Squid

From wiki.techunit.org
Jump to: navigation, search

Introduction

  • Realized on
    • Debian 8 (Jessie)
    • Ubuntu 14.04
  • Squid3 versions :
    • 3.3.8
    • 3.4.8-6

See Also

Guide to migrate old Squid version with squidGuard to Squid3

SSL bumping with Squid3

Configuration

Installation

aptitude install squid3 -y

Minimal configuration

  • Remove configuration file commented lines
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.orig
grep  -v ^# /etc/squid3/squid.conf | grep -v ^$ > /etc/squid3/squid.conf
  • Edit and modify /etc/squid3/squid.conf
#Add you LAN(S)
acl LAN src 10.0.0.0/24
acl all src all

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
#Modify this line
http_access deny !LAN all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

Enable cache

cache_dir ufs /var/spool/squid3 1024 256 256
cache_mem 128 MB
maximum_object_size 15 MB

Add-ons

DansGuardian

  • Webfiltering

SquidGuard

  • Webfiltering

Squidclam

  • Antivirus

SquidAnalyzer

  • Log parsing

Sources

Elliot
techUnit's cofounder