Squid documentation
package: squid
daemon : /usr/sbin/squid
script : /etc/init.d/squid
port : 3128/tcp(squid) 3130/udp(icpv2)
configuration : /etc/squid/squid.conf
logs : /var/log/squid/
yum install squid*
rpm -qa squid
squid-3.1.10-1.el6_2.1.i686
// to basic access provide my network
vim /etc/squid/squid.conf
cache_mem 8 MB
cache_dir ufs /var/spool/squid 100 16 256
acl mynetwork src 192.168.0.0/24
http_access allow mynetwork
// squid using authentication
various ways to use authentication:
NCSA
LDAP
MSNT
PAM
SMB
SASL
NTLM
configuration with NCSA
step-1: create user
htpasswd -c /etc/squid/passwd user1
chmod o+r /etc/squid/passwd
step-2: locate ncsa_auth authentication helper
rpm -ql squid | grep ncsa_auth
/usr/lib/squid/ncsa_auth
/usr/share/man/man8/ncsa_auth.8.gz
step-3: configure in squid.conf file
vim /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic realm Proxy
auth_param basic children 5
auth_param basic credentialsttl 2 hours
acl ncsa_user proxy_auth REQUIRED
http_access allow ncsa_user
//squid with time
acl aclname time [day-abbrevs] [h1:m1-h2:m2]
day-abbrevs:
S – Sunday
M – Monday
T – Tuesday
W – Wednesday
H – Thursday
F – Friday
A – Saturday
acl working time MTWHF 08:00-17:00
http_access allow working
// block any site
acl fb url_regex http://www.facebook.com
http_access deny fb
// block any file with extension exe, mp3, avi, 3gp
methord : 1
acl download urlpath_regex -i “/etc/squid/download.acl”
http_access deny download
vim /etc/squid/download.acl
\.exe$
\.mp3$
\.avi$
\.3gp$
methord : 2 based on MIME type – pattern matching on the reply (downloaded content) content-type header
first take content from /etc/squid/mime.conf in this example is video/flv
acl mime rep_mime_type video/flv
http_reply_access deny mime
bpn4it