--------------------การติดตั้ง-------------------------------------
ติดตั้ง squid proxy ด้วยคำสั่ง
apt-get update ; apt-get install -y squid3 apache2-utils
การแก้ไขค่าคอนฟิก โดยให้ตัดเอาเครื่องหมาย #comment ออกเหลือแต่ค่า configure อย่างเดียว ใช้คำสั่งต่อไปนี้
mv /etc/squid/squid.conf /etc/squid/squid.conf.bkp --> Backup configure
grep -Eiv '(^#|^$)' /etc/squid/squid.conf.bkp
or
grep -ve ^# -ve ^$ /etc/squid/squid.conf.bkp > /etc/squid/squid.conf
การสร้าง user สำหรับเข้าใช้งานอินเตอร์เน็ต For debian
touch /etc/squid3/passwd
htpasswd -c /etc/squid3/passwd user
ใส่ password 2 ครั้ง
การเช็ค user ที่เราสร้าง
#/usr/lib/squid3/ncsa_auth /etc/squid3/passwd
username password กด Enter
OK --> Status
----------------file squid--------------------------------------
1. Authentication
2. Block website
------Start-------
# Access Control Options
#-----------------------
#
acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl all src
acl localhost src 127.0.0.1/32 ::1
acl localnet src 192.168.1.0/24 # Internal network
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl forbidden dstdomain "/etc/squid3/block_website"
http_access deny forbidden
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl manager proto cache_object
acl purge method PURGE
acl CONNECT method CONNECT
#Authentication
# -------------
#
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
#auth_param basic credentialsttl 30 minutes
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
auth_param basic realm Squid proxy-caching web server for Lee Moyoon system
acl ncsa proxy_auth REQUIRED
http_access allow ncsa
#
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
#
# Network Option
# ------------
#
http_port 3128
#
# Option which affect the cache size
# ===============
#
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/cache/squid 1000 16 256
maximum_object_size 100 MB
cache_swap_low 95
cache_swap_high 99
#
# Option for tuning the cache
# =====================
#
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080
#
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
store_avg_object_size 13 KB
#
# HTTP Option
# ==========
vary_ignore_expire on
#
# ANONIMITY OPTIONS
# ===============
#
request_header_access From deny all
request_header_access Server deny all
request_header_access Link deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#
------End--------
สร้างไฟล์ block_website /etc/squid/block_website
root@proxy:/etc/squid3# cat block_website
.twitter.com
.pinterest.com
.cyberciti.biz
ปรับใช้งาน squid ด้วยคำสั่ง
squid3 -k reconfigure
Reference: adilmehmoodbutt
----------------------------------------------------------------------
1. tecmint.com
Base on debian
* เว็บไซต์ไทย
ireallyhost.com
* การปรับแต่ง cach
rmutsv.ac.th/blogs
* Transparent proxy
topcomputer.co.th
2. wiki.squid-cache.org
Permit some time, All day
Ext.
acl foo proxy_auth REQUIRED
acl bar proxy_auth lisa sarah frank joe
acl daytime time 08:00-17:00
http_access allow foo daytime
http_access allow bar
http_access deny all3. switchroot.com
For create file Create a NCSA password
4.linode.com
Base on Ubuntu
Ext. command
sudo htpasswd /etc/squid3/squid_passwd user15.arashmilani.com
Base on CentOS 6.5
Ext. command
sudo htpasswd -d /etc/squid/squid_passwd john