Install the application squid

The steps that I do:

1. Install the application squid
2. Edit the configuration file squid
3. Create a directory and files to blacklist blacklists manually
4. Create a directory and file for error messages in english
5. Check the firewall configuration is applied in the proxy
6. Run Services
7. Test configuration in the proxy and client

Squid configuration file: / etc / squid / squid.conf (my version)

# Squid 2.6.STABLE12
# Author by http://fxekobudi.net

OPTION # NETWORK
# --------------------------
http_port 3128
icp_port 0

OPTION # size of the cache
# --------------------------
cache_mem 256 MB
cache_swap_low 94
cache_swap_high 96
maximum_object_size 16,384 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 2048 KB
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

LOG # DIRECTORY and cache
# --------------------------
cache_dir aufs / var / spool / squid 9000 16 256
access_log / var / log / squid / squid access.log
cache_log / var / log / squid / cache.log
cache_store_log none

Tuning # Proxy Cache
# --------------------------
refresh_pattern ^ ftp:1440 20% 10,080
refresh_pattern ^ gopher: 1440 0% 1440
refresh_pattern. 0 20% 4320
negative_ttl 1 hour

# Times
# --------------------------
half_closed_clients off
# -------------
# Block forbidden sites (blacklists) manually
# -------------
acl noblacklist dstdomain "/ etc / squid / blacklists / no-blacklist.txt"
acl katablacklist url_regex-i "/ etc / squid / blacklists / word-blacklist.txt"
acl domainblacklist dstdomain "/ etc / squid / blacklists / domain-blacklist.txt"
acl ipblacklist etc. "/ etc / squid / blacklists / ip-blacklist.txt"

acl tdkbebasdownload time, 08:00-13:00

# ACCESS CONTROL
# --------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost etc. 127.0.0.0 / 8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # WAIS
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http:
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# -------------
Listing # IP address
# -------------
acl lab1 src 192.168.254.1-192.168.254.40/255.255.255.255
acl staff-it src 192.168.254.41-192.168.254.42/255.255.255.255
acl lab2 src 192.168.254.43-192.168.254.44/255.255.255.255
acl ruang1 src 192.168.1.1-192.168.1.8/255.255.255.255
acl ruang2 src 192.168.1.11-192.168.1.17/255.255.255.255

# -------------
# Block forbidden sites manually
# -------------
http_access allow noblacklist
http_access deny katablacklist
http_access deny domainblacklist
http_access deny ipblacklist

http_access allow manager localhost
http_access deny manager
# -------------
Rule # I apply
# -------------
http_access allow lab1
http_access allow staff-it
http_access allow lab2
http_access allow ruang1
http_access allow ruang2

acl magic_words2 url_regex-i ftp. exe. mp3. vqf. tar.gz. gz. tar.bz2 suffix. bz2. rpm. zip. rar. avi. mpeg. mpe. mpg. qt. ram. rm. raw. wav. iso

# Cancel the download if the file is bigger than 2 MB = 2000 × 1024 bytes = 2048000 bytes
reply_body_max_size 2048000 allow magic_words2 tdkbebasdownload

http_access deny! Safe_ports
http_access deny CONNECT! SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

# Parameters ADMINISTRATOR
# --------------------------
cache_mgr fxekobudi@gmail.com
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.fxekobudi.local

# ERROR MESSAGE IN ENGLISH
# --------------------------
error_directory / usr / share / squid / errors / English

So that the blacklists that can be used manually, make the directory containing the files mentioned in the manual blacklists:
# Mkdir / etc / squid / blacklist
# Cd / etc / squid / blacklist /
# Vim no-blacklist.txt
# Vim word-blacklist.txt
# Vim domain-blacklist.txt
# Vim ip-blacklist.txt
Minimal included one item for each file, because if not, then when we see the error log squid shortly after the service starts, there will be an error not find the item in the file ...

In addition, I also include a configuration error message to the squid proxy in the form of english, so that users in the work place more easily understand my intent ... The idea of this error message and then when I became an inspiration to configure redirect SquidGuard to lead to a file that would make the the root directory of the web server.
To do so, just stay copykan Error messages in English to the location of the error message in Indonesian.

# Cp / usr / share / squid / errors / English / usr / share / squid / errors / English

Sure translate the file-file ...

Solutions to run, just use the command:

# / Sbin / service squid start

Oh yes, you also need to add in the firewall configuration using Iptable that the client is allowed access to the Internet through a proxy, the client requests to the proxy with the IP address listed is allowed through the port 3128 (or 8080) depending on the configuration that you use ... so I remember the first time try, internet connection in the proxy server packing a road, but the shuttlecock clientnya everybody can access, so I actually had a client has not been allowed access to the IP address and the proxy portnya ... Boo. To be able to access the proxy, rule iptable it to / etc / sysconfig / iptables should include this rule: (I use the default firewall configuration Fedora Core)
A-RH-Firewall-1-INPUT-m state-state NEW tcp-m-p tcp-dport 3128-j ACCEPT

To apply the IP forwarding, I edit the file / etc / sysctl.conf and give value 1 (enable) to direktive:
net.ipv4.ip_forward = 0 become net.ipv4.ip_forward = 1