Squid Basic Comands
# squid -k
===========> parse Check if squid.conf is OK and syntax-free
===========> check Check if SQUID is running
===========> reconfigure Re-Read squid.conf w/o stopping [refresh]
aka service squid reload
rotate rotate the log files
shutdown Shutdown SQUID gracefully
aka service squid stop
interrupt Kill SQUID w/o waiting for trns to finish
kill Kill SQUID mercilessly
debug Puts SQUID in debugging mode
# squid -N Is SQUID running ?
# squid -Nd1 Is DNS working ?
Restrict sites
Search for `Access Controls’ and append following two lines:
acl blocksites dstdomain .gmail.com
http_access deny blocksites
Save and close the file. Restart Squid:
# /etc/init.d/squid restart
Guys please note In the following Acl
acl blocksites dstdomain .gmail.com ————–> The sequence of this line is not important.
http_access deny blocksites ————> Only the http_access is impotant.
Squid read the http_access first. This is important. Not the acl.
-
Restricting Web Access By Time
You can create access control lists with time parameters. For example, you can allow only business hour access from the home network, while always restricting access to host 192.168.1.23.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
acl RestrictedHost src 192.168.1.23
#
# Add this at the top of the http_access section of squid.conf
#
http_access deny RestrictedHost
http_access allow home_network business_hours
Or, you can allow morning access only:
#
# Add this to the bottom of the ACL section of squid.conf
#
acl mornings time 08:00-12:00
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow mornings
Squid is also capable of reading files containing lists of web sites and/or domains for use in ACLs. In this example we create to lists in files named /usr/local/etc/allowed-sites.squid and /usr/local/etc/restricted-sites.squid.
# File: /usr/local/etc/allowed-sites.squid
linuxhomenetworking.com
# File: /usr/local/etc/restricted-sites.squid
illegal.com
These can then be used to always block the restricted sites and permit the allowed sites during working hours. This can be illustrated by expanding our previous example slightly.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
acl GoodSites dstdomain “/usr/local/etc/allowed-sites.squid”
acl BadSites dstdomain “/usr/local/etc/restricted-sites.squid”
Only 2 things you need to do
- Write a iptable rule
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
- http_port 192.168.0.1:3128 transparent
And if you have a squid 2.4 or below
Then write the iptable rule
and just add the following entry in squid.conf file
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Using squid with username and password
Please follow the link it will help you to setup squid authentication with NCSA authentication
http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html
If you have any doubts feel free to contact me:
ashraf.mohammed83@gmail.com