Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo apt-get install squid3
- create squid cache folder:
- sudo mkdir /srv/squid
- sudo mkdir /srv/squid/cache
- sudo chown -R proxy:proxy /srv/squid
- sudo chmod -R 777 /srv/squid
- edit squid config file:
- sudo nano /etc/squid3/squid.conf
- use config sample below:
- -------------------------------------------------------------------------------------------------------------------
- # ACCESS CONTROLS OPTIONS
- # ====================
- #
- acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
- acl all src
- acl localnet src 10.0.0.0/8
- acl localnet src 192.168.1.0/24
- acl localhost src 127.0.0.1/32
- acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
- acl sslports port 443 563 81 2087 10000
- acl manager proto cache_object
- acl purge method PURGE
- acl connect method CONNECT
- http_access allow manager localhost
- http_access deny manager
- http_access allow purge localhost
- http_access deny purge
- http_access deny !safeports
- http_access deny CONNECT !sslports
- http_access allow localhost
- http_access allow localnet
- http_access deny all
- #
- # NETWORK OPTIONS
- # —————
- #
- http_port 3128
- #
- # OPTIONS WHICH AFFECT THE CACHE SIZE
- # ==============================
- #
- cache_mem 8 MB
- maximum_object_size_in_memory 32 KB
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LFUDA
- cache_dir aufs /srv/squid/cache 10000 14 256
- maximum_object_size 128000 KB
- cache_swap_low 95
- cache_swap_high 99
- #
- # LOGFILE PATHNAMES AND CACHE DIRECTORIES
- # ==================================
- #
- access_log /var/log/squid3/access.log
- cache_log /cache/cache.log
- #cache_log /dev/null
- cache_store_log none
- logfile_rotate 5
- log_icp_queries off
- #
- # OPTIONS FOR TUNING THE CACHE
- # ========================
- #
- cache deny QUERY
- refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
- refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 1440 90% 10080
- #
- quick_abort_min 0 KB
- quick_abort_max 0 KB
- quick_abort_pct 100
- store_avg_object_size 13 KB
- #
- # HTTP OPTIONS
- # ===========
- vary_ignore_expire on
- #
- # ANONIMITY OPTIONS
- # ===============
- #
- request_header_access From deny all
- request_header_access Server deny all
- request_header_access Link deny all
- request_header_access Via deny all
- request_header_access X-Forwarded-For deny all
- #
- # TIMEOUTS
- # =======
- #
- forward_timeout 240 second
- connect_timeout 30 second
- peer_connect_timeout 5 second
- read_timeout 600 second
- request_timeout 60 second
- shutdown_lifetime 10 second
- #
- # ADMINISTRATIVE PARAMETERS
- # =====================
- #
- cache_mgr admin
- cache_effective_user proxy
- cache_effective_group proxy
- httpd_suppress_version_string on
- visible_hostname proxyserver
- #
- ftp_list_width 32
- ftp_passive on
- ftp_sanitycheck on
- #
- # DNS OPTIONS
- # ==========
- #
- dns_timeout 10 seconds
- dns_nameservers 8.8.8.8 8.8.4.4 # DNS Server
- #
- # MISCELLANEOUS
- # ===========
- #
- memory_pools off
- client_db off
- reload_into_ims on
- coredump_dir /cache
- pipeline_prefetch on
- offline_mode off
- #
- #Marking ZPH ---- not supported in squid3
- #==========
- #zph_mode tos
- #zph_local 0x04
- #zph_parent 0
- #zph_option 136
- ### END CONFIGURATION ###
- -------------------------------------------------------------------------------------------------------------------
- create swap folder:
- sudo service squid3 stop
- sudo squid3 -z
- sudo service squid3 start
- ================================================================================================================
- TO CONFIGURE SQUID AS TRANSPARENT PROXY:
- edit /etc/squid3/squid.conf:
- sudo nano /etc/squid3/squid.conf
- change:
- http_port 3128 transparent
- add iptables rules in rc.local:
- sudo nano /etc/rc.local
- add entry before exit 0:
- /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to--destination 192.168.0.1:3128
- /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement