Hacking Linux Exposed :: The Linux hacking and Windows hacking security Resource

Squid : Master This Proxy Server

Written by hakimkt

Wednesday, 26 January 2005

While implementing the squid proxy server in a real life scenario , we need to have a server -end machine with a good amount of RAM and a high-end hard disk.Typically , an SCSI hard drive (if possible with RAID)is preferred. This is because Squid can be easily crippled by disks that are not performing up to the specifications.Web caching is an 'I/O - bound application,meaning that it can only go as fast as it gets the data onto and off the storage media .So the first thing necessary is to ensure you have the right hardware for caching.

While chooseing the flavour of Linux , the kernel version plays an impoprtant role .As our implementation of the squid will be threaded in nature , the minimum kernel version should be 2.4x. We can do with 2.2.X also, but we need to patch the kernel a lot and the procedure becomes complicated.

SIMPLE CONFIGURATION OF SQUID PROXY SERVER

Get squid in http://www.rpmfind.net . I am using Red Hat Linux 9 here

Install squid by using :
~#rpm -ivh squid-2.3.STABLE4-10.i386.rpm

The configuration files for squid are in the /etc/squid directory.

To configure squid . edit the squid.conf configuration file .I will go here with a basic configuration file.

Add these entry in your squid.conf file but before that you just create a back up of that file:

---------------------------------------------------------------------------------------------

maximum_object_size 200 KB

cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squig/access.log
cache_log /var/log/squid/cache.log

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.0.0/255.255.255.0 # specify network
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 #http
acl Safe_ports port # gss-http
acl Safe_ports port # filemaker
acl Safe_ports port # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow lan
http_access deny all
icp_access allow all
miss_access allow all
cache_mgr root@yourdomain.com
visible_hostname you.yourdomain.com
unique_hostname you.yourdomain.com

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

http_port 3128

---------------------------------------------------------------------------------------------

Now u can start the proxy serve by running:
~#/service squid start

When Squid starts first time , it creates cache directories by itself and start the proxy server on port number 3128, which can only be accessed by the local network segment 192.168.0.0/255.255.255.0
without any restriction.
with thanks
Hakim KT
contact:-hakimkt@yahoo.com

Add as favourites (195)

Comments (1)

Written by kt mustan, on 08-08-2009 03:33
good job boy ! I m proud of u

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site. Such material will be removed. Just ensure to Refresh your browser for a new security code to be displayed prior to clicking on the 'Send' button. Keep in mind that the above process only applies if you simply entered the wrong security code.
Name:
Comment:
Code:*