{"id":348,"date":"2010-07-25T13:28:00","date_gmt":"2010-07-25T12:28:00","guid":{"rendered":"http:\/\/kudzia.eu\/b\/?p=348"},"modified":"2012-08-27T13:04:03","modified_gmt":"2012-08-27T12:04:03","slug":"squid3-basic-config-and-more","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2010\/07\/squid3-basic-config-and-more\/","title":{"rendered":"squid3 &#8211; basic config and more"},"content":{"rendered":"<p>it&#8217;s been a while since i&#8217;ve set up any [non]caching proxy servers. i&#8217;ve mostly dealt with reverse proxies, apache2 in 90% of cases, nginx &#8211; in few. below few copy&#038;paste configs.<br \/>\n<!--more--><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\napt-get install squid3\r\n<\/pre>\n<p>content of \/etc\/squid3\/squid.conf &#8211; basic config:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n#no_cache deny STOPLISTA\r\ncache_mem 4 MB\r\ncache_dir ufs \/var\/spool\/squid3\/ 4 16 256\r\nredirect_rewrites_host_header off\r\ncache_replacement_policy lru\r\nacl localnet src 192.168.0.0\/16\r\nacl localnet src 10.0.0.0\/8\r\nacl localnet src 127.0.0.1\r\nacl Safe_ports port 80          # http\r\nacl CONNECT method CONNECT\r\n\r\nacl gmail dst gmail.com\r\n\r\n\r\n# authentication\r\nauth_param basic program \/usr\/lib\/squid3\/ncsa_auth \/etc\/squid3\/auth\r\nacl passauth proxy_auth REQUIRED\r\nacl ncsa_users proxy_auth REQUIRED\r\n\r\nhttp_access allow localnet\r\n#http_access deny gmail\r\n#http_access allow localnet\r\nhttp_access deny all\r\n\r\nmaximum_object_size 150000 KB\r\nstore_avg_object_size 50 KB\r\n\r\ncache_effective_user proxy\r\ncache_effective_group proxy\r\n\r\nlog_icp_queries off\r\nbuffered_logs off\r\n\r\n\r\ncache_access_log \/var\/log\/squid3\/access.log\r\ncache_log \/var\/log\/squid3\/cache.log\r\ncache_store_log \/var\/log\/squid3\/store.log\r\nstore_dir_select_algorithm least-load\r\nforwarded_for on\r\n\r\n# what not to cache:\r\nacl QUERY urlpath_regex cgi-bin \\?\r\nacl url_htm     url_regex \\.htm$\r\nacl url_html    url_regex \\.html$\r\nacl url_pdf     url_regex \\.pdf$\r\nacl url_xls     url_regex \\.xls$\r\nacl SSL_ports port 443 563\r\nno_cache deny QUERY\r\nno_cache deny url_xls\r\nno_cache deny url_pdf\r\nno_cache deny url_html\r\nno_cache deny url_htm\r\nno_cache deny SSL_ports\r\n\r\nhttp_port 3128\r\n<\/pre>\n<p>to run transparent proxy [ on your router ] change:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nhttp_port 3128\r\n<\/pre>\n<p>into<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nhttp_port 3128 transparent\r\n<\/pre>\n<p>and redirect all outgoing http traffic to the proxy:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128\r\n<\/pre>\n<p>to introduce proxy authentication &#8211; remove transparent part, add at the top of acls:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# authentication\r\nauth_param basic program \/usr\/lib\/squid3\/ncsa_auth \/etc\/squid3\/auth\r\nacl passauth proxy_auth REQUIRED\r\nacl ncsa_users proxy_auth REQUIRED\r\n\r\nhttp_access allow passauth\r\nhttp_access deny all\r\n<\/pre>\n<p>you will need to create password with logins and hashes using apache2&#8217;s htpasswd:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nhtpasswd -c \/etc\/squid3\/auth username0\r\nhtpasswd \/etc\/squid3\/auth username1\r\n<\/pre>\n<p>if you want to block access to some domain:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nacl gmail dst gmail.com\r\nhttp_access deny gmail\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>it&#8217;s been a while since i&#8217;ve set up any [non]caching proxy servers. i&#8217;ve mostly dealt with reverse proxies, apache2 in 90% of cases, nginx &#8211; in few. below few copy&#038;paste configs.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-348","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=348"}],"version-history":[{"count":8,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/348\/revisions"}],"predecessor-version":[{"id":1329,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/348\/revisions\/1329"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}