A proxy server is a very useful tool for a network. It is commonly used
in computer networks to protect the network from attack, to filter
nefarious web content and pages requested by local users, and to speed
up the delivery of web pages and web content by caching (storing)
commonly requested web pages, documents, and media. Proxy servers are
typically implemented on private, local area networks, to filter,
protect and cache content requested by users on that network, this is
called "proxy" or "transparent proxy." Proxy servers can also be
implemented on the remote side "in-front-of" destination webservers in
order to protect those servers by filtering requests, speeding up web
page delivery, and caching frequently requested files, this is called
"reverse proxy."
Squid is one of the most popular and most used proxy servers in the
world. It is free to download, easy to install and it can be implemented
on any distribution of Linux. Here are the steps to install and
configure Squid on an Ubuntu distribution of Linux.
sudo apt-get update
sudo apt-get install squid squid-common
Ways to start and stop Squid
sudo service squid start (stop|restart|status)
sudo /usr/sbin/squid (launch program directly)
sudo pkill -9 squid
Navigate to the Squid folder to find the squid.conf configuration file
cd /etc/squid
ls (you should see the squid.conf file)
Create a backup of the squid.conf file
sudo cp squid.conf squid.conf.bak
For testing purposes open Firefox and set it to send web requests to the Squid Proxy Server (You will need to know your ip address)
ifconfig (write down your inet address e.g. 192.168.1.100)
Open Firefox
Edit > Preferences, Advanced > Network Tab > Connection-Settings:
Manual Proxy Configuration:
HTTP Proxy: your IP address or loopback address 127.0.0.1, Port: 3128
Click Ok and Close
Now if you try and go to a website like google you should see an ERROR - Access Denied message from Squid (see bottom line). This means that Squid is working by actively denying the traffic.
Now we need to configure Squid to allow web traffic through the proxy server. Open squid.conf in your favorite text editor like gedit, nano, or vi
sudo nano squid.conf
or
sudo gedit squid.conf & (If gedit does not open from the terminal you can open it as root user)
sudo su
gedit squid.conf &
To switch out of root user
su your-username (if you are root user the prompt is a "#" switch back to your user account privilege)
If you chose to open with squid.conf with gedit, then turn on line numbering (Edit > Preferences > View >Display Line Numbers)
Change the name of your Squid Proxy Server, around line 3399, change:
# TAG: visible_hostname
to
visible_hostname YourNameProxyServer
You can configure access rules for your Squid proxy server (lines 331 to 831 are for Access Control). Notice that on lines 606 to 630 the local networks and usable ports (services) are defined. Active configuration lines, are the lines that are not commented out, i.e. they do not start with a # sign.
To re-enable web access uncomment line 676
#http_access allow localnet
to
http_access allow localnet
To verify the Web is now working, save your changes to the squid.conf file and restart your Squid server.
service squid restart (or "sudo service squid restart" if you are no longer root)
Now resfresh your Firefox web browser and your homepage should be visible.
Now we can practice writing a custom ACL (access list) in the squid.conf file to block specific domains and websites. We can write our custom ACL at the end of the acl lines around line 631. From an empty line write the following lines to test domain blocking:
acl blocked_websites dstdomain .msn.com .yahoo.com
http_access deny blocked_websites
Now restart your Squid server, and test to see if Squid denies access to your blocked domains/websites in Firefox.
Types of Proxy Servers
| Proxy Server | The web browser on the client is configured to point to the proxy server's IP address. The client can bypass the proxy server by removing or altering the proxy address configuration. An administrator could prevent this by creating a GPO in Active Directory that blocks access to the web browser settings. A proxy server can also function as a caching server. |
| Transparent Proxy Server | The router sends all traffic on defined ports, to the transparent proxy server, this way clients cannot bypass the proxy server. A transparent proxy server can also function as a caching server. |
| Reverse Proxy Server (Cache) | The reverse proxy server or cache server is placed in-front-of or prior-to the web server in order to speed up delivery of frequently requested pages and to protect the web server by creating a layer of separation and redundancy. |
Steps to install and configure Squid
Open a terminal, and type in the following commands to install Squidsudo apt-get update
sudo apt-get install squid squid-common
Ways to start and stop Squid
sudo service squid start (stop|restart|status)
sudo /usr/sbin/squid (launch program directly)
sudo pkill -9 squid
Navigate to the Squid folder to find the squid.conf configuration file
cd /etc/squid
ls (you should see the squid.conf file)
Create a backup of the squid.conf file
sudo cp squid.conf squid.conf.bak
For testing purposes open Firefox and set it to send web requests to the Squid Proxy Server (You will need to know your ip address)
ifconfig (write down your inet address e.g. 192.168.1.100)
Open Firefox
Edit > Preferences, Advanced > Network Tab > Connection-Settings:
Manual Proxy Configuration:
HTTP Proxy: your IP address or loopback address 127.0.0.1, Port: 3128
Click Ok and Close
Now if you try and go to a website like google you should see an ERROR - Access Denied message from Squid (see bottom line). This means that Squid is working by actively denying the traffic.
Now we need to configure Squid to allow web traffic through the proxy server. Open squid.conf in your favorite text editor like gedit, nano, or vi
sudo nano squid.conf
or
sudo gedit squid.conf & (If gedit does not open from the terminal you can open it as root user)
sudo su
gedit squid.conf &
To switch out of root user
su your-username (if you are root user the prompt is a "#" switch back to your user account privilege)
If you chose to open with squid.conf with gedit, then turn on line numbering (Edit > Preferences > View >Display Line Numbers)
Change the name of your Squid Proxy Server, around line 3399, change:
# TAG: visible_hostname
to
visible_hostname YourNameProxyServer
You can configure access rules for your Squid proxy server (lines 331 to 831 are for Access Control). Notice that on lines 606 to 630 the local networks and usable ports (services) are defined. Active configuration lines, are the lines that are not commented out, i.e. they do not start with a # sign.
To re-enable web access uncomment line 676
#http_access allow localnet
to
http_access allow localnet
To verify the Web is now working, save your changes to the squid.conf file and restart your Squid server.
service squid restart (or "sudo service squid restart" if you are no longer root)
Now resfresh your Firefox web browser and your homepage should be visible.
Now we can practice writing a custom ACL (access list) in the squid.conf file to block specific domains and websites. We can write our custom ACL at the end of the acl lines around line 631. From an empty line write the following lines to test domain blocking:
acl blocked_websites dstdomain .msn.com .yahoo.com
http_access deny blocked_websites
Now restart your Squid server, and test to see if Squid denies access to your blocked domains/websites in Firefox.
No comments:
Post a Comment