SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Squid
Primary tabs
Installation
Download the latest stable version of Squid
cd /extra/src
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.3.tar.gz
tar zxf squid-3.5.3.tar.gz
cd squid-3.5.3
Configure Squid as a transparent proxy:
./configure --enable-linux-netfilter --enable-follow-x-forwarded-for
make
make install
Enable the default cache_effective_user, nobody, to access the log directory:
chown nobody:nobody /usr/local/squid/var/logs
Basic Configuration
The default configuration file is /usr/local/squid/etc/squid.conf
. If you are going to proxy requests for your internal network, add a localnet
directive for your internal network (if there isn't one already):
acl localnet src 192.168.0.0/16
If you don't want to cache any data and only log requests through the Squid proxy, you can use the cache access list to make Squid never cache anything:
cache deny all
Automatic startup
We're going to use daemontools. If you haven't already, install daemontools.
Create a directory for the Squid service:
mkdir -m 1755 /var/service/squid
cd /var/service/squid
Create the /var/service/squid/run
script, making sure to change the servername:
#!/bin/sh
rm -f /var/run/squid/squid.pid
exec /usr/local/squid/sbin/squid -N 2>&1
Make the script executable:
chmod 755 run
Our log script comes from John Simpson's:
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
Finally, add the service to daemontools by creating the symbolic link in /service
ln -s /var/service/squid /service/squid
Confirm that the service is running:
svstat /service/squid /service/squid/log
Transparent Proxy
iptables -t nat -A PREROUTING -s SQUIDIP -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
Restarting Squid
To reload Squid after making configuration changes:
/usr/local/squid/sbin/squid -k reconfigure
- Log in to post comments