Professional Documents
Culture Documents
How To Configure SQUID Proxy
How To Configure SQUID Proxy
371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Page 1
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Contents
A. Structure plan project proxy .. a. Resource need for plan . b. Proxy objective used for ... c. Structure . B. .Squid proxy .. a. Block domain . b. Block extension .. c. Allow LAN . C. .Squid Guard . a. Blacklist .. b. Shula list .
D. Proxy authentication with AD Server .. E. MYSAR analysis report squid access F..Squid proxy transparent . a. IP tables filter . b. Apply proxy transparent ..
Page 2
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
A.
a. Resource needed for plan - DNS Server run window server 2003 that has install active directory for authentication user and password in system: -Configure Forwarder to DNS public -Create user and group - Proxy Server needed bellow: -Two interface adapters one connect to LAN client and one more connect to WAN Internet -Bring proxy machine joint to AD Server - LAN client connect to one interface of proxy server b. Proxy squid objective We used Squid proxy for: Used proxy system Filter website Share internet Cache store Internet bandwidth management Generate reports c. Structure plan
Page 3
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
B. Squid proxy
a. Block domain Requirement to install squid on package on DVD-Suse-Sles11 name squid after that type command: #rcsquid restart
After restart service of squid proxy we need edit file /etc/squid /squid.conf follow configure syntax bellow: http_port 2567 cache_mem 32 MB cache_dir ufs /var/cache/squid 1024 16 256 access_log /var/log/squid/access.log squid Step1
Page 4
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step2
Step3
Page 5
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step4
Write access control list and http access for apply block domain: Path access list:
Page 6
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Page 7
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
b. Block extension Block extension mean that block file that download file from internet we need to allow some extension and some extension deny for security system network in local. We can block it by write syntax in squid like: Write access list:
Page 8
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
c. Allow LAN client LAN can used proxy but need to follow rule: Write access list:
Page 9
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
C.Squid Guard
a. Blacklist configure Configure black list that for filter bad websites that can increase bandwidth in network earn resource internet. First we need to install two packages: squidGuard-1.3.99-1.49.i586.rpm and libmysqlclient15 in DVD-Suse. Install by type command: #yast i libmysqlclient15 #rpm ivh squidGuard-1.3.99-1.49.i586.rpm
Page 10
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Used command for update file blacklist to file .db #squidGuard C all
Page 11
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Page 12
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Page 13
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Result test:
Page 14
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
b. Configure Shula list block We block blacklist by Shula we can block follow categories of website like game, sex, chat, song, video Edit in file /etc/squidguard.conf
Page 15
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
D.
Configure authentication username and password when client access website by web browsers and follow syntax bellow: Step1
Step2
Page 16
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step3
Step4
Page 17
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step5
Step6
Page 18
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step7
Step8
Page 19
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step9
Page 20
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step10
Page 21
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Page 22
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step2
Step3
Page 23
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step4
Page 24
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step5
Step6
Page 25
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step7
Step8
Page 26
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step9
Step10
Step11
Page 27
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step12
Step13
Page 28
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step14
Step15
Page 29
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step16
Step17
Page 30
Center for Information System Training-BP 511 St.371, Phum Tropeang Chhuk (Borey Sorla) Sangkat Tek Thla, Khan Russey Keo, Phnom Penh info@cistrain.org +855(0) 23 99 55 00
Step18
Step19
Step20
Page 31