Tuesday, July 13, 2010

Squid Setting Ubuntu

Ubuntu squid simple, I happened to use the following Ubuntu squid easily.

First install squid first via synaptic or via a terminal:
yoyok@yoyok-desktop: ~ $ apt-get install squid
Once completed, the direct Squid can be configured in a way:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

But before the first backup before editing the original file so that if damaged can be returned to the default:
yoyok@yoyok-desktop: ~ $ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

New script and then configure Squid:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

Then it will appear Squid configuration file is very long, follows the steps that must be considered

HTTP Port: This port is used to run Squid
http_port 3128

Visible Host Name: So if an error occurs Squid can find a valid hostname
visible_hostname airaku.com

Cache Manager: To define the email address of the Squid Cache Manager
cache_mgr airaku22@yahoo.com

Squid Cache Directory: Defining the location and magnitude squid directory.
Figures 500 show directory size in MB
Figure 16 shows the number of sub-directory one level
Figures 256 show the number of subdirectories subdirectory level 2 level 1
The number above the bigger the better

UFS cache_dir /var/spool/squid 500 16 256

Filtering: This is an important part of the Squid, by this we can set a rule-rule, starting from anyone who can access the internet until what websites are allowed to access. Access List: Anyone who can access the Internet

command: acl user src

acl: an access list command
user: username or group that has an IP
src: source ip is used, could use the range if you want to create a group

ex: acl src laros

Time Filtering: Provides access permissions based on time and day

command: acl-access time of 08:00 to 16:00 time MTWHFA

acl: access list command
Access time: caption for command acl
time: Squid command to define the time
MTWHFA: Squid is a command to define the time
M: Monday, T: Tuesday, etc ... ..

08:00 to 16:00: It is time that is allowed to provide Internet access to penggunaFiltering Website: Filter any website which should not be accessed by the user.

Previously must be made before a document containing the list of url-list to be blocked.

yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/pornourl.txt

then input by:
worldsex com

Then give the command squid squid.conf file with the command:

acl blokporno dstdomain "/etc/squid/pornourl.txt"

Keyword Filtering: Filter keywords entered by users, suppose a user enters the word 'sex' in google, then Squid will membloknya.Sebelum add a command in the squid.conf, you must create a file containing those keywords will be blocked with the command:

yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/keywordblock.txt

Then fill with words that will be on the block:

example: sex, fuck
And give commands in squid.conf with the command:

url_regex keywordblok acl-i "/etc/squid/keywordblock.txt"

Commands such filter is enough to make a simple Squid Server, the next step is to give permissions on the rules that have been made previously. Http_access in Squid command is called. The command is as follows:

http_access deny blokporno # mendeny all urls contained in acl blokporno
http_access deny keywordblock # mendeny keywords that exist on keywordblock acl
http_access time it_user # Allow access acl acl-time access to user micokelana
http_access deny all # Mendeny all users who are not registered in the squid.conf
http_reply_access allow all # default
acp_access allow all # default

Then do not forget to save the configuration file squid.conf we have to edit using the command:
:WQ # w: save q: out (Command vim)

Then in the command you are typing the command terminal;

yoyok@yoyok-desktop: ~ $ squid-z

Function: to create a cache directory that we have made on the command squid.

Transparent Proxy

Squid is a technique to be a transparent proxy or not visible, that is if we normally enter the proxy address on every browser, if applied to the transparent proxy will not be visible on your browser we enter our proxy addresses. Before entering the command on squid transparent proxy, then we must do in order to redirect the command iptable existing ports on the client computer. That is, if we set squid on port 3128, then the client requests the Internet generally are in the port 80 then we have to redirect port 80 from client to our proxy port that is on port 3128. IP Forwarding, so transparent proxy can be implemented, then we must enable IP forwarding by providing a value in the file "/proc/sys/net/ipv4/ip_forward" by:

yoyok@yoyok-desktop: ~ $ echo 1> /proc/sys/net/ipv4/ip_forward

But should we run the command auto startup, so if the computer dead squid repot2 we need not run the command continuously. Next we have to run so that clients can redirect ip_tables squid port our server with the command:

yoyok@yoyok-desktop: ~ $ iptables-A PREROUTING-t nat-p tcp-dport 80-j REDIRECT-to-port 3128

Everything that can be recorded on the file / etc / rc.local (probably could be discussed on the other time)
Then restart the proxy with the command:

yoyok@yoyok-desktop: ~ $ squid-k reconfigure

enjoy it, try this setting for your server for a better connectivity.