Additions:
Then just create the passwd file with htpasswd
Additions:
tcp_outgoing_address 1.2.3.4 # if you want to mask your outgoing address
Additions:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm My Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on
Deletions:
proxy_auth_realm My Proxy Server
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
Additions:
Squid authentication (for forward proxies)
From squid's source
cd helpers/basic_auth/NCSA/
make
make install
Then add these into squid.conf
proxy_auth_realm My Proxy Server
acl authusers proxy_auth REQUIRED
http_access allow authusers
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
Additions:
Deletions:
<textarea rows=5 cols=60>
</textarea>
Additions:
Squid Redhat init script
<textarea rows=5 cols=60>
#!/bin/bash
# BEGIN INIT INFO
# Provides: squid
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# END INIT INFO
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
if [ "$1" "status" ]; then
[ -z "$SQUID" ] && exit 4
else
[ -z "$SQUID" ] && exit 1
fi
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*g' /etc/squid/squid.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
RETVAL=0
probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
# check if the squid conf file is present
[ -f /etc/squid/squid.conf ] || exit 6
}
start() {
probe
$SQUID -k parse
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo -n $"Starting $prog: "
echo_failure
echo
return 1
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -D
/var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS
/var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check
/var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
echo
fi
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart|probe}"
exit 2
esac
exit $?
</textarea>
Additions:
./configure \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--enable-icmp \
--enable-ssl \
--enable-large-cache-files \
--enable-storeio=ufs,aufs
Deletions:
./configure --enable-icmp --enable-ssl --enable-large-cache-files --enable-storeio=ufs,aufs
Additions:
httpd_accel_uses_host_header on
Additions:
My install on
FreeBSD:
./configure --enable-icmp --enable-ssl --enable-large-cache-files --enable-storeio=ufs,aufs
Additions:
Squid URL acl
Set up the acl the http_access list
acl whitelist_domains dstdomain "/etc/squid/whitelist.domains"
acl blacklist_domains dstdomain "/etc/squid/blacklist.domains"
http_access deny blacklist_domains
http_access allow trusted_net whitelist_domains
Then create the .domains files
.blah.com
.foo.com
Additions:
Deletions:
oracel
No differences.
Additions:
Setting up squid-2.6 as reverse proxy
I'm not gonna bore you with the details. Just add these in additional to the stock config file.
http_port SQUID_EXTERNAL_IP:80 vhost vport
cache_peer REAL_WEB_IP parent 80 0 originserver default
acl valid_dst dstdomain .accelerated.com
http_access allow valid_dst
Setting up Squid 2.4/2.5 as reversed proxy
Deletions:
Setting up Squid as reversed proxy
Additions:
Squid logs in UTC
Easy.
%%(perl;convert_utc.pl)
#! /usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;
Additions:
oracel
No differences.
Additions:
URL filter
acl allowed_url url_regex ^.*/photos/.*
acl allowed_url url_regex ^.*/jacked/.*
http_access allow allowed_url
Additions:
Additions:
# Squid 2.5 reverse proxy settings
http_port 1.2.3.4:80
httpd_accel_host 10.1.1.1
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# ACL settings
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_local dst 10.1.1.0/255.255.255.0
acl to_web dst 1.2.3.4/255.255.255.255
acl safe_ports port 80
acl SSL_ports port 443
http_access allow manager localhost
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow to_web
http_access deny all
Deletions:
http_port 123.123.123.123:80 # listening port of squid
htpd_accel_host 127.0.0.1 # IP address of web server
httpd_accel_port 80 # web server's listening address
httpd_accel_single_host on # forward uncached requests to single host
httpd_accel_with_proxy on # set to off if running reversed proxy only, set to on if running as a proxy for local clients
httpd_acel_uses_host_header on
acl to_local dst 127.0.0.0/8
acl safe_ports 80 81
acl SSL_ports 443
http_access deby CONNECT !SSL_ports
Setting up Squid as reversed proxy
Edit your squid.conf with the followings:
Some basic tuning
cache_mem 256 MB
minimum_object_size 0 KB
maximum_object_size 2048 KB
maximum_object_size_in_memory 128 KB
ident_timeout 1 seconds
cache_dir aufs /var/spool/squid 1024 16 256 #1G cache, 16 level1, 256 level2
buffered_logs on
redirect_rewrites_host_header off
emulate_httpd_log on
Reverse-proxy (accelerator) settings
http_port 123.123.123.123:80 # listening port of squid
htpd_accel_host 127.0.0.1 # IP address of web server
httpd_accel_port 80 # web server's listening address
httpd_accel_single_host on # forward uncached requests to single host
httpd_accel_with_proxy on # set to off if running reversed proxy only, set to on if running as a proxy for local clients
httpd_acel_uses_host_header on
Now edit the ACL so access is granted
acl to_local dst 127.0.0.0/8
acl safe_ports 80 81
acl SSL_ports 443
acl CONNECT method CONNECT
http_access deny !safe_ports
http_access deby CONNECT !SSL_ports
http_access allow to_local
Now change your web server to listen on 127.0.0.1:80, start your web server and squid!