Transparent proxy with squid 3.1 on RHEL 6

linux rhel proxy squid
13,979

Solution 1

Put this in your squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# acl lan src 192.168.1.1 192.168.2.0/24 # configure this for your lan settings
http_access allow localhost
http_access allow lan

and make sure you have setup the iptables on your squid server.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

For more find out HOWTO at http://tldp.org/HOWTO/TransparentProxy.html

Solution 2

dns_nameservers 182.190.0.21 182.176.39.17 192.168.1.100
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
#acl M1 arp 00:18:8B:28:DD:7F
#acl M2 arp 00:21:9b:d3:d8:de
#http_access allow M1
#http_access allow M2
#http_access deny all
#http_port 80
#httpd_accel_host 127.0.0.1
#http_accel_port 80
http_port 80 accel defaultsite=proxy.shancomputers.com vhost
forwarded_for on
#httpd_accel_single_host on
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header off


icp_access allow all






#cache_peer 127.0.0.1 parent 3128 0 no-query default

acl web_ports port 80
http_access allow web_ports
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
hierarchy_stoplist cgi-bin ?





memory_replacement_policy lru
cache_replacement_policy heap LFUDA

#upgrade_http0.9 deny shoutcast
#acl all src all
unique_hostname proxy.shancomputers.com
visible_hostname proxy.shancomputers.com
cache_mgr [email protected]

acl dp url_regex -i \.mp3$ \.wmv$ \.avi$ \.wma$ \.mpe?g$
acl dp1 rep_mime_type video/flv
acl youtube dstdomain .youtube.com
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 192.168.1.0/24
acl MSN_methods method CONNECT
acl numconn maxconn 6
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl POST method POST
acl CONNECT method CONNECT
acl GET method GET
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

acl apache rep_header Server ^Apache
acl QUERY urlpath_regex cgi-bin \?
#---------------------------------------------------------------------
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
http_access allow MSN_methods MSN_ports MSN_hosts
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.1:3128 transparent

#http_port 192.168.1.1:8080 transparent




#---------------------------------------------------------------------

#memory_cache_mode always
acl FTP proto FTP
always_direct allow FTP
miss_access allow all
#--------------------------------------------------------------------
cache_store_log /var/log/squid/store.log
no_cache deny QUERY
no_cache deny POST

#---------------------------------------------------------------------
request_header_max_size 100 MB
maximum_object_size 96 MB


refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$       0       20%     2880
refresh_pattern .              9999    99%    99990 override-expire reload-into-ims override-lastmod
refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2
refresh_pattern \? 1 20% 2
refresh_pattern \.gif$ 10080 90% 43200
refresh_pattern \.jpg$ 10080 90% 43200
refresh_pattern \.bom\.gov\.au 30 20% 120
refresh_pattern \.html$ 480 50% 22160
refresh_pattern \.htm$ 480 50% 22160
refresh_pattern \.class$ 10080 90% 43200
refresh_pattern \.zip$ 10080 90% 43200
refresh_pattern \.jpeg$ 10080 90% 43200
refresh_pattern \.mid$ 10080 90% 43200
refresh_pattern \.shtml$ 480 50% 22160
refresh_pattern \.exe$ 10080 90% 43200
refresh_pattern \.thm$ 10080 90% 43200
refresh_pattern \.wav$ 10080 90% 43200
refresh_pattern \.txt$ 10080 90% 43200
refresh_pattern \.cab$ 10080 90% 43200
refresh_pattern \.au$ 10080 90% 43200
refresh_pattern \.mov$ 10080 90% 43200
refresh_pattern \.xbm$ 10080 90% 43200
refresh_pattern \.ram$ 10080 90% 43200
refresh_pattern \.avi$ 10080 90% 43200
refresh_pattern \.chtml$ 480 50% 22160
refresh_pattern \.thb$ 10080 90% 43200
refresh_pattern \.dcr$ 10080 90% 43200
refresh_pattern \.bmp$ 10080 90% 43200
refresh_pattern \.phtml$ 480 50% 22160
refresh_pattern \.mpg$ 10080 90% 43200
refresh_pattern \.pdf$ 10080 90% 43200
refresh_pattern \.swf$ 10080 90% 43200
refresh_pattern \.mp3$ 10080 90% 43200
refresh_pattern \.ra$ 10080 90% 43200
refresh_pattern \.spl$ 10080 90% 43200
refresh_pattern \.viv$ 10080 90% 43200
refresh_pattern \.doc$ 10080 90% 43200
refresh_pattern \.gz$ 10080 90% 43200
refresh_pattern \.Z$ 10080 90% 43200
refresh_pattern \.tgz$ 10080 90% 43200
refresh_pattern \.tar$ 10080 90% 43200
refresh_pattern \.vrm$ 10080 90% 43200
refresh_pattern \.vrml$ 10080 90% 43200
refresh_pattern \.aif$ 10080 90% 43200
refresh_pattern \.aifc$ 10080 90% 43200
refresh_pattern \.aiff$ 10080 90% 43200
refresh_pattern \.arj$ 10080 90% 43200
refresh_pattern \.c$ 10080 90% 43200
refresh_pattern \.cpt$ 10080 90% 43200
refresh_pattern \.dir$ 10080 90% 43200
refresh_pattern \.dxr$ 10080 90% 43200
refresh_pattern \.hqx$ 10080 90% 43200
refresh_pattern \.jpe$ 10080 90% 43200
refresh_pattern \.lha$ 10080 90% 43200
refresh_pattern \.lzh$ 10080 90% 43200
refresh_pattern \.midi$ 10080 90% 43200
refresh_pattern \.movie$ 10080 90% 43200
refresh_pattern \.mp2$ 10080 90% 43200
refresh_pattern \.mpe$ 10080 90% 43200
refresh_pattern \.mpeg$ 10080 90% 43200
refresh_pattern \.mpga$ 10080 90% 43200
refresh_pattern \.pl$ 10080 90% 43200
refresh_pattern \.ppt$ 10080 90% 43200
refresh_pattern \.ps$ 10080 90% 43200
refresh_pattern \.qt$ 10080 90% 43200
refresh_pattern \.qtm$ 10080 90% 43200
refresh_pattern \.ras$ 10080 90% 43200
refresh_pattern \.sea$ 10080 90% 43200
refresh_pattern \.sit$ 10080 90% 43200
refresh_pattern \.tif$ 10080 90% 43200
refresh_pattern \.tiff$ 10080 90% 43200
refresh_pattern \.snd$ 10080 90% 43200
refresh_pattern \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
refresh_pattern \.iso$ 10080 90% 43200
#------------------------------------------------------------------------
range_offset_limit 0 KB
#---------------------------------------------------------------------------
hosts_file /etc/hosts
coredump_dir /var/spool/squid
#----------------------------------------------------------------------------
quick_abort_min 1024 KB
quick_abort_max 2048 KB
quick_abort_pct 90
cache_effective_user squid
cache_effective_group squid

