Ubuntu/squid
From r00tedvw.com wiki
(Difference between revisions)
(Created page with "Proxy server<br> Installed on Ubuntu 14.04 Server ==Installation== ~$sudo apt-get update -y && sudo apt-get install squid3 squid3-common -y") |
|||
| (5 intermediate revisions by one user not shown) | |||
| Line 4: | Line 4: | ||
==Installation== | ==Installation== | ||
~$sudo apt-get update -y && sudo apt-get install squid3 squid3-common -y | ~$sudo apt-get update -y && sudo apt-get install squid3 squid3-common -y | ||
| + | |||
| + | ==backup conf== | ||
| + | ~/etc/squid3$ sudo cp squid.conf squid.conf.bak | ||
| + | |||
| + | ==Edit Configuration== | ||
| + | edit the config file and add a hostname | ||
| + | ~/etc/squid3/squid3.conf | ||
| + | 4751 visible_hostname proxy.domain | ||
| + | allow everyone to access the proxy (controlled through iptables instead) | ||
| + | 1060 http_access allow all | ||
| + | <br> | ||
| + | ====cache settings==== | ||
| + | uncomment the following to add caching. changing 100 > 250 for the max size | ||
| + | 3001 cache_dir ufs /var/spool/squid3 250 16 256 | ||
| + | |||
| + | ====privacy config settings==== | ||
| + | adding additional settings to help mask proxy IP | ||
| + | #Privacy Things | ||
| + | header_access X-Forwarded-For deny all | ||
| + | via off | ||
| + | forwarded_for off | ||
| + | follow_x_forwarded_for deny all | ||
| + | ==iptables== | ||
| + | restrict access via iptables. Add an implicit deny for INPUT, but only after you've given yourself appropriate access to at least ssh. | ||
| + | ~$sudo iptables -A INPUT -s [ip address/range] -p tcp --dport 3128 -j ACCEPT | ||
Latest revision as of 19:38, 22 June 2014
Proxy server
Installed on Ubuntu 14.04 Server
Contents |
[edit] Installation
~$sudo apt-get update -y && sudo apt-get install squid3 squid3-common -y
[edit] backup conf
~/etc/squid3$ sudo cp squid.conf squid.conf.bak
[edit] Edit Configuration
edit the config file and add a hostname
~/etc/squid3/squid3.conf 4751 visible_hostname proxy.domain
allow everyone to access the proxy (controlled through iptables instead)
1060 http_access allow all
[edit] cache settings
uncomment the following to add caching. changing 100 > 250 for the max size
3001 cache_dir ufs /var/spool/squid3 250 16 256
[edit] privacy config settings
adding additional settings to help mask proxy IP
#Privacy Things header_access X-Forwarded-For deny all via off forwarded_for off follow_x_forwarded_for deny all
[edit] iptables
restrict access via iptables. Add an implicit deny for INPUT, but only after you've given yourself appropriate access to at least ssh.
~$sudo iptables -A INPUT -s [ip address/range] -p tcp --dport 3128 -j ACCEPT
