Tuesday, November 20, 2012

Squid Proxy Configuration RHEL5

Hello Friends,

Squid is very popular proxy used on Redhat servers , here is little tutorial on configuring sqid , checking squid logs , Hope you will enjoy!

SQUID Configuration :
---------------------------

1. yum install squid*
2. vi /etc/squid/squid.conf

Parameters to configure :
-----------------------------

By Default no machine is allowed to connect proxy server except localhost so need to allow access
to our subnet 192.168.0.0/24 (Need to create acl Step 3)

1. visible_hostname universe.server.com    # universe.server.com is my Servers Hostname
2. http_port 192.168.0.60:8080             # My Servers Ip : 192.168.0.60 , Port 8080
3. acl mylan src 192.168.0.0/255.255.255.0 # mylan is name given to ACL
4. http_access allow mylan
5. http_access deny !mylan
6. Save changes and Exit
7. service squid start

On Client :
---------------
1. Open browser
2. Edit > Preferences > Connection settings > 
3. Manual Proxy Configuration > Http Proxy > 192.168.0.60 , Port 8080

Thats it!!!!
You should be able to browse websites here onwards!!!



Additional Configuration :
-------------------------------
http://www.redhat.com/archives/ext3-users/2010-August/msg00003.html
1. vi /etc/squid/squid.conf
2. cache_dir ufs /var/spool/squid 100 16 256 
Amount of Disk in MB to be used for Caching             : 100
Number of First  Level cache directories to be created  : 16
NUmber of Second Level cache directories to be created  : 256

Default Squid Cache directory  : /var/spool/squid/(16 dirs)/(256 dirs)/(the small files)

'Level-1' is the number of first-level subdirectories which will be created under the 'Directory'--> The default is 16.
'Level-2' is the number of second-level subdirectories which will be created under each first-level directory -->  The default is 256.

Where to check Squid Access Logs ? Who visited XYZ Sites?
-----------------------------------------------------------
Log File : /var/log/squid/access.log
Sample Logs :
---------------
[root@universe squid]# tail -f /var/log/squid/access.log
1350983287.130   2452 192.168.0.254 TCP_MISS/200 83569 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_35.png - DIRECT/125.99.127.201 image/png
1350983287.865   3913 192.168.0.254 TCP_MISS/200 61282 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_31.png - DIRECT/125.99.127.209 image/png
1350983288.327   1746 192.168.0.254 TCP_MISS/200 44226 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_08.png - DIRECT/125.99.127.209 image/png
1350983290.043   1595 192.168.0.254 TCP_MISS/200 22004 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_10.png - DIRECT/125.99.127.201 image/png
1350983290.214   2348 192.168.0.254 TCP_MISS/200 32779 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_26.png - DIRECT/125.99.127.209 image/png
1350983290.553   3932 192.168.0.254 TCP_MISS/200 66018 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_17.png - DIRECT/125.99.127.201 image/png
1350983291.331    777 192.168.0.254 TCP_MISS/200 830 GET http://metrics.htc.com/b/ss/htcww-en-prod,htcglobal-prod/1/H.25.2T/s3457431454036? - DIRECT/66.235.142.3 image/gif
1350983291.525   3197 192.168.0.254 TCP_MISS/200 79093 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_01.png - DIRECT/125.99.127.209 image/png
1350983292.021   1806 192.168.0.254 TCP_MISS/200 32147 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_28.png - DIRECT/125.99.127.209 image/png
1350983292.572   2529 192.168.0.254 TCP_MISS/200 66253 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_19.png - DIRECT/125.99.127.201 image/png

Squid Forensics :
----------------------
http://philosecurity.org/2009/04/19/squid-forensics
Where in cache , file xyz.jpg stored ?
------------------------------------------
grep -r “xyz.jpg” /var/spool/squid/    --> recursively search

Monitoring and Displaying squid logs in a nice fashion, and may then go deeper with searching and reporting functions --> squidview
Squidview Tool   : http://www.rillion.net/squidview/
Sarg tool        : http://sarg.sourceforge.net/sarg.php

Squidview :
---------------
1. wget http://www.rillion.net/squidview/squidview-0.79.tar.gz
2. tar -zxvf squidview-0.79.tar.gz
3. cd squidview-0.79/
4. ./configure
5. make
6. cp Makefile.old Makefile
7. make oldgcc
Launch squidview : ./squidview


Best Regards,
Girish







 

No comments:

Post a Comment