Squid Proxy Configuration:-

Installation and Configuration of Squid on Linux machine.

#yum install squid
Or Download the rpm package and install. For using squid proxy server Required 2NIC card, Assign LAN IP address to your Primary NIC,

And Assign Broadband/public IP in Secondary NIC card.

Use Public DNS in network configuration setup

And restart the service

#service network restart #chkconfig network on And try to ping the public gateway and your local LAN gateway address for successful ping request Before going to configuration file this proxy will only work in 180.190.29.X series network To join other subnet to work,pls add this below command.. #route add -net 180.190.30.0 netmask 255.255.255.0 gw 180.190.29.1 #route add -net 180.190.40.0 netmask 255.255.255.0 gw 180.190.29.1 -net:- other subnetwork address gw:- localnetwork proxy server gateway And finally add this command in /etc/rc.local it will work even after reboot.

And now we wants to configure squid in configuration file.. #vi /etc/squid/squid.conf Defaultly SQUID binds to http_port 3128. But usually it is changed to 8080. ACCESS CONTROL(ACL):In squid we configure things by writing rules. They are known as ACL rules. A simple ACL rule: acl aclname acltype string1 http_access allow|deny aclname aclname = name of the rule acltype = the type of string we are using eg:src, dst string = can be IPs, networks, URLs etc acl mynetwork src 192.168.0.0/255.255.255.0 http_access allow mynetwork

NOTE: Specify the rules before the line #http_access deny all Its because the rules are parsed from top to bottom.

To block internet usage from a particular IP address: Write this rule: #acl block_ip src 192.168.0.XX #http_access deny block_ip It should be above these lines #acl mynetwork src 192.168.0.0/255.255.255.0 #http_access allow mynetwork Else the rule will be cancelled because of the above rule[mynetwork]. Always keep in mind that Squid interprets rules from top to bottom. To block internet usage from two or more IP addresses By ACL Lists: Write this rule: #acl block_ips src IP1 IP1 #http_access deny block_ips Eg: #acl block_ips src 192.168.0.21 192.168.0.22 #http_access deny block_ips Or you can define rules like this: #acl block_ips src 192.168.0.21 #acl block_ips src 192.168.0.22 #http_access deny block_ips To block a particular URL: For blocking the URL www.yahoo.com For blocking only one URL use the acl_type dst. #acl block_site dst www.yahoo.com #http_access deny block_site You can see that site yahoomail is still accessible. So it blocks single URL only. To block only one domain: Eg for blocking all systems from accessing orkut.com #acl block_site1 dstdomain .orkut.com #http_access deny block_site1

To block a list of sites from / specified in a file: First we have to create a file and save all the URLs we want to block in that. In this example file is saved in /etc/squid/block_list.txt. [root@proxy ~]# cat /etc/squid/block_list.txt www.hotmail.com www.ibm.com www.hp.com #acl block_list url_regex "/etc/squid/block_list.txt" #http_access deny block_list

Blocking the sites with Keywords: [root@proxy ~]# cat /etc/squid/block_list0.txt hotmail ibm hp #acl block_list1 url_regex -i "/etc/squid/block_list0.txt" #http_access deny block_list1 Note : -i -Specifies the case sensitive. Finally restart the squid service Note:- while providing access for particular site images will not load so, check in /var/log/squid/access.log file there you should see some lines containing a "TCP_DENIED" followed by the URL containing the images or the other stuff that is not loading. BTW I've looked at Facebook pictures, and looks like they are pulled from fbcdn.net, so add that in your file and reload squid to test again #service squid restart #chkconfig squid on And add the proxy server ip address and port number in your Windows /linux machine IE/Mozilla for working on the same In IE Tools-> Internet Options-> Connections Tab-Lan Settings there add the proxy server IP address as mentioned below

Click ok and close the IE and open check for the changes..