Wednesday, November 30, 2011

Common Squid Requirements - Part 2


7. Set Maximum Download Size

To set the maximum size of a file to be downloaded, the parameter reply_body_max_sizecan be used. The size is calculated in bytes. For example, if the maximum size of download is 50 MB (50*1024*1024 = 52428800), then here's how it is done-


root@firefly:~# vim squid.conf



#### Declaring the ACL ####

acl our_network src 192.168.10.0/24

acl vip src 192.168.10.100




#### Applying the ACL ####

#### Again, the sequence is important ####



reply_body_max_size 0 allow vip

#### the vip has no size restrictions ####



reply_body_max_size 52428800 deny our_network

#### no one in our LAN can download files larger than the limit ####



root@firefly:~# squid -k reconfigure

#### this command can be used to tune squid with last configuration without restarting ####

 

8.Setting Specific Time/Date for Internet Access

The following lines have been taken from the file squid.conf. Each day can be represented by an alphabet. Moreover, browsing time can be limited using h1:m1 – h2:m2 parameters, where h1:m1 > h2:m2.


#acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2

root@firefly:~# vim squid.conf

#### Declaring the ACL ####

acl our_network src 192.168.10.0/24
acl office_hours time SMTWH 09:00-17:00
#### Sunday to Thursday, 9 AM to 5 PM ####

#### Applying the ACL ####

http_access deny !office_hours
#### our LAN is denied Internet outside office hours ####
http_access allow our_network
http_access deny all

root@firefly:~# squid -k reconfigure

9. Setting up Mandatory Authentication for a Page

The first thing that needs to be kept in mind is that this is not compatible with transparent proxy. Although this topic is also covered in Web Server configuration, we would be discussing it nonetheless. We would be needing the apache for the process. Here we go-
  • Installation of package:
    root@firefly:~# apt-get install apache2 #DEBIAN    
    root@firefly:~# yum install httpd #RED HAT
  • Preparing the file for passwords
    root@firefly:~# vim /etc/squid/password_file
    root@firefly:~# chown root:proxy /etc/squid/password_file
    root@firefly:~# chmod 640 /etc/squid/password_file

  • Now would create the users:
    root@firefly:~# htpasswd /etc/squid/password_file username

  • Preparing squid.conf
    #### edit the following section ####
    auth_param basic program /usr/lib/squid/ncsa_auth  /etc/squid/password_file 

    #### declaring the ACL #### 
    acl our_network 192.168.10.0/24 
    acl login proxy_auth REQUIRED

    #### Applying the ACL #### 
    http_access allow our_network login


Now, every time someone opens a web browser, they'd be asked for a user name/password combination to get access to the Internet.

I think that much covers the basic needs of proxy servers in an office/business environment. Also, we have seen a couple of configurations that are not normally needed, but nonetheless, is important to know. I hope this helps.

Finally, Linux ROCKS!!! \m/ ^_^ \m/

0 comments:

Post a Comment