Scribd Logo
Upload

Welcome to Scribd!

  • Squid

    Uploaded by

    medomx
    9 views3 pages

    Original Title

    squid.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views3 pages

    Squid

    Uploaded by

    medomx

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    #### INstalare squid

    wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.gz
    tar -xzvf squid-2.5.STABLE7.tar.gz
    groupadd squid
    useradd squid -g squid -d /cache/ -m
    cd /locul/unde/e/dezarhivat/squid-2.5.STABLE7
    ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-delay-pools --
    enable-icpm --enable-cache-digests --enable-poll --disable-ident-lookups --enabl
    e-truncate --enable-removal-policies --enable-linux-netfilter --enable-ssl --ena
    ble-icmp --enable-snmp --enable-err-language=Romanian
    make all
    make install
    #crearea dir. de loguri
    mkdir /var/log/squid/
    chown squid:squid /var/log/squid/
    chmod 770 /var/log/squid/
    chown -R squid:squid /usr/local/
    #creare dir. de cache (ptr. o mai buna performanta a squid-ului este recomandat
    sa se faca o partitie separat ptr. cache)
    chown -R squid:squid /cache/

    ###############################################
    ### Squid.conf
    http_port 192.168.1.1:3128
    http_port 127.0.0.1:3128
    icp_port 3130

    acl QUERY urlpath_regex cgi-bin \?


    no_cache deny QUERY
    cache_mem 16 MB
    cache_dir ufs /cache 250 16 256
    cache_log /var/log/squid/cache.log
    cache_access_log /var/log/squid/access.log
    cache_store_log /var/log/squid/store.log
    cache_swap_log /var/log/squid/swap.log
    logfile_rotate 10
    redirect_rewrites_host_header off

    #Aceste setari sunt ptr. a face un proxy transparent


    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    maximum_object_size 2 MB
    store_avg_object_size 50 KB
    cache_mgr lordmax_ro@yahoo.com

    cache_effective_user squid
    cache_effective_group squid
    log_icp_queries off
    buffered_logs on

    # ACLuri
    # 192.188.1.252 este ip-ul meu
    acl ovidiu src 192.168.1.252/255.255.255.255
    acl retea src 192.168.1.0/255.255.255.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl protocoale proto http ftp
    acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
    acl CONNECT method CONNECT
    acl all src 0.0.0.0/0.0.0.0
    acl fisiere url_regex .exe
    acl blacklist url_regex -i "/home/blacklist.txt"
    #aici imi dau voie sa trec peste acl-urile respective
    http_access deny fisiere !ovidiu
    http_access deny blacklist !ovidiu
    http_access allow retea
    http_access allow localhost
    http_access deny all
    http_access deny !Safe_ports
    http_access deny CONNECT

    # SNMP la squid pt MRTG


    acl snmppublic snmp_community public
    snmp_port 3401
    snmp_access allow snmppublic localhost
    #End of config file
    ###########################################
    #Initiez cache-ul
    /usr/local/bin/squid -z

    #Pornesc squid
    /usr/local/bin/squid
    ##################
    # Fortez toti clienti sa treaca prin squid (transparent )
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 31
    28
    #Daca vreau ca eu sa fiu singurul care nu trece prin squid :
    iptables -t nat -A PREROUTING -i eth1 -s! 192.168.1.252 -p tcp --dport 80 -j RED
    IRECT --to-port 3128

    You might also like