Thursday, January 23, 2014

Squid Proxy with Mysql Auth

Configure Squid Proxy server :
1. Install Squid, start it, and set it to start on boot.
     $ su -
     # yum install squid
     # service squid start
     # chkconfig squid on
2.  Now install SquidGuard.
     # yum install squidGuard
3.  Now that SquidGuard is installed, open Firefox and go to the SquidGuard website: http://squidguard.org . The SquidGuard website has links to configuration documentation and websites to download blacklists. You need to download a blacklists file. You can go to http://dsi.utcapitole.fr/blacklists/  and get the link for the blacklists.tar.gz file, then you can use wget to download            blacklists.tar.gz, by copying and pasting the link, or you can download it through the Firefox web browser. Squidguard has its own blacklists.tar.gz file, and you will eventually want to replace it with the newer blacklists.tar.gz file that you downloaded. Before you do that, you can create a test blacklists file for SquidGuard to block. To do that you need to create a blacklists directory           in the /var/squidGuard/ directory. Now, in the                           new blacklists directory use vim create and edit a text                  file called testdomains.
     # cd /var/squidGuard# mkdir blacklists
     # cd blacklists
     # mkdir testdomains
    # cd testdomains 
    # vim testdomains
4. In this testdomains file you have write or add website name those you want to block.type in three lines of text to add some test-domains to block:
    yahoo.com
    msn.com
    whatever-you-want-to-block.com
    save and exit.
5. After create testdomains file Now you have to edit squid.conf file.
6. vim /etc/squid/squid.conf
7. If you have LDAP server so add this lines :
    ## LDAP AUTH
     auth_param basic program /usr/lib64/squid/squid_ldap_auth -b              "dc=ii,dc=ac,dc=in" -f "uid=%s" -h ldap.ii.ac.in
    acl ldapauth proxy_auth REQUIRED
    http_access allow ldapauth
   (/usr/lib64/squid/squid_ldap_auth) This line represent that all 

    squid commands in /usr/lib64/squid/ directory 
8. Make sure that you have to put right path so that command will execute .
9. Squid normally listens to port 3128
    http_port 8080
    Find line listens port 3128 .
   If you want to change port no. so you can change it.

10. url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
     write this 2 lines in squid.conf file .
    /usr/bin/squidGuard is a command and /etc/squid/squidGuard.conf is the             squidGuard configuration file path.

      redirect_children 20

11. save and exit squid.conf file.

12. vim /etc/squid/squidGuard.conf
      When you open squidGuard.conf file .

13. dbhome /var/squidGuard/blacklists

14. remove blacklists and line look like.
      dbhome /var/squidGuard
      search and edit 
15. dest adult {
     

domainlist blacklists/testdomains/testdomains
urllist blacklists/terstdomains/testdomains
expressionlist blacklists/porn/expressions
}
16. Add :
     default {


pass !testdomains any
     # rewrite  dmz
redirect http://10.99.100.3/blocked.html
}
    here you will see redirect option if you want you can delete it or you can         put any website name , any html page that will so some message.

17. Authenticate from MySQL database
18. yum search mysql-server
19. /etc/init.d/mysqld restart

      If you face any problem to start it. vim /etc/my.cnf file and change              "datadir=/home/mysql" path or locate , file name.
20. mysql -u root -p 

21. create database squid; 
22. grant select on squid.* to dataproxy@localhost identified by 'dataproxy';
      If you want to can allow dataproxy user permission for check or edit squid         database.or you can use root user.
23. Create table 'passwd' in 'squid' db.
      CREATE TABLE `passwd` (      `user` varchar(32) NOT NULL default '',      `password` varchar(35) NOT NULL default        '',`enabled` tinyint(1) NOT NULL default '1',       `fullname` varchar(60) default NULL,      `comment` varchar(60) default NULL,       PRIMARY KEY (`user`) );

24. Populate the table with some test data, eg
      insert into passwd values('testuser','test',1,'Test User','for testing             purpose');
      In the insert line 'testuser' is a user name and 'test' password for access         internet.      
25. Again Edit squid.conf file.
26. vim /etc/squid/squid.conf
      auth_param basic program
     /usr/lib64/squid/squid_db_auth --user dataproxy --password dataproxy --             plaintext --persist
     auth_param basic children 5
     auth_param basic realm Web-Proxy
     auth_param basic credentialsttl 1 minute
     auth_param basic casesensitive off
     acl db-auth proxy_auth REQUIRED     
     http_access allow db-auth
     http_access allow localhost
     http_access deny all     
27.save and exit file.
28. Now compile the SquidGuard blacklists and chown the blacklists to be                accessible by Squid.

      squidGuard -b -d -C all 
       chown -R squid /var/squidGuard/blacklists 
29. restart squid service 
       /etc/init.d/squid restart
30. At last open terminal 

      Run this command for testing 
    /usr/lib64/squid/squid_db_auth --user dataproxy --password dataproxy --              plaintext --persist        --- Press Enter
   After Press Enter you have to put username and password there like we have          created testuser test
     username and password both in same line with one space. you will see ok it          mean it is working fine.or any error so send me or you can google it.
32. OPEN your browser firefox , internet explore , chrome,

33. Proxy setting option 
34. Manual Proxy setting 

35. put there your squid server ip address or domain name if it is and port no          that you allow or open it.

Best of Luck

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)