Security: The ability to allow or deny access to external web servers using Access Control Lists (ACL's)
Accounting: Logging all of your clients access to the internet. Reports and statistics can be generated from these logs
Caching: Frequently accessed pages are cached locally and shared by all local web clients. This saves on bandwith on your internet connection.
A working TCP/IP Network including a fully configured DNS (Domain Name Service)
A web client/browser (Netscape in our examples)
rpm -q squid
If Squid is installed, it should report:
squid-2.4.STABLE2-2
If Squid is not installed it will say:
package squid is not installed
If Squid is not installed, then insert CD#1 from your distribution media and type:
rpm -ihv /auto/cdrom/Packages/RPMS/squid-2.4.STABLE2-2.i386.rpm
1) log into Webmin. You can do this by clicking on the Webmin icon on the KDE desktop, or by accessing the following URL: https://localhost:1000/
Log in using the root user and the root password.
2) Click on Servers, then click on Squid Proxy Server
3) Click on Ports and Networking
4) Under Port enter 8080.
5) Press the Save Button
6) Click on Access Control
7) Under Proxy restrictions click on Deny next to word all at the bottom of the list. The list should look like this before making changes:
8) Under Action Click on the Allow button.
9) Click on Save. After making changes, the Proxy Restrictions list will look like:
10) Click on Start Squid. This is the first time squid will be activated.
The proxy is now configured and running!
The above has given full access to all hosts to your proxy server.
NOTE: Giving access to all hosts to your proxy may be a potential security risk. Please ensure that port 8080 is firewalled from remote hosts and/or add client restrictions.
To restrict access to your proxy server to specific clients:
1) Under Access control lists under the Name column, click on all
2) Enter your IP address range you want to allow access to this proxy, with the correct Netmask
3) Click on Save
4) Click on Apply Changes for the changes to take effect.
From Netscape Naviagator 4.7x:
1) Go to the Edit-->Preferences menu
2) Click on Advanced-->Proxies
3) Click on the Manual proxy configuration button.
4) Click on the View button.
5) Under HTTP Proxy enter the IP address or hostname of your proxy server. Under Port enter 8080.
6) Repeat this for FTP Proxy, and Security Proxy.
7) Click OK and then click on OK again.
8) From your browser, open the URL http://www.caldera.com/.
You should see the Caldera International home page.
From Internet Explorer 5.5:
1) Start Internet Explorer.
2) Click on Tools-->Internet Options-->Connections
3) Click on the LAN Settings button
4) Check the Use a proxy server button
5) Enter the hostname or IP address of your proxy server and the port which in our example is 8080
6) Click OK, then click OK again
7) From your browser, open the URL http://www.caldera.com/.
You should see the Caldera International home page.
Preferences-->Systems-->Startup-->Services
Make sure the squid option is checked and press OK.
ACL's allow you to control access to and from your proxy server. For instance you may want to prevent access to certain sites by your employees. The following is an example of this:
Denying access to a particular site based on the hostname
1) From Webmin, enter the Squid Proxy Server configuration and choose Access Control.
2) Under Access Control Lists Select Web Server Regexp from the pulldown menu next to the Create new ACL button.
3) Click on Create new ACL
4) Give the ACL a name. We'll use restricted.
5) Select the regular expression you'd like to search for. We'll use cnn.com in this example
6) Click on the Save button.
7) Under Proxy restrictions click on Add proxy restriction
8) Under Action select Deny and under Match ACLs Highlight restricted. Click on the Save button.
9) Notice that the new restriction you added is at the bottom of the Proxy Restrictions list.
10)As the restrictions are listed in reverse order of priority, we need this restriction to be listed before the Allow all restriction. To do this, click on the up-arrow on the Deny restricted line so that it looks like this:
11) click on Apply Changes
If you now try to access any URL with cnn.com in the hostname, access will be denied.
NOTE: the cnn.com page may be in your browsers cache.
Press the reload or refresh button to attempt to reload the web page from
the internet rather than your browsers local disk cache.
Various tools can be used to analyze these log files. One such tool is Webalizer. Webalizer gives useful statistics in with graphs. The following is a simple Webalizer example:
/usr/bin/webalizer -F squid /var/log/squid.d/access.log
Webalizer will process the logfile and place the results in /var/lib/webalizer/
To view the results type:
/usr/bin/netscape /var/lib/webalizer/index.html
NOTE: Webalizer can also be used to analyze Apache log files. Please refer to the webalizer man page for more information.
Any errors will be reported in /var/log/squid.d/cache.log. If any problems occur, the contents of this log will be of use to your support provider.
Squid Home Page http://www.squid-cache.org/ Squid FAQ http://www.squid-cache.org/Doc/FAQ/ Squid Users Guide http://squid-docs.sourceforge.net/latest/html/book1.htm
Could it be organized more usefully? Did we leave out information you need, or include unnecessary material?
If so, please tell us.
To help us implement your suggestions please email:
including relevant details, such as cookbook title and section name.
NOTE: We cannot provide technical support via the above alias. For answers to technical questions, please contact your Caldera Support Provider or visit http://www.caldera.com/support for details of support offerings that are available to you.
Thank you.
Copyright © 2002, Caldera International. All Rights Reserved Worldwide. Caldera International assumes no responsibility for the accuracy or completeness of the information in this document. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment. Information in this document is subject to change without notice, and does not imply a commitment on the part of Caldera.
Caldera, the Caldera logos, OpenLinux, and Webmin are trademarks or registered trademarks of Caldera International, Inc. in the USA and other countries. Linux is a registered trademark of Linux Torvaldsl Netscape and Netscape Navigator are trademarks or registered trademarks of Netscape Communications Corporation. All other brand and product names are trademarks or registered marks of the respective owners.
Copyright © 2002, Caldera International, Inc. All Rights Reserved Worldwide.
Caldera Legal: http://www.caldera.com/company/legal/