ubuntu 12.04 - squid 3 proxy server

1. sudo apt-get install squid3
2.  
3. create squid cache folder:
4. sudo mkdir /srv/squid
5. sudo mkdir /srv/squid/cache
6. sudo chown -R proxy:proxy /srv/squid
7. sudo chmod -R 777 /srv/squid
8.  
9. edit squid config file:
10. sudo nano /etc/squid3/squid.conf
11.  
12. use config sample below:
13. -------------------------------------------------------------------------------------------------------------------
14. # ACCESS CONTROLS OPTIONS
15. # ====================
16. #
17. acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
18. acl all src
19. acl localnet src 10.0.0.0/8
20. acl localnet src 192.168.1.0/24
21. acl localhost src 127.0.0.1/32
22. acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
23. acl sslports port 443 563 81 2087 10000
24. acl manager proto cache_object
25. acl purge method PURGE
26. acl connect method CONNECT
27.  
28. http_access allow manager localhost
29. http_access deny manager
30. http_access allow purge localhost
31. http_access deny purge
32. http_access deny !safeports
33. http_access deny CONNECT !sslports
34. http_access allow localhost
35. http_access allow localnet
36. http_access deny all
37. #
38. # NETWORK OPTIONS
39. # —————
40. #
41. http_port 3128
42. #
43. # OPTIONS WHICH AFFECT THE CACHE SIZE
44. # ==============================
45. #
46. cache_mem 8 MB
47. maximum_object_size_in_memory 32 KB
48. memory_replacement_policy heap GDSF
49. cache_replacement_policy heap LFUDA
50. cache_dir aufs /srv/squid/cache 10000 14 256
51. maximum_object_size 128000 KB
52. cache_swap_low 95
53. cache_swap_high 99
54. #
55. # LOGFILE PATHNAMES AND CACHE DIRECTORIES
56. # ==================================
57. #
58. access_log /var/log/squid3/access.log
59. cache_log /cache/cache.log
60. #cache_log /dev/null
61. cache_store_log none
62. logfile_rotate 5
63. log_icp_queries off
64. #
65. # OPTIONS FOR TUNING THE CACHE
66. # ========================
67. #
68. cache deny QUERY
69. refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
70. refresh_pattern ^gopher: 1440 0% 1440
71. refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
72. refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
73. refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
74. refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
75. refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
76. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
77. refresh_pattern . 1440 90% 10080
78. #
79. quick_abort_min 0 KB
80. quick_abort_max 0 KB
81. quick_abort_pct 100
82. store_avg_object_size 13 KB
83. #
84. # HTTP OPTIONS
85. # ===========
86. vary_ignore_expire on
87. #
88. # ANONIMITY OPTIONS
89. # ===============
90. #
91. request_header_access From deny all
92. request_header_access Server deny all
93. request_header_access Link deny all
94. request_header_access Via deny all
95. request_header_access X-Forwarded-For deny all
96. #
97. # TIMEOUTS
98. # =======
99. #
100. forward_timeout 240 second
101. connect_timeout 30 second
102. peer_connect_timeout 5 second
103. read_timeout 600 second
104. request_timeout 60 second
105. shutdown_lifetime 10 second
106. #
107. # ADMINISTRATIVE PARAMETERS
108. # =====================
109. #
110. cache_mgr admin
111. cache_effective_user proxy
112. cache_effective_group proxy
113. httpd_suppress_version_string on
114. visible_hostname proxyserver
115. #
116. ftp_list_width 32
117. ftp_passive on
118. ftp_sanitycheck on
119. #
120. # DNS OPTIONS
121. # ==========
122. #
123. dns_timeout 10 seconds
124. dns_nameservers 8.8.8.8 8.8.4.4 # DNS Server
125. #
126. # MISCELLANEOUS
127. # ===========
128. #
129. memory_pools off
130. client_db off
131. reload_into_ims on
132. coredump_dir /cache
133. pipeline_prefetch on
134. offline_mode off
135. #
136. #Marking ZPH ---- not supported in squid3
137. #==========
138. #zph_mode tos
139. #zph_local 0x04
140. #zph_parent 0
141. #zph_option 136
142. ### END CONFIGURATION ###
143.  
144. -------------------------------------------------------------------------------------------------------------------
145.  
146. create swap folder:
147. sudo service squid3 stop
148. sudo squid3 -z
149. sudo service squid3 start
150.  
151.  
152. ================================================================================================================
153. TO CONFIGURE SQUID AS TRANSPARENT PROXY:
154.  
155. edit /etc/squid3/squid.conf:
156. sudo nano /etc/squid3/squid.conf
157.  
158. change:
159. http_port 3128 transparent
160.  
161. add iptables rules in rc.local:
162. sudo nano /etc/rc.local
163.  
164. add entry before exit 0:
165. /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to--destination 192.168.0.1:3128
166. /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
167. /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE