Squid Cache Web Proxy
Many computer networks tend to crawl when there are many users accessing the internet, or there are unwanted traffic coming from social media applications that should not be accessed during working hours, or there is no control over who accesses the internet in the company, etc. These are some scenarios that make a company pay a lot of money for internet access. Problems like these that are presented puts the IT guy in the light.
From my experience, all the above can be solved by using a free and open source software called SQUID.Two important work squid can do is for caching and transparent proxying and others but for this article, I will be describing how to configure it as a web caching server.
A brief explanation on caching. Computers networks work using the client-server architecture so when accessing the web or internet, a request is sent from the client on your computer (web browser) to a web server of the domain you are accessing,eg:facebook.com. Every time you access facebook.com, all the contents are collected from the web-server and presented in the web browser. Every time a request is made, your internet data gets depleted eventually running out.
What if we introduce caching into your network? Now the cache server acts as a middleman between the client and the web-server. The first time you access facebook.com, those contents are collected from the web server and saved in the cache before they are presented to the client. Now the magic happens here, when you revisit FB again after some time, the contents are now fetched from the cache rather than the actual web server hence saving your MBs. There is always a refresh time where the cache is updated periodically.
Installing squid in ubuntu is a matter of running;
>>apt-get update && apt-get install squid
The default config file is detailed with the comments as documentations so this makes editing cubersome. What we need to do is remove the comments leaving the actual config as shown;
>>mv squid.conf squid.conf.$(date +%F)
>>grep -ve ^# -ve ^$ squid.conf.date_created_by_above_command > squid.conf
Below is the minimalist configurations.
acl localnet src 202.1.39.128/26
acl localnet src 10.0.0.0/8??????# RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10??????# RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16???# RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12??????# RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16??????# RFC 1918 local private network (LAN)
acl localnet src fc00::/7?????????# RFC 4193 local private network range
acl localnet src fe80::/10????????# RFC 4291 link-local (directly plugged) machines
acl localhost src 202.1.39.153
acl SSL_ports port 443
acl Safe_ports port 80??????# http
acl Safe_ports port 21??????# ftp
acl Safe_ports port 443??????# https
acl Safe_ports port 70??????# gopher
acl Safe_ports port 210??????# wais
acl Safe_ports port 1025-65535???# unregistered ports
acl Safe_ports port 280??????# http-mgmt
acl Safe_ports port 488??????# gss-http
acl Safe_ports port 591??????# filemaker
acl Safe_ports port 777??????# multiling http
领英推荐
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid/ 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp:??????1440???20%???10080
refresh_pattern ^gopher:???1440???0%???1440
refresh_pattern -i (/cgi-bin/|\?) 0???0%???0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$????????????????????1440 50% 10080
refresh_pattern .??????0???20%???4320
visible_hostname ralikuProxy
##config ends here
After editing, it is best to run the command below, this runs through the config file and tells you where the mistakes are;
>> /usr/sbin/squid3 -k parse
Then, restart the service.
>>systemctl restart squid
To be able to use the proxy, you have to configure the proxy settings in the web browser. I will be adding website restrictions, delay pools, and authentication in a later article. For the time being, Happy caching.
ICT Lab Manager at Surveying and Land Studies Dept(UNITECH)
3 年https://stuvel.eu/articles/transproxy/. this article is very useful,it gives invaluable information on how to configure squid as a transparent proxy combined with firewall rules and ACLs. While my article is on caching, this article helps to solve a small problem I ran into, when the squid proxy is not used in a gateway but just a regular machine on the network, the users are able to access internet bypassing the proxy. This writer is a life saver. I will later write an article on how to configure Ubuntu as a router or gateway and at the same time a cache proxy server.