Saturday, August 17, 2013

Install Squid Proxy Server on Debian and ubuntu

This is not a tutorial to install squid, this is a notes from my experience when install squid on Debian Etch

#apt-get install squid3 vim

if no error when instalation, continued with make squid configuration. the name of file configuration is squid.conf

back-up your old squid.conf

#cd /etc/squid3
#mv squid.conf squid.conf.old
#vim squid.conf

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
fqdncache_size 2048
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
store_dir_select_algorithm round-robin
cache_dir ufs /cache1 3000 8 256
cache_dir ufs /cache2 3000 8 256
cache_log /dev/null
cache_store_log /dev/null
mime_table /usr/local/squid/etc/mime.conf
pid_filename /usr/local/squid/var/logs/
emulate_httpd_log off
log_mime_hdrs off
log_fqdn off
log_ip_on_direct off
logfile_rotate 1
log_icp_queries off
unlinkd_program /usr/local/squid/libexec/unlinkd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
memory_pools off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
cache_effective_user squid
cache_effective_group squid
#coredump_dir /usr/local/squid/var/cache
acl all src
acl lab src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager
http_access allow lab
http_access deny all
icp_access allow all

#squid3 -k parse
#squid3 -z
#/etc/init.d/squid restart

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

then look the view log squid with tail command

#tail -f /var/log/squid/access.log

if succes will show log your client access internet