cache_dir ufs /var/spool/squid 20000 16 256
cache_mem 1024 MB
fqdncache_size 1024
request_body_max_size 100 KB
Share:
13,979

Related videos on Youtube

Kumar
Author by

Kumar

Working as System Administrator at Coimbatore based Company

Updated on September 18, 2022

Comments

  • Kumar
    Kumar over 1 year

    We have nearly 50 systems with windows XP and have Linux (RHEL6) for server.

    Also have squid 3.1 , Samba and Apache for local use.

    Under proxy, VPN and outlook express does not connected. I heard that transparent proxy will fix this problem. I have tried steps from internet and stack-exchange. But i can't fix this issue fully. Please give clear configuration file and configuration for IpTables.

    Here my squid conf file.

    #
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localinternet src 10.1.1.0/24
##acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
##acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
##acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
##acl localnet src fc00::/7           # RFC 4193 local private network range
##acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines
#
# Special IP List
acl special src "/etc/squid/special.txt"                # All Access IPs
# Allowed IP List
acl d_unlimited src "/etc/squid/d_unlimited.txt"        # Full Download access
acl u_unlimited src "/etc/squid/u_unlimited.txt"        # Full Upload access
acl allow_proxy src "/etc/squid/allow_proxy.txt"        # Allow Proxy
acl allow_social src "/etc/squid/allow_social.txt"      # Allow Social networking
acl allow_tutorial src "/etc/squid/allow_tutorial.txt"  # Allow Tutorial
acl allow_movie src "/etc/squid/allow_movie.txt"        # Allow Jobs
acl allow_jobs src "/etc/squid/allow_jobs.txt"          # Allow Movie
acl allow_sex src "/etc/squid/allow_sex.txt"            # Allow Sex
#
# Blocked Keys
#
acl goodkey url_regex "/etc/squid/goodkey.txt"
acl proxy url_regex "/etc/squid/proxy.txt"
acl social url_regex "/etc/squid/social.txt"
acl tutorial url_regex "/etc/squid/tutorial.txt"
acl movie url_regex "/etc/squid/movie.txt"
acl jobs url_regex "/etc/squid/jobs.txt"
acl sex url_regex "/etc/squid/sex.txt"
#
# Upload/Download Limit
#
request_body_max_size 2000 KB localinternet !u_unlimited
reply_body_max_size 6000 KB localinternet !d_unlimited
#
#
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#
# Allow all / Allow Good keys
http_access allow special
http_access allow goodkey
#
# Allow  Proxy Sites
#
http_access allow allow_proxy proxy
#
# Allow Social Networking
#
http_access allow allow_social social
#
# Allow Tutorials
http_access allow allow_tutorial tutorial
#
# Allow Movie
http_access allow allow_movie movie
#
# Allow Jobs
http_access allow allow_jobs jobs
#
# Allow Sex
http_access allow allow_sex sex
#
# Allow List
http_access allow localinternet !proxy !social !tutorial !movie !jobs !sex
#
# Local Host
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
    • nass
      nass about 10 years
      trnsparent proxy should not be connected to VPN in any way, unless you run your vpn server on tcp port 80, which would mess things up in a number of ways (and so you should avoid it). You may have some other (firewall?) problem and you have problems with vpn and outlook express.
  • Kumar
    Kumar over 12 years
    2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:4 unrecognized: 'httpd_accel_host' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'httpd_accel_port' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:6 unrecognized: 'httpd_accel_with_proxy' 2012/01/18 08:39:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'httpd_accel_uses_host_header' 2012/01/18 08:39:04| Initializing https proxy context
  • Kumar
    Kumar over 12 years
    Getting about error and squid start getting failed
  • Kumar
    Kumar over 12 years
    Those all are not available for squid 3.1
  • Kumar
    Kumar about 12 years
    @ Nouman Qaiser, What about iptable rules ? What changes i want to do in iptables ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Squid time based ACL
Squid3 proxy Cannot write log file
FATAL: Failed to make swap directory /var/cache/squid: (13) Permission Denied
Squid3 Caching websites works but not for large files despite max size 6GB
Squid running in intercept mode on same machine as browser keeps giving access denied
how to find out the clients connects to the proxy server in redhat linux
How to route all local trafic to Squid?
Automatic Proxy Discovery wpad.example.com doesn't work
How to setup equivalent USVIDEO.ORG DNS-Proxy on Linux
Force clients to use proxy