2022 m. birželio 28 d., antradienis

Squid config

./configure --...
make
make install

--enable-useragent-log
This option enables logging of the HTTP User-Agent

--enable-err-languages ="lang1 lang2 ..."
nstallation directory ($prefix/share/errors).

--enable-linux-netfilter
Enable this option if you want to use HTTP interception with Linux 2.4 or later.

--disable-hostname-checks
Since internationalized domain names are becoming increasingly popular, you may want to use this option to remove the restriction.

--enable-ntlm-auth-helpers =LIST
With this option, you can build one or more of the HTTP NTLM authentication helper programs found in helpers/ntlm_auth.

--enable-external-acl-helpers=LIST
With this option, you can build one or more of the external ACL helper programs
./configure --enable-external-acl-helpers=ip_user,ldap_group

--Rerun .configure
./config.status --recheck


==============================================================
bin/RunCache / bin/RunAccel
RunCache is a shell script you can use to start Squid. If Squid dies, this script
automatically starts it again,

etc/squid.conf.default
/usr/local/squid/var/logs
cache_log /squid/logs/cache.log -debuginant ar viskas gerai
ache_access_log /squid/logs/access.log - client request made to Squid
============DIREKTYVOS==============================
http_port 3128
http_port 8080

su firewall http_port 192.168.1.1:3128

#Leidimas prieiti prie tinklo
acl MyNetwork src 192.168.0.0/16
http_access allow MyNetwork

cache_mgr e@mail.lt

?============?
webmin

=================
#tikrina squid konfiguraciją
squid -k parse 
#Cache initialization
squid -z
#Testing Squid
squid -N -d1
#Running Squid as a Daemon Process
sudo /usr/sbin/squid3 -s

#Reconfigure squid
/usr/sbin/squid3 -k reconfigure

-k econfigure, rotate, shutdown, interrupt, kill, debug,
check, or parse. reconfigure
#Initializes cache
-z


#Leidžia ip
acl leidziamas_ruozas src 192.168.138.0-192.168.138.254
http_access allow leidziamas_ruozas
http_access deny all



--------------KOMANDOS-------------------
#rodo visus procesus
ps ax | grep squid

#automatiskai paleidzia procesa
/etc/rc.local

#rotating log files
For example, this crontab entry rotates the logs every 24 hours, at 4 A.M.:
0 4 * * * /usr/sbin/squid3-k rotate


==============ACL===================
acl Foo url_regex -i ^http://www

acl MyNetwork src 192.168.0.0
acl MyNetwork src 192.168.0.0 10.0.1.0/24 10.0.5.0/24 172.16.0.0/12

=====================================

cache_mgr e@mail.lt

?============?
webmin

=================
#tikrina squid konfiguraciją
squid -k parse 
#Cache initialization
squid -z
#Testing Squid
squid -N -d1
#Running squid
squid -s

#Reconfigure squid
/usr/sbin/squid3 -k reconfigure

-k econfigure, rotate, shutdown, interrupt, kill, debug,
check, or parse. reconfigure
#Initializes cache
-z


#Leidžia ip
acl leidziamas_ruozas src 192.168.138.0-192.168.138.254
http_access allow leidziamas_ruozas
http_access deny all

=============================================

#perkonfiguravimas
/usr/sbin/squid3 -k reconfigure
 /usr/sbin/squid3 -k shutdown
 /usr/sbin/squid -s

#access logai
tail -f /var/log/squid3/access.log

#error logai
 /usr/share/squid3/errors/lt-lt/

#blokuojamos svetaines
 sudo nano /etc/squid3/bad-sites.acl

================================


configuracija
-------------
error_directory  /usr/share/squid3/errors/lt/

#puslapiu blokavimas
acl bad_url dstdomain "/etc/squid3/bad-sites.acl"
http_access deny bad_url

acl bad_keywords url_regex "/etc/squid3/ban_keywords.acl"
http_access deny bad_keywords

acl leidziamas_ruozas src 192.168.138.0-192.168.138.254
http_access allow leidziamas_ruozas
http_access deny all

http_port 9090
cache_dir ufs /var/spool/squid3 100 16 256





-----------------------PVZ-----------------
Normally you want to allow requests from hosts inside your network and block all others. For example, if
your organization is using the 192.168.0.0 subnet, you can use an ACL like this:
acl MyNetwork src 192.168.0.0
If you have many subnets, you can list them all on the same acl line:
acl MyNetwork src 192.168.0.0 10.0.1.0/24 10.0.5.0/24 172.16.0.0/12



config pvz:
acl AccelPort myport 80
acl ProxyPort myport 3128
acl MyNet src 172.16.0.0/22http_access allow AccelPort # anyone
http_access allow ProxyPort MyNet # only my users
http_access deny ProxyPort # deny others