Squid Proxy


Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including TLS, SSL, Internet Gopher and HTTPS.[1] The development version of Squid (3.1) includes IPv6 and ICAP support. Squid web site claims that if working in front of the server application, it can improve performance by up to four times. Squid is especially efficient in case of (probably unexpected) high traffic to one or several particular pages, as in this case near 100% of caching can be achieved.

Squid was originally developed by Duane Wessels as the Harvest object cache, part of the Harvest project at the University of Colorado at Boulder.[2] [3] Further work on the program was completed at the University of California, San Diego and funded via two grants from the National Science Foundation.[4] Squid is now developed almost exclusively through volunteer efforts.

Squid is primarily designed to run on Unix-like systems but it also runs on Windows-based systems. Released under the GNU General Public License, Squid is free software.

Install Squid

Install squid and squid-common

#aptitude install squid squid-common

or Rpm base

#yum install squid*

Edit the squid config file.

#vi /etc/squid/squid.conf

Set the allowed hosts

acl internal_network src 192.168.0.0/24 (Where 192.168.0.0/24 is your IP range.)
http_access allow internal_network

Set the correct permissions

#chown -R proxy:proxy /var/log/squid/
#chown proxy:proxy /etc/squid/squid.conf


You will need to restart squid for the changes to take affect

#/etc/init.d/squid restart

Now open up your browser and set your proxy to point to your new squid server on port 3128

Authentication

If you wish to use authentication with your proxy you will need to install apache2 utilities

#aptitude install squid squid-common apache2-utils

To add your first user you will need to specify -c

#htpasswd -c /etc/squid.passwd first_user

Thereafter you add new users with

#htpasswd /etc/squid.passwd another_user

Edit the squid config file

vi /etc/squid/squid.conf

Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off

acl users proxy_auth REQUIRED

acl sectionx proxy_auth REQUIRED

http_access allow users

transparent caching to work requires the following steps

i. For some operating systems, you have to configure and build a version of Squid which can recognize the hijacked connections and discern the destination addresses. For Linux this seems to work automatically. For BSD-based systems, configure squid with the –enable-ipf-transparent option and you have to configure squid as


httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

ii. Next you have to configure your cache host to accept the redirected packets – any IP address, on port 80 – and deliver them to your cache application. This is typically done with IP filtering/forwarding features built into the kernel. In Linux they call this ipfilter (kernel 2.4.x), ipchains (2.2.x) or ipfwadm (2.0.x).

Configuring squid for Reverse Proxy

To run Squid as an accelerator, you probably want to listen on port 80. And you have to define the machine you are accelerating for. This is done in squid module,

http_port 80
httpd_accel_host visolve.com
httpd_accel_port 81
httpd_accel_single_host on
httpd_accel_with_proxy on

If you are using Squid as an accelerator for a virtual host system, then instead of a ‘hostname’ here you have to use the word virtual as:

http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_with_proxy on
httpd_accel_single_host off


Redirect the all HTTP traffic

If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Where eth1,eth0 are the LAN, WAN devices and 192.168.1.1 is the IP address of your LAN device.

If you wish to monitor the performance of your proxy you can look as some log parser’s (sarg, calamaris, ect.)


3 Responses to “Squid Proxy”

  1. Krupali Shah July 7, 2010 at 12:06 pm #

    Hi V

    U looking Hot and your site is very nice and verry Usefull.

    Keep it up vishal

    Krupali shah

  2. sandeep January 24, 2011 at 11:47 am #

    hi vishal

    your website is very helpful to me, keep it up

    sandeep

  3. sandeep September 7, 2011 at 2:51 pm #

    dear sir
    i have a problem squid proxy server “the requested url could not be retrived”
    squid error- tcp_miss503/404

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: