Hi Ranjan,
Tarak Ranjan wrote:
Marcello Romani wrote:
Tarak Ranjan ha scritto:
Hi List,
i have one squid 2.6 proxy server. current situation is as
per browser settings for proxy...
Direct Connection: users are directly connecting to internet, no logs
are coming in access.log. not a single ACL is hitting for them
Autodetect Proxy: same as Direct Connection
Manual proxy: when anyone selecting manual proxy, that time only ACL
and logs everything is coming for the corresponding IP/user.
What i want, WHAT EVER THE CLIENT HAS SELECTED IN THEIR BROWSER.
DIRECT/AUTO/MANUEL , ACL & LOG SHOULD COME. AND ALL THE INTERNET
ACCESS TRAFFIC SHOULD PASS THROUGH SQUID......
Currently you are running a normal forward proxy. The feature that you
want is called Squid runing in "intercepting or transparent mode".
By the way, I guess that you are running Squid on a Linux machine?
For Squid to work in intercepting or transparent mode, you need to
fulfill either 1 of the 2 requirements below:
(1.) This Squid box has to be gateway for your 192.168.1.0/24.
(2.) Of if Squid box is not the gateway, then you need to redirect web
traffic from your router to your Squid box.
If you meet either 1 of the requirements, then you need to redirect web
requests on port 80 to your Squid box on port 8080.
Supposing that this Squid box is also your gateway, IPTABLES is your
tool to do this redirection.
You can run something like the following:
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT
–to-ports 8080
Note: eth1 is the interface of your 192.168.1.0/24 network.
HERE IS MY ACCESS.LOG.....THOSE WHO HAVE SELECTED MANUAL PROXY
1194864803.351 756 192.168.1.40 TCP_MISS/200 394 POST
http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17
text/html
1194864803.566 1414 192.168.1.23 TCP_MISS/200 515 GET
http://us.bc.yahoo.com/b? - DIRECT/203.84.204.69 image/gif
1194864824.677 455 192.168.1.117 TCP_MISS/200 2744 GET
http://sb.google.com/
browsing/update? - DIRECT/72.14.217.91
text/html
1194864827.772 669 192.168.1.108 TCP_MISS/200 2349 GET
http://rad.msn.com/ADSAdClient31.dll? - DIRECT/207.68.178.153 text/html
1194864828.219 60561 192.168.1.154 TCP_MISS/200 668 POST
http://shttp.msg.yahoo.com/notify/ - DIRECT/216.155.194.239 text/plain
1194864828.851 1079 192.168.1.108 TCP_MISS/200 3825 GET
http://ad.doubleclick.net/adj/N3977.MSN_homepage_in/B2559371;sz=234x60;ord=1511213470?
- DIRECT/216.73.87.74 application/x-javascript
1194864828.910 58 192.168.1.108 TCP_IMS_HIT/304 321 GET
http://m1.2mdn.net/879366/flashwrite_1_2.js - NONE/-
application/x-javascript
1194864829.167 257 192.168.1.108 TCP_MISS/304 317 GET
http://m1.2mdn.net/1234724/yahoo_dotcom_234x60.swf? -
DIRECT/125.252.226.32 application/x-shockwave-flash
1194864829.436 225558 192.168.1.40 TCP_MISS/200 3260 GET
http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17
text/plain
HERE IS MY CONFIGURATION FOR THE REFERENCE:
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl blocksites dstdomain "/etc/squid/squid-block.acl"
acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl"
acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny blockfiles
http_access deny blocksites
http_access deny malware_block_list
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lk_network src 192.168.1.0/24
http_access allow lk_network
acl local-servers1 dstdomain liqwidkrystal.com
always_direct deny local-servers1
acl local-servers2 dstdomain lk.com
always_direct deny local-servers2
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
http_port 192.168.1.3:8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_mem 8 MB
cache_dir ufs /var/spool/squid 100 16 256
Personally, I feel that 100 MB is a small cache even if your network may
be small. You can increase it to a value say 1000 or 2000 MB.
By the way, I can't seem to find the Safe_ports ACL in your squid.conf?
Also which Operating system and Squid version are you running?
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 7
pid_filename /var/run/squid.pid
log_fqdn off
ftp_passive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr tarak.ranjan@xxxxxxxxxxxxxxxxx
coredump_dir /var/spool/squid
Looks fine to me.
******* WHAT ARE THE NECESSARY CHANGES I HAVE TO TAKE TO WORK SQUID
AS I MENTIONED ABOVE.
You probably want to setup a transparent proxy...
oh, and btw PLEASE DON'T SHOUT we hear you just fine in lowercase.
thanks.
Sorry to post it again.... i haven't get the answer from the post....
give me some suggestions to make it out
To sum it up, make this Squid box the gateway or redirect web requests
from your router to this Squid box.
Then redirect web requests on port 80 to Squid's port 8080 using the
IPTABLES firewall if your Squid box's operating system is Linux.
Hope that helps.
Thanking you.....
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com