reqirement
1.install squid and squidguard
#sudo apt-get install squid squidguard
2.install winbind and samba server to auth with active directory
3.setting keberos and pam module and join domain
4.setting squid server and squidGuard
5.authicated groups memory and grant access privileges to web site
6.open ip_forward
#vim /etc/sysctl.conf
uncommnet #net.ipv4.ip_forward=1 to net.ipv4.ip_forward=1
#echo "1" > /proc/sys/net/ipv4/ip_forward
7.modify /etc/squid/squid.conf
http_port 60000
icp_port 0
htcp_port 0
cache_mgr mingda.chiang@garmin.com
visible_hostname t3proxy.garmin.com
cache_dir diskd /var/spool/squid 81920 16 256
cache_mem 2048 MB
cache_swap_low 80
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 800 KB
ipcache_size 65536
ipcache_low 80
ipcache_high 95
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
digest_generation off
pipeline_prefetch on
shutdown_lifetime 1 second
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/cache_swap.log
read_timeout 10 minutes
request_timeout 8 minutes
pconn_timeout 60 seconds
ftp_user anonymous
ftp_list_width 64
ftp_passive on
ftp_sanitycheck on
hosts_file /etc/hosts
negative_ttl 2 minutes
authenticate_ttl 2 hours
auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of="csp+tw_enabled" --helper-protocol=squid-2.5-ntlmss
p
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --require-membership-of="csp+tw_enabled" --helper-protocol=squid-2.5-basic
auth_param basic children 3
auth_param basic realm Linkou Proxy
auth_param basic credentialsttl 2 hours
#ACLs
acl password proxy_auth REQUIRED
acl allowusers proxy_auth -i tommylin nicloelin
acl shoppingsites dstdomain "//etc/squid3/shoppingsites"
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl lansrc src 192.168.1.0/255.255.255.0
acl manager proto cache_object
acl Safe_ports port 21 80 82 443 888 1025-65535
acl SSL_ports port 443 2083-2093 8443
acl CONNECT method CONNECT
acl ftp proto FTP
http_access allow shoopingsites allowusers
http_access allow manager garminsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Safe_ports password
http_access allow ftp password
http_access allow lansrc
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Safe_ports password
http_access allow ftp password
http_access allow manager localhost
http_access deny all
snmp_access deny all
icp_access deny all
cache_effective_user proxy
cache_effective_group proxy
header_access Via deny all
header_access X-Forwarded-For deny all
header_access Cache-Control deny all
8.grant permission for squid db
#chgrp proxy /var/run/samba/winbindd_privileged/
#chmod g+rx /var/run/samba/winbindd_privileged/
9.create folder for squid swap
#cd /var/cache
#mkdir squid
#chown proxy:proxy squid/
沒有留言:
張貼留言