Install Squid

Blocking URL

In this scenario, we block some known bad URL, then allow all others, this is not the desired way only if you have a good end point protection software:

• open this file /etc/squid/squid.conf
• add these lines:

  acl bad_url dstdomain "/etc/squid/bad-sites.acl"
  http_access deny bad_url
  

• then create and  go to /etc/squid/bad-sites.acl and add domains with this format

  .msn.com
  .app.facebook.com

Allowing URL (IP)

In this scenario, we allow some good URL, then blocking all others, this is a safer way, but may need more administrative efforts.

• add following lines:

#IPs to bypass the trip
acl BYPASS_IP dst "C:\ClientSiteProxy\etc\IP_address_bypass.txt"
#TAG: always_direct
http_access allow BYPASS_IP
always_direct allow BYPASS_IP
#URLS to bypass the trip
acl BYPASS_DOMAIN dstdomain "C:\ClientSiteProxy\etc\hostname_bypass.txt"
#TAG: Bypass NTLM & Trip
http_access allow BYPASS_DOMAIN
always_direct allow BYPASS_DOMAIN
http_access deny all

•  Create C:\ClientSiteProxy\etc\IP_address_bypass.txt and add the IP addresses; one each line, create C:\ClientSiteProxy\etc\hostname_bypass.txt and add the URLs, one each line.
•  Restart the squid service

Authentication

The following configuration allows for authenticated access to the Squid proxy service using usernames and passwords.

1. You will need the htpasswd utility. If you’ve installed Apache on your Linode, you will already have it. Otherwise run:

   1	sudo yum install httpd-tools

2. Create a file to store Squid users and passwords, and change ownership:

   1 2	sudo touch /etc/squid/squid_passwd sudo chown squid /etc/squid/squid_passwd

3. Create a username password pair:

   1	sudo htpasswd /etc/squid/squid_passwd user1

   Replace user1 with a username. You will be prompted to create a password for this user:

   1 2 3

   New password: Re-type new password: Adding password for user user1

   You can repeat this step at any time to create new users.

4. Edit the Squid configuration file and add the following lines:

   /etc/squid/squid.conf

   1 2 3

   auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users

5. Once you’ve saved and exited the file, restart Squid:

   1	sudo service squid restart

6. At this point, you can configure your local browser or operating system’s network settings to use your Linode as an HTTP proxy. You will need to specify that the server requires authentication, and provide the username and password. How to do this will depend on your choice of OS and browser. Once you’ve made the settings change, test the connection by pointing your browser at a website that tells you your IP address, such as ifconfig, What is my IP, or by Googling What is my ip.
7. To remove a user’s access to the proxy, you must delete their entry in the squid_passwd file. Each user is represented in the file on a single line in the format of user:passwordhash :

   /etc/squid/squid_passwd

   1	user1:gh48gfno user2:9b83v5hd

   If you are using Nano, the command Control+k will remove the entire line where the cursor rests. Once you’ve saved and exited the file, restart Squid:

   1	sudo service squid restart

Authentication with AD

https://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

Configure client

Assume that the proxy server’s IP address is 192.168.90.29

Linux(centOS):

Windows

Control panel > internet Options > Connections > LAN > proxy

enter 192.168.90.29 Port: 8080

Deploy setting via GPO:

Network connection setting

PAC file

Create a PAC file by text editor:

function FindProxyForURL(url, host) {
return "PROXY ip.of.proxy.server:8080; DIRECT";
}

Note in the internet Properties > connection >LAN setting > Use automatic configuration script: http://ip.to.the.IIS/proxy.pac

Http:// is mandatory.

Reference: http://findproxyforurl.com/deploying-pac/

Logs

/var/log/squid/ log file directory

The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (eg, memory, disk space). There are several log file maintained by Squid. Some have to be explicitely activated during compile time, others can safely be deactivated during.

/var/log/squid/access.log (or .gz) : Most log file analysis program are based on the entries in access.log. You can use this file to find out who is using squid server and what they are doing etc
/var/log/squid/cache.log : The cache.log file contains the debug and error messages that Squid generates. If you start your Squid using the default RunCache script, or start it with the -s command line option, a copy of certain messages will go into your syslog facilities. It is a matter of personal preferences to use a separate file for the squid log data.
/var/log/squid/store.log : The store.log file covers the objects currently kept on disk or removed ones. As a kind of transaction log it is ususally used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analysing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).

Extract the gz file: Use command sudo gunzip -d access.log-20170827.gz to extract the log file.

Change the time format: the timestamp in the access file is unix format, use command perl -pe 's/\d+/localtime($&)/e' access.log > new_access.log to create a new file with human readable log.