Showing posts with label squid. Show all posts
Showing posts with label squid. Show all posts

Monday, April 25, 2011

Transparent SQUID proxy setup

Just got transparent proxy to work in Ubuntu and here's the basic configuration of what I did...

Squid Setup

1. Download and Install The Squid Package.
# aptitude install squid

2. Configure the /etc/squid/squid.conf file.
# vim etc/squid/squid.conf

Here's the contents:
visible_hostname SQDverZion
http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

access_log /var/log/squid/access.log squid
#logformat Squid %>h

# Input here your DNS server
dns_nameservers 8.8.8.8

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# restriction list
#acl GoodSites dstdomain "/etc/squid/allowed-sites.squid"
#acl BadSites dstdomain "/etc/squid/blocked-sites.squid"

# blocking a site
acl facebooksite dstdomain .facebook.com
http_access deny facebooksite

# if you wish the site is not to be cached #
#acl site01 dstdomain google.com
#always_direct allow site01

# globaly allowed sites #
acl yahoosite dstdomain www.yahoo.com

# No Limit users by range #
#acl nolimitusers src 192.168.1.1-192.168.1.20
#http_access allow nolimitusers

# users with restrictions set #
# Below is sample how to use restriction list to users
#acl user01 src 192.168.1.100
#http_access deny user01 BadSites
#http_access allow user01 GoodSites

=== End of Squid.conf file

to start the squid just type:
# /etc/init.d/squid start

other commands that can be used is "stop" and "restart" with the command above.
Also to reconfigure squid without restarting just issue...
# squid -k reconfigure

See the next post regarding IPTABLES to redirect port 80 requests to 3128
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)