Saturday, July 30, 2011

Squid behing proxy server (parent proxy)

Hi all,

Its been a long time since i posted stuff. Anyways some time we need to configure Squid to work behind another proxy server (I needed the same to bypass the internet timing restrictions imposed on us). Although lot of guides exists for the same still some configuration is required which one needs to figure out. Here i give the basic configuration which you can do to place squid behind another proxy.

WARNING : Using a proxy server hosted by some one else for the sake of just bypassing some restrictions might lead to Man in the middle attack, even on SSL enabled sites. Its better to have your own proxy for that sake.



Download Squid from http://wiki.squid-cache.org/SquidFaq/BinaryPackages or use package managers in linux.

Carefull :- Don't install all the versions from synaptic. only one version of squid must be running else you will have an error. This is working as of 10 Aug 2011.


Configuration settings in file located in squid directory (/etc/squid/squid.conf in linux or squid.conf in instaleld directory in windows, rename squid.conf.default to squid.conf if it exists in some versions) . Take a backup before any updations.
  1. Look for a string "http_access deny all" and comment it, It basically Restricts Http access from all but some machines which are listed just above this command. You can define your own ACL and use "http_access allow youracl" or just "http_access allow all"
  2. To hide the hostname visible outside from your computer name, find the "visible_hostname" Tag, just below default add "visible_hostname myproxyname"

    It looks like

    #  TAG: visible_hostname
    #       If you want to present a special hostname in error messages, etc,
    #       define this.  Otherwise, the return value of gethostname()
    #       will be used. If you have multiple caches in a cluster and
    #       get errors about IP-forwarding you must set them to have individual
    #       names with this setting.
    #
    #Default:
    visible_hostname myproxyname
  3.  In the end of file add lines

    Replace hostname with your proxy host, similar for port, give icp.port as 0 for disabling local cahich protocol (more conf is required to enable it, i am skipping that here)

    cache_peer [hostname] parent [proxy.port] [icp.port] no-query no-digest default login=username:password


    never_direct allow all


    (login=username:password is in the same line as cache_peer, or use line continuation symbol, or skip it if not required)
  4. If you wan to change the default port number of proxy (3128), modify the lines
    # Squid normally listens to port 3128
    http_port 3128


    To what ever you want.
  5. The never_direct directive says that all links accessed through this proxy server must not be sent directly but rather over parent proxy. you can do additonal conf here. Like directing different sites to different proxy or going directly to those sites.
  6. Also multiple parent proxy can be specified. I am looking to handle parent proxy error messages, instead of passing to user proxy must skip to next in schedule (See Link http://gwagit.wordpress.com/2011/04/02/using-a-parent-proxy-with-squid/ ) for more info here.

    Like other services use /etc/init.d/squid restart , or restart service manually in windows after configuration change. Might need root permissions to change the file and restart the service.


    References:
    1. http://gwagit.wordpress.com/2011/04/02/using-a-parent-proxy-with-squid/
    2. http://eitwebguru.com/configure-multiple-ip-for-squid-proxy-server-hide-version-and-hostname/
    3. http://www.reaper-x.com/2006/07/18/complete-guide-on-installing-and-configuring-squid-proxy-server-for-windows/
    4. Some thinking :P

    Thanx for reading:)

    Always have your stuff when you need it with @Dropbox. Sign up for free! http://db.tt/V9f0DFoI

11 comments:

  1. The proxy site is very important for the business people because the proxy give the protection for the website and they can protect the site from unauthorized people which they can want to access it. Torrentz UK proxy

    ReplyDelete
  2. I'm really impressed with your writing skills and also with the format on your weblog. Holborn Assets

    ReplyDelete
  3. I look the site it was a very good and very informative in many aspects thanks for share such a nice work. Professional Adviser, Professional Adviser, Professional Adviser, Professional Adviser.

    ReplyDelete
  4. Incredible articles and awesome design. Your blog entry merits the greater part of the positive input it"s been getting. Use Kidslox app

    ReplyDelete
  5. What is guild hosting? It's really a specialized hosting service that can offer host services on the gaming community. ark server hosting

    ReplyDelete