Monday, 24 June 2013

web filtering using squid proxy server



Squid proxy server is a web caching server for providing controlled internet access to users in an organization.
First Download & install squid
# yum install squid
Prerequisites for Installing SquidGuard
BerkeleyDB.4.6 or previous is required so download it.
(BerkeleyDB.4.7 poses compilation problems during installing of squidGuard)
#cd /Downloads
# tar –xzvf <db tar file>
# cd <db file name>
# cd build_unix
# ../dist/configure
# make
# make install
# echo /usr/local/BerkeleyDB.4.6/lib >> /etc/ld.so.conf
# ldconfig
Hence Berkeley Database if now installed.
Download squidGuard-1.4.tar.gz Untar the tar file
# tar -xzvf squidGuard-1.4.tar.gz
# cd squidGuard-1.4
# ./configure
# make
# make install
Hence squidGuard is now installed in /usr/local/squidGuard directory which contains db & log directories along with squidGuard.conf file.
Under /Downloads directory download blacklists .tar.gz file from squidGuard site and move it to the /usr/local/squidGuard/db directory and untar the blacklist.tar.gz file.
db directory is the database of the blacklists. The blacklists directory holds the various categories of blacklists like drugs, ads,audio-video etc
Edit the squidGuard.conf file to make following changes.
*****************************************************************************************
dest drugs
{ 
domainlist      /blacklists/drugs/domains
urllist          /blacklists/drugs/urls
}
acl {
      default {
                 pass !drugs  all
                 redirect http://192.168.10.222/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u


                  }
    }
**************************************************************************************
Save and exit the file.
The above redirector redirects the blocked sites to the blocked.html page in the /var/www/html directory which contains html code .
Verify the squidGuard working using the below command:
# squidGuard  -d
Above command checks the squidGuard.conf file and outputs the wether squidGuard is successfully working or not.
Squid is installed in /etc/squid directory. Edit the squid.conf file to  make following changes:
********************************************************************************************************
acl my_network src 192.168.10.0/24
http_access allow my_network
http_port 3128
#  url_rewrite_program
redirect_program   /usr/local/bin/squidGuard
 *******************************************************************************************************
Save and exit the file
Restart the squid
# service squid restart
Now on the client's computer open up the browser and in the connection  settings enter the proxy server's ip and port i.e 192.168.10.222 & 3128
Hence now the client can access the internet via squid only. Open up www.whatismyip.com on client's computer  which which will display the proxy server details.
SquidGuard CGI Scripts
Copy the squidGuard-simple.cgi file from the /Downloads/squidGuard-1.4/samples directory and place it in /var/www/cgi-bin
# chown -R squid:squid squidGuard-simple.cgi  (Change ownership permissions)
Check wether the squidGuard-simple.cgi script runs by entering the following url in the web browser:
http://192.168.10.222/cgi-bin/squidGuard-simple.cgi
Note: By deafult Apache does not allow cgi scripts to run. Hence uncomment the following from the httpd.conf file in /etc/httpd/conf/ directory.


#AddHandler cgi-script .cgi

to
 AddHandler cgi-script .cgi


The default squidGuard.cgi file in /samples directory of squidGuard does not seem to work when placed in /var/www/cgi-bin directory. So we use squidGuard-simple.cgi file in the same directory and copy it in cgi-bin directory of Apache.
Change the redirect rule in squiduard.conf file to give the full path name of the squidGuard-simple.cgi file.
redirect http://192.168.10.222/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u

*************************************************************************************

Note: Change the ownership of the db ,log directories and squidGuard.conf  to be of the user squid & group squid.
# chown  -R squid:squid db
# chown  -R squid:squid log
# chown  -R squid:squid  squidGuard.conf
Also the permissions of the squidGuard-simple.cgi file in /var/www/cgi-bin directory should be chmodded to 0755.
# chmod 0755 squidGuard-simple.cgi
Posted by at

2 comments:

  1. Eduard18 September 2013 at 19:55

    Thank you so much for your nice tutorial.

    Recently I setup a Reverse Proxy Server with Squid (server accelerator) and wrote a full detailed tutorial that you can find in:

    http://cosmolinux.no-ip.org/raconetlinux/html/17-squid.html

    where I explain how to configure Squid (version 3.x) as a reverse Proxy Server (server accelerator), providing examples about how to do it using two
    computers (one as a Proxy server and another as a Web Server) or just by using one single computer.

    I also describe how to format the Squid's logs and how to send the logs to a remote computer.
    Also, you can find an explanation of how to deny access to certain files and how to get correct logs in Apache Web Server.

    I wish it is useful to someone.

    ReplyDelete
  2. Send Flower Pakistan19 October 2013 at 11:29

    Opposite to blocking, I have a great idea to access the blocked sites very easily and no long method need it to access just a one click and you can access it very easily I get shocked when i first time use it but now you can also use it to click on name
    Instagram uk proxy

    ReplyDelete

Subscribe to: Post Comments (Atom)