squid proxy centos 6.4 prepared by : mr. sopheap position : it support location : deam computer date...

Squid Proxy CentOS 6.4

Prepared by : Mr. Sopheap

Position : IT Support

Location : Deam Computer

Date : 24/July/2013

Infrastructure

RequirementSquid Proxy Server = CentOS 6.4

IP = 192.168.1.123/24 ; Eth0 = WAN

IP = 10.10.10.1/24 ; Eth1 = LAN

Client Windows XP

IP = 10.10.10.2/24 – 10.10.10.254/24

What Type of Proxy Server?Transparent Proxy

This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.)

Anonymous Proxy

This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users.

Distorting Proxy

This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.

High Anonymity Proxy

This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.

Anonymous Proxy & Transparent Proxy

Now I will choose two type of proxy server for show everyone

Anonymous Proxy

Transparent Proxy

Anonymous Proxy

Hostname

Hostname

Anonymous Proxy

IP address WAN

Anonymous Proxy

IP Address WAN

Anonymous Proxy

IP Address LAN

Anonymous Proxy

Stop Service Iptables

Anonymous Proxy

Install Squid Proxy

Anonymous Proxy

Enable Service Squid

Anonymous Proxy

Copy default configure squid

Anonymous Proxy

Edit file squid configuration

Anonymous Proxy

Edit file squid configuration

Anonymous Proxy

Edit file squid configuration

Anonymous Proxy

Edit file squid configuration

Anonymous Proxy

Save and Start service squid

Anonymous Proxy

Enable IP address Squid Proxy on Client

Anonymous Proxy

Client access internet

Anonymous Proxy

Create blacklist website for block on client

Anonymous Proxy

Create blacklist website for block on client

Anonymous Proxy

Create rule in squid for block blacklist website on client

Anonymous Proxy

Client access blacklist website

Anonymous Proxy

Create rule unlimited access for specific ip address

Anonymous Proxy

Create rule unlimited access for specific ip address

Anonymous Proxy

Anonymous Proxy

Create rule unlimited access for specific ip address

Client use unlimited ip address access blacklist website

Anonymous Proxy

Create rule for block file torrent

Anonymous Proxy

Client access website torrent

Anonymous Proxy

Create rule for block image url

Anonymous Proxy

Client access website that image url block

Anonymous Proxy

Create rule for authentication with squid proxy

Anonymous Proxy

Anonymous Proxy

Create rule for authentication with squid proxy

Install service httpd

Anonymous Proxy

Edit file /etc/hosts

Anonymous Proxy

Restart service httpd

Anonymous Proxy

Create user htpasswd

Anonymous Proxy

Client access internet by authenticated with squid proxy

Anonymous Proxy

After client type user name and password

Anonymous Proxy

Create file for block extension

Anonymous Proxy

Create rule for block video content; extension and video reply

Anonymous Proxy

Client access website that have video content

Anonymous Proxy

Client download file that have extension .exe

Anonymous Proxy

Limited speed download for client and unlimited ip address

Anonymous Proxy

Client use unlimited ip address download unlimited speed

Anonymous Proxy

Client Lan ip address download speed

Anonymous Proxy

Create file index.htm for redirect blacklist website

Anonymous Proxy

Anonymous Proxy

Create file index.htm for redirect blacklist website

• Note for this file we can create by our self or we can download file html

Type command redirect this file

Anonymous Proxy

When access blacklist website it will redirect to 192.168.1.123/index.htm

Anonymous Proxy

Create rule for authenticated specific time

Anonymous Proxy

Client access internet during 3:20 PM so client do not authentication with squid proxy.

Anonymous Proxy

Edit file squid on http_port 3128 intercept or http_port 3128 transparent

Transparent Proxy

Enables port forwarding in /etc/sysctl.conf

Transparent Proxy

Delete all rule in /etc/sysconfig/iptables

Transparent Proxy

After delete all rule in /etc/sysconfig/Iptables we need to restart service Iptables and save service iptables

Transparent Proxy

After we restart service iptables already we need to create file iptables for create new rule and restart service iptables like above.

Transparent Proxy

Restart service iptables and new file be create (sh flush.sh)

Transparent Proxy

Client access internet by do not put ip address and port of squid proxy

Transparent Proxy

Transparent Proxy

Client access internet by do not put ip address and port of squid proxy

Client still cannot access website blacklist

Transparent Proxy

We can monitor client access blacklist by type tail –f /var/log/squid/access.log

Transparent Proxy

Squid Proxy Preparation by Mr. Sopheap

The End