Squid 5.2 Combat Proxy from Scratch Part 2

Setting up the Squid configuration file

Let’s do the basic setup, open /etc/squid/squid.conf

# Аутентификация Kerberos

auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -k /etc/squid/squid.keytab -s proxy_k@YOURDOMAIN.RU

auth_param negotiate children 160 startup=0 idle=1

auth_param negotiate keep_alive off

# Интерфейсы прокси сервера

http_port 192.168.10.100:3128

http_port 127.0.0.1:3128

# В ACL добавляем

acl auth proxy_auth REQUIRED # Доступ всем прошедшим авторизацию

acl localnet src 192.168.10.1/24 # Подсеть компании

# HTTP Access (Доступ всем прошедшим аутентификацию)

http_access allow auth

# Cache (Настройки кэша)

cache_mem 1024 MB

maximum_object_size_in_memory 512 KB

cache_dir ufs /var/spool/squid 2048 16 256

maximum_object_size 4 MB

access_log daemon:/var/log/squid/access.log squid

logfile_rotate 31

At this stage, the proxy will already work, but we have not made any settings for accesses and speeds. Save the squid.conf file.

Run the squid -k reconfigurate command. We check.

On a computer from the company network, in the proxy server settings, specify the address of our server:

http/proxy_comp@yourdomain.com

Port: 3128

We go into the browser on a Windows machine and check access to sites.

We look at the authorization logs in /var/log/squid/cache.log

And site access logs in /var/log/squid/access.log