Squid 5.2 Combat Proxy from Scratch Part 2
Setting up the Squid configuration file
Let’s do the basic setup, open /etc/squid/squid.conf
# Аутентификация Kerberos
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/squid.keytab -s proxy_k@YOURDOMAIN.RU
auth_param negotiate children 160 startup=0 idle=1
auth_param negotiate keep_alive off
# Интерфейсы прокси сервера
http_port 192.168.10.100:3128
http_port 127.0.0.1:3128
# В ACL добавляем
acl auth proxy_auth REQUIRED # Доступ всем прошедшим авторизацию
acl localnet src 192.168.10.1/24 # Подсеть компании
# HTTP Access (Доступ всем прошедшим аутентификацию)
http_access allow auth
# Cache (Настройки кэша)
cache_mem 1024 MB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/spool/squid 2048 16 256
maximum_object_size 4 MB
access_log daemon:/var/log/squid/access.log squid
logfile_rotate 31
At this stage, the proxy will already work, but we have not made any settings for accesses and speeds. Save the squid.conf file.
Run the squid -k reconfigurate command. We check.
On a computer from the company network, in the proxy server settings, specify the address of our server:
http/proxy_comp@yourdomain.com
Port: 3128
We go into the browser on a Windows machine and check access to sites.
We look at the authorization logs in /var/log/squid/cache.log
And site access logs in /var/log/squid/access.log