domains and URLs.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
105 views5 pages

Squid Configuration Installation

Uploaded by

Hamza
This document provides instructions for installing and configuring Squid as a proxy server with additional security features. It describes how to: 1. Install and configure basic Squid proxy server functionality. 2. Add basic authentication to Squid using htpasswd. 3. Install ClamAV and configure it with c-icap to scan traffic for viruses. 4. Install SquidGuard to filter content and block prohibited domains and URLs.

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
You are on page 1/ 5

Squid : Install

2014/07/21

Install Squid to configure Proxy server.


[1] Install Squid.
[root@prox ~]# yum -y install squid
[2] This is general forward proxy settings.
[root@prox ~]# vi /etc/squid/squid.conf
acl CONNECT method CONNECT
# line 26: add ( define new ACL )

acl lan src 10.0.0.0/24


http_access allow localhost
# line 54: add ( allow defined ACL above )

http_access allow lan


# add follows to the end

request_header_access Referer deny all


request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
# do not display IP address

forwarded_for off
[root@prox ~]# systemctl start squid

[root@prox ~]# systemctl enable squid

[3] If Firewalld is running, allow Proxy service.


[root@dlp ~]# firewall-cmd --add-service=squid --permanent

success
[root@dlp ~]# firewall-cmd --reload

success

Squid : Basic Authentication


2014/07/24

Set Basic Authentication and limit squid for users to require authentication.
[1] Install a package which includes htpasswd.
[root@prox ~]# yum -y install httpd-tools
[2] Configure Squid to set Basic Auth.
[root@prox ~]# vi /etc/squid/squid.conf
acl CONNECT method CONNECT
# line 26: add follows for Basic Auth

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd


auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 5 hours
acl password proxy_auth REQUIRED
http_access allow password
# add a user : create a new file with "-c" ( add the "-c" option only for the initial registration )

[root@prox ~]# htpasswd -c /etc/squid/.htpasswd hnh

New password: # set password

Re-type new password:


Adding password for user hnh
systemctl restart squid

# install from EPEL

[root@prox ~]# yum --enablerepo=epel -y install clamav-scanner clamav-scanner-systemd


[root@prox ~]# vi /etc/clamd.d/scan.conf
# line 8: comment out

#
Example
# line 14: uncomment

LogFile /var/log/clamd.scan
# line 66: uncomment

PidFile /var/run/clamd.scan/clamd.pid
# line 70: uncomment

TemporaryDirectory /var/tmp
# line 85: uncomment

LocalSocket /var/run/clamd.scan/clamd.sock
# line 101: uncomment

TCPSocket 3310
[root@prox ~]# touch /var/log/clamd.scan

[root@prox ~]# chown clamscan. /var/log/clamd.scan

[root@prox ~]# systemctl start clamd@scan

[root@prox ~]# systemctl enable clamd@scan

[3] If SELinux is enabled, configure like follows to start clamd.


[root@prox ~]# restorecon -v /var/log/clamd.scan
[4] Install c-icap.
[root@prox ~]# yum -y install gcc make

[root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-


0.4.2.tar.gz
[root@prox ~]# tar zxvf c_icap-0.4.2.tar.gz

[root@prox ~]# cd c_icap-0.4.2

[root@prox c_icap-0.4.2]# ./configure

[root@prox c_icap-0.4.2]# make

[root@prox c_icap-0.4.2]# make install

[root@prox c_icap-0.4.2]# cd

[root@prox ~]# cp /usr/local/etc/c-icap.conf /etc

[root@prox ~]# vi /etc/c-icap.conf


# line 161: change admin address

ServerAdmin [email protected]
# line 170: change hostname

ServerName prox.srv.world
# line 568: add

Service squidclamav squidclamav.so


[root@prox ~]# vi /etc/tmpfiles.d/c-icap.conf
# create new

d /var/run/c-icap 0755 root root -


[root@prox ~]# vi /usr/lib/systemd/system/c-icap.service
# create new

[Unit]
Description=c-icap service
After=network.target

[Service]
Type=forking
PIDFile=/var/run/c-icap/c-icap.pid
ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
KillMode=process

[Install]
WantedBy=multi-user.target

[5] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]# curl -L -O
http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz

[root@prox ~]# tar zxvf squidclamav-6.14.tar.gz

[root@prox ~]# cd squidclamav-6.14


[root@prox squidclamav-6.14]# ./configure --with-c-icap

[root@prox squidclamav-6.14]# make

[root@prox squidclamav-6.14]# make install

[root@prox squidclamav-6.14]# cd

[root@prox ~]# ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

[root@prox ~]# vi /etc/squidclamav.conf


# line 18: change( destination URL for redirect. Create it first )

redirect http://www.srv.world/error.html
# line 27: change( same with clamd )

clamd_local /var/run/clamd.scan/clamd.sock
[6] Configure Squid.
[root@prox ~]# vi /etc/squid/squid.conf
# add follows to the end

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]# systemctl start c-icap

[root@prox ~]# systemctl enable c-icap

[root@prox ~]# systemctl restart squid

Squid : Squid + SquidGuard


2014/09/30

Configure Squid + SquidGuard to set contents filtering.


[1] Install SquidGuard.
# install from EPEL

[root@prox ~]# yum --enablerepo=epel -y install squidGuard


[root@prox ~]# mv /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.org

[root@prox ~]# vi /etc/squid/squidGuard.conf


# create new

dbhome /var/lib/squidGuard/db
logdir /var/log/squidGuard
# define 'deny' category

dest deny {
# define prohibited domain list in 'deny' category

domainlist deny/domains
# define prohibited URL list in 'deny' category

urllist deny/urls
}
acl {
default {
# permit all except 'deny' category

pass !deny all


# the redirected URL if matches 'deny'

redirect http://www.srv.world/error.html
}
}
[root@prox ~]# mkdir -p /var/lib/squidGuard/db/deny

[root@prox ~]# vi /var/lib/squidGuard/db/deny/domains


# write domains you'd like to prohibit to access

yahoo.co.jp
example.com
[root@prox ~]# vi /var/lib/squidGuard/db/deny/urls
# write URLs you'd like to prohibit to access

www.yahoo.co.jp/deny/
www.example.com/
[root@prox ~]# squidGuard -C all

[root@prox ~]# chown -R squid. /var/lib/squidGuard/db/deny

[root@prox ~]# vi /etc/squid/squid.conf


# add follows to the end

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf


[root@prox ~]# systemctl restart squid

[2] If SELinux is enabled, change rules like follows.


[root@prox ~]# chcon -R -t squid_cache_t /var/lib/squidGuard

[root@prox ~]# semanage fcontext -a -t squid_cache_t /var/lib/squidGuard

You might also like