The following ways should be learned, the article below I copy and paste from a blog friend you can visit here
monggo his first mat .. : D
1. Installation
First of all install it first squid via Synaptic or via command prompt by:
# Apt-get install squid
Once completed then Squid can be configured directly by:
# Vi / etc / squid / squid.conf
But before the first edit the first backup the original file so that when damaged can be restored to the default:
# Cp / etc / squid / squid.conf / etc / squid / squid.conf.bak
2. Configuring Squid
Further Squid configuration script:
# Vi / etc / squid / squid.conf
Squid configuration file will appear very long, the following steps that must be considered ….
a. HTTP Port: This is the port used to run Squid
http_port 3128
b. Visible Host Name: So that if an error occurs Squid can find a valid hostname
visible_hostname localhost
localhost can be replaced by the ip (eg 192.168.0.254) or domains such as proxy.anu.com
c. Cache Manager: To define the email address of the Squid Cache Manager
cache_mgr admin@domain.com
d. Squid Cache Directory: Defines the directory where the squid and its magnitude.
Figures 500 show the directory size in MB
Figures 16 shows the number of sub-directory level 1
Figures 256 show the number of subdirectories subdirectory level 2 level 1
The number above the higher the better
cache_dir ufs / var / spool / squid 500 16 256
e. Filtering: This is an important part of the Squid, by this we can mngatur next rule, from anyone who can access the internet through the website what is allowed to access.
Access List: Who can access the Internet
access acl src 192.168.0.1/255.255.255.255
acl: an access list command
akes: name of the user who has the IP or group
src: source ip is used, can use the range if you want to create a group
-group acl it src 192.168.0.1-192.168.0.12/255.255.255.255
Filtering Time: Gives access permission based on the time and day
acl-time access time MTWHFA 08:00 to 16:00
acl: access list command
-Access time: caption for acl command
time: squid order to define the time
MTWHFA: squid order to define an M time: Monday, T: Tuesday, etc … ..
08:00 to 16:00: It is time that is allowed to provide Internet access to users
Website Filtering: Filtering websites anything that should not be accessed by the user.
Previously must be made before a document that contains the url-list list that will block, with the command
# Vi / etc / squid / pornourl.txt
then fill in with:
www.worldsex.com
www.17tahun.com
etc.
Then give the command squid in squid.conf file with the command:
acl blokporno dstdomain “/ etc / squid / pornourl.txt”
Keyword Filtering: Filtering keywords entered by the user, eg the user enters the word “sex” on google then Squid will be blocked.
Before adding a command in the squid.conf, we must create a file containing keywords which will be blocked with the command:
# Vi / etc / squid / keywordblock.txt
Then fill in with words that will be on the block:
sex
porn
fuck
etc ….
And give orders in squid.conf with the command:
keywordblok url_regex acl-i “/ etc / squid / keywordblock.txt”
The commands filter is fairly simple to make Squid Server,
Further grant permissions on the rules that have been made previously. Http_access in Squid command is called. The syntax is as follows:
blokporno # http_access deny to deny all the urls contained in acl blokporno
keywordblock # http_access deny keyword to deny that there are at acl keywordblock
time-I http_access # Allowing access acl acl-time access to the user I
http_access deny all # Men-deny all users that are not listed in squid.conf
http_reply_access allow all # default
icp_access allow all # default
Then do not forget to save the squid.conf configuration file that has been edited by using the command:
: Wq # w: save q: out (Command vi)
Then in the terminal command you typed the command;
# Squid-z
f. Transparent Proxy
It is a technique for Squid Proxy becomes transparent or invisible, meaning if we usually enter the proxy address on every browser (firefox, etc ..), if the transparent proxy is implemented then the browser will not appear we enter the address of our proxy.
Before entering the command on a squid transparent proxy, then we must make iptable command to redirect the existing ports on the client computer. It means if we set squid on port 3128, then the client requests the Internet generally are on port 80 then we need to redirect port 80 from the client to the proxy port we are located on port 3128.
IP Forwarding, so that the transparent proxy can be applied, then we have to enable IP Forwarding
by giving the value 1 in the file “/ proc/sys/net/ipv4/ip_forward” by:
# Echo 1> / proc/sys/net/ipv4/ip_forward
But the command must be run auto startup, so if the computer dies squid we do not need to run the command repot2 continuously.
Next we have to run ip_tables so that clients can redirect ports our Squid server with the command:
# Iptables-A PREROUTING-t nat-p tcp-dport 80-j REDIRECT-to-port 8800
Then restart the proxy with the command:
# / Etc / init.d / squid restar
Tidak ada komentar:
Posting Komentar