Control Web Access With Squid: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 38: Line 38:
''root@ubuntu:~# '''chkconfig squid on'''''
''root@ubuntu:~# '''chkconfig squid on'''''


----
----
Line 51: Line 52:


[[File:3.PNG]]
[[File:3.PNG]]


----
----
You can test to verify if the Squid process is running with the pgrep command. (To get more info about pgrep, use the man command)
You can test to verify if the Squid process is running with the pgrep command. (To get more info about pgrep, use the man command)


Line 60: Line 64:


[[File:4.PNG]]
[[File:4.PNG]]
== IV. The main configuration file ==
The main configuration file for squid is squid.conf. This is where you would want to make changes so squid will behave the way you want. To access this file, enter the following command:
'''root@ubuntu:~# ''nano  /etc/squid/squid.conf'''''
*note that I am viewing the .conf file with nano.
[[File:5.PNG]]
== V. Restricting Web access ==
You can create access control lists with time parameters. For example, you can allow only business hour access from the home network, while always restricting access to host 192.168.1.23.
Enter the lines that begin with ACL at the bottom of the ACL section to restrict hour access.
To restricT access to host 192.168.1.23, enter the lines that begin with HTTP at the top of the HTTP section (See screen shot).
[[File:6.png]]
== VI. Restricting access to specific web sites or domain ==
We are going create 2 lists in files named /usr/local/etc/allowed-sites.squid and /usr/local/etc/restricted-sites.squid.
These two list will be included at the end of the ACL section of the squid.conf file to restrict or allow the websites listed in the files. 
These will be the steps:
'''Step 1'''
Create the 2 file lists that will include what site or domain we want to restrict (can be created by using touch).
''/usr/local/etc/allowed-sites.squid''
''/usr/local/etc/restricted-sites.squid''
'''Step 2'''
Include which sites you want to allow or restrict. Of course you will have to insert them in the right file (allowed-sites.squid or restricted-sites.squid)
'''Step 3'''
We finally get to the part where you will use the files created to restrict or allow access. For that, include these highlighted lines at the end of the ACL part. (We kept the same parameters as before, just added the lines to restrict the sites/domain).
[[File:7.png]]
== VI. Restrict Web Access by IP Address ==
We can also create an access control list that restricts web access to user on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0
We just have to insert these lines below:
[[File:8.PNG]]

Revision as of 02:17, 8 May 2010

HOW TO CONTROL WEB ACCESS WITH SQUID

We are going to learn how to install and configure Squid on Ubuntu to restrict or allow web access on a network.


I. What is Squid?

Squid is a software that was developed by Duane Wessels as the Harvest object cache, part of the Harvest project at the University of Colorado at Boulder. The software was designed to run on Unix-like system, but it can also run on Windows-based system. Squid is a proxy server and web cache daemon. It can be used to speed up a web server by caching repeated requests and aiding security by filtering traffic (Control when and which IP adresses can access the web). It is primarily used for HTTP and FTP but has limited support for TLS, SSL, Internet Gopher and HTTPS.

II. Install Squid on Ubuntu.

What can be done before installing Squid is to search for the software on your machine. To do so, log in as root, and enter the following commands:

root@ubuntu:~# aptitude search squid


If the command was successful, you should have a similar screen shot.

1.PNG




If not already installed, we can being installation by entering the following commands:

root@ubuntu:~# aptitude install squid


The next screen shot assures us that Squid was installed successfully

2.PNG


III. Starting Squid

The chkconfig squid on command can be used to configure squid to start at boot.

root@ubuntu:~# chkconfig squid on




The service command squid start/stop/restart can be used after booting

root@ubuntu:~# service squid start

root@ubuntu:~# service squid stop

root@ubuntu:~# service squid restart

3.PNG




You can test to verify if the Squid process is running with the pgrep command. (To get more info about pgrep, use the man command)

root@ubuntu:~# pgrep squid

If it is working you should be getting a response in plain old process ID numbers (see screen shot).

4.PNG


IV. The main configuration file

The main configuration file for squid is squid.conf. This is where you would want to make changes so squid will behave the way you want. To access this file, enter the following command:


root@ubuntu:~# nano /etc/squid/squid.conf


  • note that I am viewing the .conf file with nano.

5.PNG


V. Restricting Web access

You can create access control lists with time parameters. For example, you can allow only business hour access from the home network, while always restricting access to host 192.168.1.23. Enter the lines that begin with ACL at the bottom of the ACL section to restrict hour access.

To restricT access to host 192.168.1.23, enter the lines that begin with HTTP at the top of the HTTP section (See screen shot).

6.png


VI. Restricting access to specific web sites or domain

We are going create 2 lists in files named /usr/local/etc/allowed-sites.squid and /usr/local/etc/restricted-sites.squid. These two list will be included at the end of the ACL section of the squid.conf file to restrict or allow the websites listed in the files.

These will be the steps: Step 1

Create the 2 file lists that will include what site or domain we want to restrict (can be created by using touch). 

/usr/local/etc/allowed-sites.squid /usr/local/etc/restricted-sites.squid

Step 2 Include which sites you want to allow or restrict. Of course you will have to insert them in the right file (allowed-sites.squid or restricted-sites.squid)

Step 3 We finally get to the part where you will use the files created to restrict or allow access. For that, include these highlighted lines at the end of the ACL part. (We kept the same parameters as before, just added the lines to restrict the sites/domain).

7.png


VI. Restrict Web Access by IP Address

We can also create an access control list that restricts web access to user on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0

We just have to insert these lines below:

8.PNG