Results 1 to 4 of 4

Thread: Basic Squid Config File

  1. #1
    Join Date
    Oct 2013
    Beans
    1

    Basic Squid Config File

    What is the best practice for the squid config file. Do you run the sample config file with 3000+ lines of documentation or do you create a much tighter config with just the lines that you require?

    I've been running with the full config + documentation and I am tried to scrolling and searching to find the lines I need to edit. The full config loads fast and having the documentation is great but seems unnecessary for day to day operation. Opinions??

    -Andrew

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,658
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Basic Squid Config File

    To strip the comments use this command:

    Code:
    sudo grep -v '^#' squid.conf | grep -v '^$' > squid-stripped.conf
    That removes any line beginning with a hash mark, then deletes all empty lines and stores the result in squid-stripped.conf. I find it infinitely easier to manage a file with the just the directives.

    The tilde represents the beginning of the line, and the dollar sign the end. The regular expression '^$' thus matches any empty lines.

    One other useful tip if you use lots of ACLs is to put them in separate files. Here's an example:

    Code:
    acl banned_domains dst "/etc/squid/ACL/banned_domains.conf"
    http_access deny banned_domains
    The banned_domains.conf file has a list of names like "facebook.com". I created a directory "ACL" to keep all those files in one place.
    Last edited by SeijiSensei; October 5th, 2013 at 12:38 AM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Sep 2011
    Beans
    2

    Re: Basic Squid Config File

    Hello there,
    I have configured transparent squid on ubuntu 12.04 enterprise server and it works well when I manually configure proxy on my web browsers. But it users can browse internet without squid configration. My question is: -
    1. How can I configure squid so that clients cannot use Internet with out squid configuration
    2. How can I configure squid so that browsers can automatcally make use of Internet without manual confuguration of squid on each and every browser.

    I am using cisco 2901 router as gateway to the Internet.
    Last edited by Korabza; October 6th, 2013 at 09:18 AM.

  4. #4
    Join Date
    Sep 2006
    Beans
    7,978
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Basic Squid Config File

    Quote Originally Posted by Korabza View Post
    Hello there,
    I have configured transparent squid on ubuntu 12.04 enterprise server and it works well when I manually configure proxy on my web browsers. But it users can browse internet without squid configration. My question is: -
    1. How can I configure squid so that clients cannot use Internet with out squid configuration
    2. How can I configure squid so that browsers can automatcally make use of Internet without manual confuguration of squid on each and every browser.

    I am using cisco 2901 router as gateway to the Internet.
    It's probably better to start a new thread since your question is new and not from the original poster.

    That said, you describe two mutually exclusive scenarios. For the first one, you must have a router or gateway in between the clients and the Internet, using the packet filter and blocking all traffic except to Squid. The second one, it used to be called a transparent proxy, but now it is called an intercepting proxy. When you search for material, keep that difference in mind as old material might not be valid. Again, you have to have a router or gateway in between the clients and the internet, but instead of blocking traffic, it intercepts everything destined for port 80 and routes it to Squid. IIRC the http_port needs to be changed and ACLs set accordingly.

    As to how you get all that onto a Cisco 2901, that's another question. There are some configiration examples at the Squid site for other Cisco models, maybe they work. Actually, thinking about it, Squid does not have to be on the router or gateway itself.
    The Truth Shall Make Ye Fret.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •