Thursday, March 22, 2007

Squid Config

Server Configuration

  • Step #1 : Squid configuration so that it will act as a transparent proxy
  • Step #2 : Iptables configuration
    • a) Configure system as router
    • b) Forward all http requests to 3128 (DNAT)
  • Step #3: Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

Where,

  • httpd_accel_host virtual: Squid as an httpd accelerator
  • httpd_accel_port 80: 80 is port you want to act as a proxy
  • httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
  • httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
  • acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
  • http_access allow localhost: Squid access to LAN and localhost ACL only
  • http_access allow lan: — same as above –

Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ):
# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'

OR, try out sed (thanks to kotnik for small sed trick)
# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'

Output:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid

Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j DNAT –to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

Start or Restart the squid:
# /etc/init.d/squid restart
# chkconfig squid on

Desktop / Client computer configuration

Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.

How do I test my squid proxy is working correctly?

See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log

THAT's it U R DONE WITH THE PROXY SERVER


HOW TO PURGE BAD CACHE FROM CACHE

If you’re using Squid Cache Proxy as your own proxy server, maybe you’ve experience Squid always returning the old cache even if the website itself already changed. If that’s the case then the only solution is by Purging the old cache from Squid cache. And there’s two method to do this. The first method is by deleting all of your squid cache but this would cause all of your cache lost and i don’t think you want that happen, right ? But don’t worry there’s other alternative and that’s by using PURGE command on squid.


First thing is open the squid.conf in your squid configuration directory, for example C:\Squid\etc\squid.conf and add these lines if it’s not already there.

acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

After adding these lines you can restart your squid service manually or you can just type below line from the command prompt

x:\squid\sbin\squid.exe -n Squid -f

#squid -k reconfigure

Where X is the path to the squid executable, to force reconfiguring squid without the need to restart squid service. And to purge the cache, you can simply type this :

#squidclient -h 127.0.0.1 -m PURGE http://www.yourtargetwebsite.com/

The -h parameter, it’s not required if you run squid from localhost and don’t forget to replace the target website with the any website you want squid to purge from it’s cache also remember to add the last trailing slash, because it’s important or squid will return object not found like below :

HTTP/1.0 404 Not Found
Server: squid
Date: Sun, 17 Sep 2006 03:44:22 GMT
Content-Length: 0

And if you do it correctly Squid will return HTTP 200 OK like below :

HTTP/1.0 200 OK
Server: squid
Date: Sun, 17 Sep 2006 03:44:43 GMT
Content-Length: 0

Ok that’s all about it … hopefully it’ll help you to fix your problem with your squid cache




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)