Centos - Network Gateway part 3 - Squid ( continued)
e. Config allow, deny site
vim /etc/squid/deny_sites
vim /etc/squid/allow_site
vim /etc/squid/squid.conf
Edit rules:
acl my_network src 10.0.0.0/16
acl good_site dstdomain "/etc/squid/allow_sites"
acl bad_site dstdomain "/etc/squid/deny_sites"http_access deny bad_site
http_access allow my_network good_site
http_access deny all
Test.
f. Config Author User:
useradd u1
htpasswd -c /etc/squid/squid.passwd u1
vim /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl my_network src 10.0.0.0/16
acl ncsa_users proxy_auth REQUIREDhttp_access allow my_network ncsa_users
http_access deny all
g. Lock file extentions:
vim lock_files
\.gif
\.jpeg
\.jpg
vim /etc/squid/squid.conf
acl my_network src 10.0.0.0/16
acl lock_files urlpath_regex "/etc/squid/lock_files"http_access deny lock_files
http_access allow my_network
http_access deny all
h. Filter content by url
vim /etc/squid/squid.conf
acl url_filter url_regex -i dantri vnexpress nhanghi
http_access deny url_filter
http_access allow my_network
http_access deny all
Lasest: Config ip_tables to use transparent proxy ( without configuring the web browser)
vim /etc/squid/squid.conf
http_port 8080 transparent
iptables -t nat -A PREROUTING -s 10.0.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables-save > gateway (save )
Nice tutorial by me :D
---------------------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.
Nam Habach