Difference between revisions of "Configuring squid with Squish"

From Notes_Wiki
m
m
Line 5: Line 5:
#Verify that proxy server is working properly without squash
#Verify that proxy server is working properly without squash
#yum -y install perl-CGI perl-GD
#yum -y install perl-CGI perl-GD
#Download latest version of squash from http://www.ledge.co.za/software/squint/squish/
#Download latest version of squash from http://www.mcgill.org.za/software/squish/
#tar xzf squish.tar.gz
#tar xzf squish.tar.gz
#cd squish-<version>
#cd squish-<version>

Revision as of 04:38, 12 June 2017

<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb>

Configuring squid with Squish

To configure squid with Squish use following steps:

  1. Verify that proxy server is working properly without squash
  2. yum -y install perl-CGI perl-GD
  3. Download latest version of squash from http://www.mcgill.org.za/software/squish/
  4. tar xzf squish.tar.gz
  5. cd squish-<version>
  6. make install
  7. cp /usr/local/squish/apache-squish.conf /etc/httpd/conf.d
  8. edit /etc/squid/squid.conf
    1. replace hostname appropriately as necessary
    2. Move lines from 'added by squish (begin)' to end before generic 'http_access allow' line
  9. edit /etc/squid/squish.conf and set something like
    #Try higher limit for saurabh.barjatiya
    saurabh.barjatiya 5Gb/day 50Gb/week
    #Generic limit for everyone else
    * 2Gb/day 10Gb/week
    Comment all other existing lines
  10. service squid restart
  11. service httpd restart
    Note that squid restart is only required once. Later just changed squish.conf and new settings will get automatically applied

Test by running '/usr/local/squish/squish.cron.sh' manually. This line in present in /etc/crontab. Based on this /etc/squid/squished file is generated by cron once every five minutes.

Example squid configuration with both squish and LDAP authentication

Example configuration with LDAP authentication is:

#Saurabh - Require http authentication for all
auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=sbarjatiya,dc=com" -f "uid=%s" -h ldap.sbarjatiya.com
acl ldapauth proxy_auth REQUIRED

### added by squish (begin)
# acl's for squish - autodetected, sometimes
acl SQUISHLOC dst proxy.sbarjatiya.com
acl SQUISHED1 proxy_auth -i "/etc/squid/squished"
# acl SQUISHED2 ident    "/etc/squid/squished"
#acl SQUISHED3 src        "/etc/squid/squished"
# Error info that says you're squished
deny_info http://proxy.sbarjatiya.com/squish/?squished& SQUISHED1
# deny_info http://proxy.sbarjatiya.com/squish/?squished& SQUISHED2
deny_info http://proxy.sbarjatiya.com/squish/?squished& SQUISHED3
# HTTP access controls for squish
http_access allow SQUISHLOC
http_access allow ldapauth !SQUISHED1
 http_access deny SQUISHED1
# http_access deny SQUISHED2
#http_access deny SQUISHED3
### added by squish (end)

http_access allow ldapauth



squish setup on CentOS 7.0

Compared to above steps on CentOS 7.0 use following additional steps:

  1. Edit /usr/local/squish/squish.pl and change reload command to:
    systemctl reload squid
  2. Edit /etc/httpd/conf.d/apache-squish.conf to have
    Require all granted

<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb>