0% found this document useful (0 votes)

147 views

LinuxCBT Squid Notes

The document describes configuration details for setting up and managing access to a Squid caching proxy server on a network. It includes information on installing and configuring Squid, defining access control lists (ACLs) to apply bandwidth management and access restrictions based on source/destination, time periods, and URL content. ACLs can restrict access based on IP addresses, domains, file extensions and keywords. Caching hierarchies and peer configurations are also described to optimize caching between parent and child proxy servers.

Uploaded by

rajasekarkala

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

147 views

LinuxCBT Squid Notes

Uploaded by

rajasekarkala

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Network Hosts:

linuxcbtwork1 -> Primary DNS server -> 192.168.1.72

linuxcbtserv1 -> 192.168.1.10
linuxcbtserv2 -> 192.168.1.20
linuxcbtserv3 -> 192.168.1.30
cache1 -> CNAME -> linuxcbtserv2
Squid client/server logic:
client(www.google.com) -> Squid -> server/peer cache
Steps to Squid installation
1. Setup DNS - cache1.linuxcbt.internal
2. Install Squid
3. Start Squid and attempt to use - modify ACLs
4. Access to the Internet is granted
Notes: Squid defaults to TCP:3128
Squid Logging:
Default Directory: /var/log/squid
cache.log -> system info (RAM/CPU/Virtual Memory/Networking)
squid.out -> basic system info
access.log -> main user log file
access.log Fields using Native Squid Log Format:
1. Request_Time(Unix Epoch.ms) - 2. elapsed_time(ms) of page/object delivery 3. remotehost(ip) 4. code(Squid
actions)/status(http errors)
5. bytes delivered to client 6. Method(Get/Post/Connect) 7. URL 8. IDENT 9. hierarchy (DIRECT/IP) 10. Type(MIME)
Note: Squid also supports Common Log Format (CLF)
Store.log (stores objects in cache) Fields:
1. Time 2. action(Release,Create,Swapout,Swapin) 3. file number(location on disk /var/spool/squid) 4. HTTP Status 5.
HTTP Date 6. Last Modified
7. expiration of content 8. MIME type 9. size of content content_length/actual size read 10. method (Get/Post/Connect) 11.
URL
Change Squid's default TCP Port:
1. modify /etc/squid/squid.conf
2. updated http_port 8080
3. /sbin/service squid reload
Note: https_port functions as follows:
#client -> Squid -> HTTPS Web Server
ACLs:
Safe Ports:
1. Definition of ACL:
acl Safe_ports port 999
acl unique_name type(src/dst/dstdomain/srcdomain/time_of_day/etc.) descision_string
2. Apply ACL using criteria:
http_access
linuxcbtserv1 - 192.168.1.10 - deny
linuxcbtserv2 - 192.168.1.20
linuxcbtserv3 - 192.168.1.30
linuxcbtwork1 - 192.168.1.72
192.168.1.0/24 - CIDR
Lists:
1. can be built by repeating the ACLs. i.e.:

acl linuxcbt_bad_hosts src 192.168.1.10

acl linuxcbt_bad_hosts src 192.168.1.30
http_access linuxcbt_bad_hosts deny
2.acl linuxcbt_bad_hosts src "/etc/squid/linuxcbt_bad_hosts"
ACLs based on Time:
days of week (DOW) = SMTWHFA
Hours and minutes: hh:mm-hh:mm
ACLs based on specific destination domains:
1. build redundant list in squid.conf
2. build list in text file
ACLs based on ANDed logic. i.e. deny access to site during business hours
1. build separate rules
2. combine rules
3. apply tag to combined rules
Business Rule: No casual browsing during work hours
1. Work Hours = MTWHF 08:30 17:30
2. Source Subnet = 192.168.1.0/24
3. Permit access to research-related websites - wikipedia.org
Business Rule: No browsing of sites with keyword 'sex'
1. define url_regex ACL
acl bad_keyword url_regex -i sex
http_access deny bad_keyword
Business Rule: No download of prohibited extensions
1. define url_regex ACL
acl bad_suffixes url_regex "/etc/squid/bad_suffixes"
http_access deny bad_suffixes
Business Rule: No outbound access to certain TLDs (.cn,.jp, etc.)
acl bad_tlds dstdom_regex "/etc/squid/bad_tlds"
http_access deny bad_tlds
urlpath_regex - http://www.china.cn/downloads
Business Rule: Setup Squid as a non-caching Proxy Server
acl noncaching_hosts src 0.0.0.0/0.0.0.0
no_cache deny noncaching_hosts
Business Rule: Disable caching for specific sites (Internet/Intranet)
acl no_cache_sites dstdomain .yale.edu
no_cache deny no_cache_sites
Business Rule: Disable caching for dynamic sites (.php/.asp/pl/cgi/jsp/)
acl no_cache_dynamic_sites "/etc/squid/dynamic_sites"
no_cache deny no_cache_dynamic_sites
Business Rule: No Cache for Executives and Admins - Cache everyone else.
acl no_cache_execs src 192.168.1.10 192.168.1.20
no_cache deny no_cache_execs
Business Rule: Ensure that non-proxy servers have direct Internet-access
1. outbound Cisco Firewall (PIX) rules
Squid in a load-balanced fashion

192.168.1.0/24 -> 192.168.1.20

192.168.1.30
192.168.1.0/24 -> Content Switches -> 192.168.1.20
192.168.1.30
Business Rule: Implement Bandwidth management using Delay Pools
Note: Delay Pools have 3 different classes
a. class 1 allows us to restrict the rate for large downloads
1a. acl worker_bees src 192.168.1.0/24
1b. delay_pools 1 - defines the number of delay pools
2. delay_class 1 1 - setup class based on pool #1 and using class #1
3. delay_parameters 1 restore_rate/max_size
a. delay_parameters 1 20000/15000
4. delay_access 1 allow worker_bees
Business Rule: Implement Bandwidth Management with Aggregate Rate
delay_pools 1
delay_class 1 2
delay_parameters 1 62500/62500 (max/max) 6250/6250
Note: T1 - 1,544,000
Ceiling: 500k(500,000 bits/second) = 62,500 bytes/second
Business Rule: Ensure that requests are routed through parent cache
Cache Hierarchy - Parent-Child
192.168.1.0/24 -> linuxcbtserv2(child) -> linuxcbtserv3(parent) -> INTERNET
cache_peer linuxcbtserv3.linuxcbt.internal parent 8080 3130 default
Note: CARP, ICP, HTCP, Cache-Digests
Business Rule: Ensure that local Intranet requests bypass the parent
cache_peer linuxcbtserv3.linuxcbt.internal parent 8080 3130 default
cache_peer_domain linuxcbtserv3.linuxcbt.internal !.linuxcbt.internal
Business Rule: Treat 192.168.1.10 as a privileged user bypassing the parent - linuxcbtserv3.linuxcbt.internal
acl avoid_parent_cache src 192.168.1.10
cache_peer_access linuxcbtserv3.linuxcbt.internal deny avoid_parent_cache
Business Rule: Treat caches as siblings
cache_peer linuxcbtserv3.linuxcbt.internal parent 8080 3130 default
Note: Parent-Child hierarchy - constitutes a centralized deployment
Note: Sibling hierarchy - constitutes a distributed deployment
#Business Rule: Limit simultaneous cache/proxy connections per-client
#MaxConn = 10
acl conn_limit maxconn 10
http_access deny conn_limit all

TeamViewer Free - License Key
0% (1)
TeamViewer Free - License Key
1 page
6th Central Pay Commission Salary Calculator
100% (436)
6th Central Pay Commission Salary Calculator
15 pages
TDS - Silicone Sealant
No ratings yet
TDS - Silicone Sealant
3 pages
CRH Produkt Program
No ratings yet
CRH Produkt Program
28 pages
SLE201v15 Lab Exercise 3.4
No ratings yet
SLE201v15 Lab Exercise 3.4
2 pages
Changes
No ratings yet
Changes
60 pages
GNS3 Bridge To ESXi Environment Using GNS3 v1.0
No ratings yet
GNS3 Bridge To ESXi Environment Using GNS3 v1.0
6 pages
OVS Cheat Sheet
No ratings yet
OVS Cheat Sheet
2 pages
RHCE
No ratings yet
RHCE
5 pages
Building A Powerful FreeBSD Firewall Based On PF and IPFW
100% (17)
Building A Powerful FreeBSD Firewall Based On PF and IPFW
13 pages
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
No ratings yet
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
1 page
RedHat Satellite
No ratings yet
RedHat Satellite
2 pages
Example of Price Adjustment As of FIDIC
100% (3)
Example of Price Adjustment As of FIDIC
7 pages
HRSG - Basic Understanding
100% (28)
HRSG - Basic Understanding
30 pages
Turnaround Planning PDF
100% (1)
Turnaround Planning PDF
79 pages
2016 - MAG 608 - Horizontal Directional Drilling
No ratings yet
2016 - MAG 608 - Horizontal Directional Drilling
6 pages
Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server
From Everand
Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server
Dr. Hidaia Mahmood Alassouli
No ratings yet
About Kubernetes and Security Practices - Short Edition: First Edition, #1
From Everand
About Kubernetes and Security Practices - Short Edition: First Edition, #1
Ami Adi
No ratings yet
LinuxCBT Firewall Notes
No ratings yet
LinuxCBT Firewall Notes
6 pages
LinuxCBT Moni-Zab Edition Classroom Notes
No ratings yet
LinuxCBT Moni-Zab Edition Classroom Notes
5 pages
LinuxCBT DBMS Edition Updates Notes
No ratings yet
LinuxCBT DBMS Edition Updates Notes
4 pages
Pages From RedHat - EX300 PDF
No ratings yet
Pages From RedHat - EX300 PDF
14 pages
Red Hat System Administration I 3.9 Lab PDF
No ratings yet
Red Hat System Administration I 3.9 Lab PDF
11 pages
Red Hat System Administration I: Document Version
No ratings yet
Red Hat System Administration I: Document Version
8 pages
Red Hat Certified System Administrator (EX200) - RHCSA Exam Prep PDF - 1595884353
No ratings yet
Red Hat Certified System Administrator (EX200) - RHCSA Exam Prep PDF - 1595884353
87 pages
Red Hat OpenStack Platform-17.1-Configuring Red Hat OpenStack Platform networking-en-US
No ratings yet
Red Hat OpenStack Platform-17.1-Configuring Red Hat OpenStack Platform networking-en-US
234 pages
LinuxCBT SELinux Notes
No ratings yet
LinuxCBT SELinux Notes
4 pages
Red Hat Openstack Platform-16.1-Networking Guide-En-Us
No ratings yet
Red Hat Openstack Platform-16.1-Networking Guide-En-Us
208 pages
Linux Foundation: Exam Questions LFCS
50% (2)
Linux Foundation: Exam Questions LFCS
5 pages
OpenStack Cheat Sheet 1
No ratings yet
OpenStack Cheat Sheet 1
3 pages
NAIT Linux Exam Sample Questions Help For ICT480
100% (5)
NAIT Linux Exam Sample Questions Help For ICT480
7 pages
Red Hat Openstack Platform-17.1-Installing and Managing Red Hat Openstack Platform With Director-En-Us222
No ratings yet
Red Hat Openstack Platform-17.1-Installing and Managing Red Hat Openstack Platform With Director-En-Us222
192 pages
CS313L Maunual v2 PDF
No ratings yet
CS313L Maunual v2 PDF
104 pages
Red Hat Satellite-6.10-Content Management Guide-En-Us
No ratings yet
Red Hat Satellite-6.10-Content Management Guide-En-Us
119 pages
Creating A Ceph Storage Cluster Using Old Desktop Computers
100% (1)
Creating A Ceph Storage Cluster Using Old Desktop Computers
7 pages
Red Hat System Administration I 3.8 Practice
No ratings yet
Red Hat System Administration I 3.8 Practice
7 pages
Red Hat Ansible - RH294 Training
No ratings yet
Red Hat Ansible - RH294 Training
7 pages
Nmcli
No ratings yet
Nmcli
4 pages
RedHat Train4sure EX200 v2019-02-10 by Travis 53q (1) Odg
No ratings yet
RedHat Train4sure EX200 v2019-02-10 by Travis 53q (1) Odg
31 pages
Mastering Devops - 2024
No ratings yet
Mastering Devops - 2024
17 pages
Red Hat System Administration I 3.6 Practice
No ratings yet
Red Hat System Administration I 3.6 Practice
8 pages
Lab1: Access Control: Posix Acl
100% (1)
Lab1: Access Control: Posix Acl
7 pages
Complete Guide To Setting Up An OpenStack Development Environment
No ratings yet
Complete Guide To Setting Up An OpenStack Development Environment
4 pages
Linux Academy Samba 4 1C30C
No ratings yet
Linux Academy Samba 4 1C30C
2 pages
RH124 - ch11
No ratings yet
RH124 - ch11
9 pages
SLE201v15 Lab Env
No ratings yet
SLE201v15 Lab Env
1 page
Ceph at CSC
No ratings yet
Ceph at CSC
27 pages
Red Hat Enterprise Linux-8-Managing Monitoring and Updating The Kernel-En-us
No ratings yet
Red Hat Enterprise Linux-8-Managing Monitoring and Updating The Kernel-En-us
184 pages
XenDesktop Getting Started
No ratings yet
XenDesktop Getting Started
86 pages
Rhce Question and Answer
No ratings yet
Rhce Question and Answer
27 pages
LinuxCBT KVM Edition Notes
No ratings yet
LinuxCBT KVM Edition Notes
5 pages
Ha Ovirt Iscsi
No ratings yet
Ha Ovirt Iscsi
28 pages
05 C1 SD1 Config Ha Lab
No ratings yet
05 C1 SD1 Config Ha Lab
18 pages
CL210 Rhosp16
No ratings yet
CL210 Rhosp16
6 pages
Red Hat Enterprise Linux-9-Security Hardening-En-Us
No ratings yet
Red Hat Enterprise Linux-9-Security Hardening-En-Us
198 pages
Pcs Command Reference
No ratings yet
Pcs Command Reference
4 pages
06 RHA230 Sendmail
No ratings yet
06 RHA230 Sendmail
27 pages
Setting Up WAN Emulation Using WAN-Bridge Live-CD v1.10
No ratings yet
Setting Up WAN Emulation Using WAN-Bridge Live-CD v1.10
8 pages
Centos / Redhat Iptables Firewall Configuration Tutorial
No ratings yet
Centos / Redhat Iptables Firewall Configuration Tutorial
7 pages
Fencing in A Red Hat High Availability Cluster
No ratings yet
Fencing in A Red Hat High Availability Cluster
8 pages
Connection Broker Installation - Guide
No ratings yet
Connection Broker Installation - Guide
64 pages
Installing Shorewall On Proxmox
No ratings yet
Installing Shorewall On Proxmox
18 pages
Red Hat OpenStack Platform-11-High Availability For Compute Instances-En-US
No ratings yet
Red Hat OpenStack Platform-11-High Availability For Compute Instances-En-US
14 pages
RH134
No ratings yet
RH134
69 pages
Linux Kernel Labs
No ratings yet
Linux Kernel Labs
5 pages
(Ebook) RHCSA: Red Hat Enterprise Linux 9 Certification Study Guide (Exams EX200), 8e by Michael Jang, Alessandro Orsaria ISBN 9781260462081, 9781260462074, 1260462080, 1260462072 - The ebook in PDF format is ready for download
100% (1)
(Ebook) RHCSA: Red Hat Enterprise Linux 9 Certification Study Guide (Exams EX200), 8e by Michael Jang, Alessandro Orsaria ISBN 9781260462081, 9781260462074, 1260462080, 1260462072 - The ebook in PDF format is ready for download
74 pages
DNS Overview
100% (1)
DNS Overview
107 pages
VI Openshift Virtualization Reference Architecture f31675 202207 en
No ratings yet
VI Openshift Virtualization Reference Architecture f31675 202207 en
42 pages
Rajasekar Kuppusamy
No ratings yet
Rajasekar Kuppusamy
3 pages
System Information Sheet - Infosys
No ratings yet
System Information Sheet - Infosys
6 pages
IAS Team New Systems Details
No ratings yet
IAS Team New Systems Details
1 page
Answer Script of Online Assessment Date of Exam: 14 - 10-2015
No ratings yet
Answer Script of Online Assessment Date of Exam: 14 - 10-2015
8 pages
User Guide - English PDF
No ratings yet
User Guide - English PDF
71 pages
KJiSL Institute of Technology Shift 1
No ratings yet
KJiSL Institute of Technology Shift 1
9 pages
Final Presentation: Raja S Arunthileeban A Kiran K Satheesh S Sujitha V Vigneshkumar M
No ratings yet
Final Presentation: Raja S Arunthileeban A Kiran K Satheesh S Sujitha V Vigneshkumar M
119 pages
Route: Anporunai and Locals Still Use The Name Amrandhu, A Derivative
No ratings yet
Route: Anporunai and Locals Still Use The Name Amrandhu, A Derivative
5 pages
VBGM Fibre Links
No ratings yet
VBGM Fibre Links
10 pages
Minimal System: License, Use and Redistribution
No ratings yet
Minimal System: License, Use and Redistribution
1 page
Sunday Place / Time Monday Place / Time Tuesday Place / Time
No ratings yet
Sunday Place / Time Monday Place / Time Tuesday Place / Time
1 page
Msys - Minimal System
No ratings yet
Msys - Minimal System
1 page
Final Presentation: Madhu Mitha D Bhuvanesh S V Nandha Kumar S R Ravi Ganesh T R Sandeep S Sujendra Kumar P
No ratings yet
Final Presentation: Madhu Mitha D Bhuvanesh S V Nandha Kumar S R Ravi Ganesh T R Sandeep S Sujendra Kumar P
82 pages
BTD-400 - Quick Installation Guide
No ratings yet
BTD-400 - Quick Installation Guide
8 pages
Win Runner
No ratings yet
Win Runner
57 pages
Creating A .War File: W (Eb) AR (Chive)
No ratings yet
Creating A .War File: W (Eb) AR (Chive)
11 pages
Teaching Toolkit: Large & Small Group Teaching
No ratings yet
Teaching Toolkit: Large & Small Group Teaching
12 pages
Small Group Teaching - Key Theories and Methods: 1. What The Literature Tells Us About Using Small Groups
No ratings yet
Small Group Teaching - Key Theories and Methods: 1. What The Literature Tells Us About Using Small Groups
18 pages
Life Cycle Assessment
No ratings yet
Life Cycle Assessment
65 pages
Whats Working in 2019
No ratings yet
Whats Working in 2019
226 pages
Denon Avr-1707 1507 687 587 487 Service en
100% (1)
Denon Avr-1707 1507 687 587 487 Service en
131 pages
YANMAR Tractors - Yanmar USA
No ratings yet
YANMAR Tractors - Yanmar USA
2 pages
First Day Subject: TLE/Agriculture Grade: Grade 9 Topic: Types of Grafting (Chip-Budding) Presenter: Ms. Lopez Objectives
No ratings yet
First Day Subject: TLE/Agriculture Grade: Grade 9 Topic: Types of Grafting (Chip-Budding) Presenter: Ms. Lopez Objectives
3 pages
Acunetix Web Application Vulnerability Report 2019 PDF
No ratings yet
Acunetix Web Application Vulnerability Report 2019 PDF
27 pages
Parade List
No ratings yet
Parade List
16 pages
GF - Elven Jesters v2.50
No ratings yet
GF - Elven Jesters v2.50
2 pages
History of Radio in India
No ratings yet
History of Radio in India
5 pages
Learning Activity 4 / Actividad de Aprendizaje 4: Introductions
No ratings yet
Learning Activity 4 / Actividad de Aprendizaje 4: Introductions
3 pages
Vacuum Dehydrator
No ratings yet
Vacuum Dehydrator
12 pages
DW01A
No ratings yet
DW01A
11 pages
Cost Estimate Breakdown For TTC and Rebuild Workshops
100% (1)
Cost Estimate Breakdown For TTC and Rebuild Workshops
10 pages
IP&IK Test
No ratings yet
IP&IK Test
5 pages
62c70cc9d5821f0c124280e0 Oxygen Analyzers
No ratings yet
62c70cc9d5821f0c124280e0 Oxygen Analyzers
4 pages
IS.456-2000 AMENDMENT 01
No ratings yet
IS.456-2000 AMENDMENT 01
5 pages
Lecture 1
No ratings yet
Lecture 1
28 pages
GMG-ColorProof-5 Howto Epson Checklist en
No ratings yet
GMG-ColorProof-5 Howto Epson Checklist en
6 pages
8536DB0901R0916
No ratings yet
8536DB0901R0916
50 pages
Hashes
No ratings yet
Hashes
3 pages
IEE GIL Ref 0306 PDF
No ratings yet
IEE GIL Ref 0306 PDF
5 pages
(Insert Project Name) : Preliminary Design Review (PDR) (Insert Date of PDR) (Insert Clarity ID)
0% (1)
(Insert Project Name) : Preliminary Design Review (PDR) (Insert Date of PDR) (Insert Clarity ID)
27 pages
Gottsponerfinal Piesppt03222015
No ratings yet
Gottsponerfinal Piesppt03222015
17 pages
JN Series Vertical Shaft Concrete Mixer PDF
No ratings yet
JN Series Vertical Shaft Concrete Mixer PDF
2 pages

Uploaded by

Uploaded by

Network Hosts:

linuxcbtwork1 -> Primary DNS server -> 192.168.1.72

acl linuxcbt_bad_hosts src 192.168.1.10

192.168.1.0/24 -> 192.168.1.20

You might also like