Thursday, January 17, 2008

Configure Squid

The main Squid configuration file is squid.conf(/etc/squid/squid.conf), and, like most Linux applications, Squid needs to be restarted for changes to the configuration file

# service squid start
# service squid stop
# service squid restart

Some basic configurations are to be done. Uncomment and edit the following lines in the configuration file found default at "/usr/local/squid/etc/squid.conf".
cache_dir this direcitve specifies the cache directory storage format and its size as given below.
cache_dir ufs /usr/local/squid/cache 100 16 256
The value 100 denotes 100MB cache size. This can be adjusted to the required size.

http_port
Check http_port, 3128 is a default.

http_access
By default http_access is denied. The ACL rules should be modified to allow access only to the trusted clients. This is important because it prevents people from stealing your network resources.

cache_effective_user & cache_effective_ group
Set these directive to the user and group by which squid will run. This user should have the permission to read and write in the cache directory and to the log files.

Each Access list(ACL) line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells Squid to deny or allow traffic that matches the ACL.
Squid matches each Web access request by checking the http_access list from top to bottom.We should not to place a deny statement in the list that blocks a similar allow statement below it.so when placing a new http_access statements better to place it above the final http_access statement.

To restrict the usage with in bussiness hours
#
acl our_network src 192.168.10.0/24
acl business_hours time M T W H F 8:30-17:00
acl RestrictedHost src 192.168.1.23

# Add this at the top of the http_access section of squid.conf
#
http_access deny RestrictedHost
http_access allow our_network business_hours

Allowing 192.168.10.0 subnet to acess

acl home_network src 192.168.10.0/255.255.255.0
http_access allow home_network

For Configuring squid for proxy

By default, squid is configured as a direct proxy . In order to cache web traffic with squid, the browser must be configured to use the squid proxy. This needs the following information

i. the proxy server's host name
ii. the port by which the proxy server accepts connections.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)