SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Revision of Pound from Fri, 05/04/2012 - 11:11
Revisions allow you to track differences between multiple versions of your content, and revert back to older versions.
Installation
Create a directory to work in:
mkdir -p /extra/src
cd /extra/src
Download and unpack the source:
wget http://www.apsis.ch/pound/Pound-2.6.tgz
tar zxf Pound-2.6.tgz
cd Pound-2.6
Configure it, then build and install:
./configure --with-ssl
make
make install
Basic Configuration
Create a config file /usr/local/etc/pound.cfg
for a basic setup to proxy requests to an internal server:
## sample pound.cfg
#
User "nobody"
Group "nobody"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
## check backend every X secs:
Alive 30
## Run in foreground for daemontools startup
Daemon 0
ListenHTTP
Address 1.2.3.4
Port 80
Service
HeadRequire "Host: .*www.server0.com.*"
#Enable WebDAV
xHTTP 2
BackEnd
Address 192.168.0.10
Port 80
End
End
Service
HeadRequire "Host: .*www.server1.com.*"
BackEnd
Address 192.168.0.11
Port 80
End
End
End
Automatic Startup
We're going to use daemontools.
If you haven't already, install daemontools.
Create a directory for the Pound service:
mkdir -m 1755 /var/service/pound
cd /var/service/pound
Create the run script and make it executable:
echo '#!/bin/sh' > run
echo 'exec /usr/local/sbin/pound' >> run
chmod 755 run
Our log script comes from John Simpson:
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
Finally, add the service to daemontools by creating the symbolic link in /service
ln -s /var/service/pound /service/pound
Confirm that the service is running:
svstat /service/pound /service/pound/log
IP addresses and X-Forwarded-for
When running behind the Pound proxy, the web server will see the proxy's IP address as the source of the traffic. To get the actual IP address, adjust the program's logging to use the X-Forwarded-for.
- Apache - edit
/usr/local/apache2/conf/http.conf
and add a new log format for Pound:LogFormat ""%{X-Forwarded-for}i" %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{forensic-id}n"" poundcombined
Then adjust
AccessLog
directive in yourVirtualHost
configuration in
/usr/local/apache2/conf/extra/httpd-vhosts.conf<code>:
<code>
CustomLog /var/websites/domain/logs/domain-access_log poundcombined - Drupal
Edit your site'ssettings.php
file to enable using theX-Forwarded-for
header:$conf['reverse_proxy'] = TRUE;
$conf['reverse_proxy_addresses'] = array('1.2.3.4');
- Log in to post comments