Squid Server Configuration: Part-2

To block certain content types. Squid currently can not do “content inspection” to decide on the file type based on the contents, but it is able to block HTTP replies based on MIME  ( file extension type)

Block flash video

The MIME type for such content is “video/x-flv”.   Edit /etc/squid/squid.conf

Create an ACL

acl  block-flashvideos  rep_mime_type  video/x-flv

Set Action

http_reply_access  deny  block-flashvideos

It will block flash videos

acl syntax :
acl <acl name> browser  <UserAgent>

Edit squid.conf for

acl block_browser browser MSIE
http_access deny block_browser

is also possible to block specific version or other browsers too:

acl block_bad_browser browser MSIE.9
acl block_bad_browser browser MSIE.10
acl block_bad_browser browser Firefox
acl block_bad_browser browser Chrome/38
http_access deny block_bad_browser

We have a  Linux PC with multiple IP Address  and  Squid Proxy Server  configured, Our  browser to use that proxy on one of these IP and go out from that server with the same IP and not with the default ip .
This is very useful if you have services that require 1 specific IP to be allowed, or if you want to give the proxy server to different people and still be able to trace what they do.

To implement this follow the steps

Use multiple IP addresses based on the squid’s IP being used as proxy server
acl  IPADDRESS-1  myip  192.168.0.20
acl  IPADDRESS-1   myip  192.168.0.21
acl  IPADDRESS-1   myip  192.168.0.23
tcp_outgoing_address 192.168.0.20  IPADDRESS-1  
tcp_outgoing_address 192.168.0.21  IPADDRESS-2  
tcp_outgoing_address 192.168.0.23  IPADDRESS-3 

 

We can clear cache by deleting these, and recreate , follow steps

# squid -k shutdown
or
# service squid stop
# cd   /var/spool/squid   <—This is cache dir
# rm -rf *

# squid -z

2015/06/13 12:13:24| Creating Swap Directories

Note: this will recreate cache directories again

# ls

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

# service squid start

Note : Its better to use ‘squid -k reconfigure’ rather thant restarting squid as it wont have to stop the cache, so its almost instant.

Verify Squid for up and running

# netstat -tulpn | grep :3128
# tail -f /var/log/squid/access.log
# tail -f /var/log/squid/cache.log

/var/log/squid/ is the default directory for squid logs

there are three logs

/var/log/squid/access.log : Surfing details, we can view who is doing what in this log.

 /var/log/squid/cache.log : The cache.log file contains the debug and error messages that squid generates

 /var/log/squid/store.log : The store.log file covers the objects currently kept on disk or removed ones.

 

Disable logging in Squid Proxy

If we have any requirements of disabling logs of squid proxy service. Follow these simple steps to disable all kind of logging by squid service.

To disable access log, edit /etc/squid/squid.conf
​access_log none

To disable store log, edit /etc/squid/squid.conf
cache_store none

To disable cache log, edit /etc/squid/squid.conf
cache_log /dev/null
logfile_rotate 0