Squid Proxy CentOS 6.4
description
Transcript of Squid Proxy CentOS 6.4
Squid Proxy CentOS 6.4
Prepared by : Mr. SopheapPosition : IT SupportLocation : Deam ComputerDate : 24/July/2013
Infrastructure
RequirementSquid Proxy Server = CentOS 6.4
IP = 192.168.1.123/24 ; Eth0 = WAN IP = 10.10.10.1/24 ; Eth1 = LAN
Client Windows XP IP = 10.10.10.2/24 – 10.10.10.254/24
What Type of Proxy Server?Transparent ProxyThis type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.)Anonymous ProxyThis type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users.Distorting ProxyThis type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.High Anonymity ProxyThis type of proxy server does not identify itself as a proxy server and does not make available the original IP address.
Anonymous Proxy & Transparent Proxy Now I will choose two type of proxy server for show
everyone Anonymous Proxy Transparent Proxy
Anonymous ProxyHostname
Hostname
Anonymous Proxy
IP address WAN
Anonymous Proxy
IP Address WAN
Anonymous Proxy
IP Address LAN
Anonymous Proxy
Stop Service Iptables
Anonymous Proxy
Install Squid Proxy
Anonymous Proxy
Enable Service Squid
Anonymous Proxy
Copy default configure squid
Anonymous Proxy
Edit file squid configuration
Anonymous Proxy
Edit file squid configuration
Anonymous Proxy
Edit file squid configuration
Anonymous Proxy
Edit file squid configuration
Anonymous Proxy
Save and Start service squid
Anonymous Proxy
Enable IP address Squid Proxy on Client
Anonymous Proxy
Client access internet
Anonymous Proxy
Create blacklist website for block on client
Anonymous Proxy
Create blacklist website for block on client
Anonymous Proxy
Create rule in squid for block blacklist website on client
Anonymous Proxy
Client access blacklist website
Anonymous Proxy
Create rule unlimited access for specific ip address
Anonymous Proxy
Create rule unlimited access for specific ip address
Anonymous Proxy
Anonymous ProxyCreate rule unlimited access for specific ip address
Client use unlimited ip address access blacklist website
Anonymous Proxy
Create rule for block file torrent
Anonymous Proxy
Client access website torrent
Anonymous Proxy
Create rule for block image url
Anonymous Proxy
Client access website that image url block
Anonymous Proxy
Create rule for authentication with squid proxy
Anonymous Proxy
Anonymous Proxy
Create rule for authentication with squid proxy
Install service httpd
Anonymous Proxy
Edit file /etc/hosts
Anonymous Proxy
Restart service httpd
Anonymous Proxy
Create user htpasswd
Anonymous Proxy
Client access internet by authenticated with squid proxy
Anonymous Proxy
After client type user name and password
Anonymous Proxy
Create file for block extension
Anonymous Proxy
Create rule for block video content; extension and video reply
Anonymous Proxy
Client access website that have video content
Anonymous Proxy
Client download file that have extension .exe
Anonymous Proxy
Limited speed download for client and unlimited ip address
Anonymous Proxy
Client use unlimited ip address download unlimited speed
Anonymous Proxy
Client Lan ip address download speed
Anonymous Proxy
Create file index.htm for redirect blacklist website
Anonymous Proxy
Anonymous Proxy
Create file index.htm for redirect blacklist website• Note for this file we can create by our self or we can download file
html
Type command redirect this file
Anonymous Proxy
When access blacklist website it will redirect to 192.168.1.123/index.htm
Anonymous Proxy
Create rule for authenticated specific time
Anonymous Proxy
Client access internet during 3:20 PM so client do not authentication with squid proxy.
Anonymous Proxy
Edit file squid on http_port 3128 intercept or http_port 3128 transparent
Transparent Proxy
Enables port forwarding in /etc/sysctl.conf
Transparent Proxy
Delete all rule in /etc/sysconfig/iptables
Transparent Proxy
After delete all rule in /etc/sysconfig/Iptables we need to restart service Iptables and save service iptables
Transparent Proxy
After we restart service iptables already we need to create file iptables for create new rule and restart service iptables like above.
Transparent Proxy
Restart service iptables and new file be create (sh flush.sh)
Transparent Proxy
Client access internet by do not put ip address and port of squid proxy
Transparent Proxy
Transparent ProxyClient access internet by do not put ip address and port of squid proxy
Client still cannot access website blacklist
Transparent Proxy
We can monitor client access blacklist by type tail –f /var/log/squid/access.log
Transparent Proxy
Squid Proxy Preparation by Mr. Sopheap
The End