apt-get install squid
vim /etc/squid/squid.conf
visible_hostname 192.168.1.100
http_port 3128
acl MyNetwork 192.168.1.0/255.255.255.0
http_access allow Mon_Reseau
auth_param basic program /usr/local/squid/libexec/squid_db_auth --user someuser --password xxxx --plaintext --persist
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
http_access allow db-auth
http_access allow localhost
http_access deny all
auth_param basic program /usr/lib/squid3/squid_radius_auth -h 127.0.0.1 -w testing123
auth_param basic children 5
auth_param basic realm Station Oxtrode, Acces Internet...
auth_param basic credentialsttl 2 hours
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl whitelist dstdomain "/etc/squid/sites.whitelist.txt"
acl UsersGroupA proxy_auth "/etc/squid/groupa.txt"
acl SitesGroupA dstdomain "/etc/squid/sites.a.txt"
acl UsersGroupB proxy_auth "/etc/squid/groupb.txt"
acl SitesGroupB dstdomain "/etc/squid/sites.b.txt"
or
http_access allow http port_80 whitelist
http_access allow http port_80 SitesGroupA UsersGroupA
http_access allow http port_80 SitesGroupB UsersGroupB
# catch-all rule
http_access deny authenticated_users
vim /etc/squid/groupa.txt
user1
user2
user3
vim /etc/squid/groupb.txt
user1
user4
user5
vim /etc/squid/sites.a.txt
.foo.example.com
.bar.example.com
vim /etc/squid/sites.b.txt
.foo.example.com
.gazonk.example.com
sudo /etc/init.d/squid restart
apt-get install ncsa_auth
touch /etc/squid/users
vim /etc/squid/users
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users
auth_param basic children 5
auth_param basic realm Mon proxy
auth_param basic credentialsttl 2 hours
acl Users proxy_auth REQUIRED
http_access allow Mon_Reseau Users
htpasswd -b /etc/squid/users <username> <secretPassw>
CREATE TABLE `passwd` (
`user` varchar(32) NOT NULL default ,
`password` varchar(35) NOT NULL default ,
`enabled` tinyint(1) NOT NULL default '1',
`fullname` varchar(60) default NULL,
`comment` varchar(60) default NULL,
PRIMARY KEY (`user`)
);
vim /etc/ldap.conf
auth_param basic program /usr/lib/squid3/squid_ldap_auth -b ou=Users,dc=orcade -f &((uid=%s)(description=internet)) ldap://10.0.0.21
auth_param basic children 5
auth_param basic realm Station Oxtrode, Acces Internet...
auth_param basic credentialsttl 2 hours
/etc/freeradius/clients.conf
/etc/freeradius/users.conf
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3128
squid -k reconfigure # ou sudo squid3 -k reconfigure
vim /etc/squid/squidguard.conf
DansGuardian for graphical configuration with squid
http://urlblacklist.com/?sec=download
http://wiki.squid-cache.org/ConfigExamples
http://wiki.freeradius.org/guide/HOWTO
YOU SHOULD BE USING OUR BLACKLISTS!.
ReplyDeleteWe are the worlds leading publisher of Squid 'Native ACL' formatted blacklists, that allow for web filtering directly with Squid proxy. Of course we also offer alternative formats for the most widely used third party plugins, such as DansGuardian and Squidguard. And while our blacklists are subscription based, they are as a result of our efforts, of a much higher degree of quality than the free alternatives.
We hope to serve you,
--
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Benjamin thanks for your suggestion !
DeleteI will try it when my company will be larger