Never Ending Security

It starts all here

Setup Squid HTTP Proxy and Configure it on a Ubuntu Server

1.Installing the proxy

To install Squid type the following command in a terminal:

sudo aptitude install squid

2.Configuring the proxy

Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
To edit this file enter the following command:
vi /etc/squid3/squid.conf

2.1.Naming the proxy

Its important that Squid knows the name of the machine. To do this, locate the line visible_hostname.
For example, if the machine is called ubuntu insert:
visible_hostname ubuntu

2.2 Choosing the Port

By default, the proxy server will use port 3128. To choose another port, locate the line:
http_port 3128

and change the port number, for example:
http_port 3177

2.3.Choosing the interface

By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only. For example, if the network card connected to your LAN has IP, change the line:

2.4. Allow the use non-standard ports

By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems on websites using other ports.

-For example, will be blocked by Squid

To avoid this deadlock, find the line http_access deny! Safe_ports and the edit it to: # http_access deny! Safe_ports

2.5 Authentification

If you wish to use authentication with your proxy you will need to install apache2 utilities

sudo aptitude install squid squid-common apache2-utils

To add your first user you will need to specify -c

sudo htpasswd -c /etc/squid.passwd first_user

Thereafter you add new users with

sudo htpasswd /etc/squid.passwd another_user

Edit the squid config file

sudo vi /etc/squid/squid.conf

Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off

acl users proxy_auth REQUIRED

acl sectionx proxy_auth REQUIRED

http_access allow users

3.Starting the Proxy

Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart

Server logs

The proxy logs are located in: /var/log/squid/access.log

Changing the size of the cache

-The Squid cache is enabled by default, which helps accelerate the loading of some pages.
-The default allocated size is 100 MB (found in /var/spool/squid)
-To change its size, edit the /etc/squid/squid.conf file.
-Find the line: # cache_dir ufs /var/spool/squid 100 16 256
-Edit it. You can change the value 100 to whatever you want (e.g. 200 for 200 MB):
cache_dir ufs /var/spool/squid 200 16 256

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s