Debian :: How To Setup A Secure Squid Proxy
Jan 13, 2016
I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general.
I already perfomed the following steps:
1.) compile from source
Code: Select all./configure --with-openssl --enable-ssl-crtd
make
make install
2.) configuration (http)
I used this guide: [URL]
3.) configuration (https)
[URL]
The server is now working for http and https, but is the server secure, too? Is the default config already secure or do I need to configure additional security features? (e.g. things like cert validation, cert pinning, [dont know what's importend], ...)
View 0 Replies
ADVERTISEMENT
May 17, 2011
I would like to use my Ubuntu server machine as a proxy so I can browse a little more securely/privately while I am traveling. I connect to a lot of open Wi-FI networks.I have Squid setup on an old laptop running Ubuntu Server 10.10 at home, and the main machine I will be using to connect to the proxy is a computer running Windows Vista.I am able to connect and use the Ubuntu Server machine as a proxy while traveling with the squid config file modified with http access set to 'allow all'.
Obviously this isn't the ideal setting.After lots of reading and Googling I can't figure out how to allow only my Vista laptop to use the proxy.I'm a little lost with the ACL settings required.
View 7 Replies
View Related
May 6, 2011
I have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.
View 5 Replies
View Related
May 19, 2010
I'm using a Debian box as a gateway. I'm planning on bridging my DLink 604T modem/router so that traffic on the LAN goes to my gateway (which only has one NIC). The Debian box is running a PPPoe application which I'm hoping to log into the ISP through the DLink. I plan to configure the box as a squid transparent proxy. Most Howtos I've seen use NAT with 2 NICs, eth0 for the LAN and eth1 for the Internet. Any step-through to set up NAT for this?
View 4 Replies
View Related
Jun 15, 2011
I my office I have configure dhcp in my centos sever
eth0 for adsl-setup
eth1 for lan 172.16.0.4
I am using squid proxy server for internet access,
in my office all are using laptop through wifi , so i need to configure the browser proxy setting for accessing internet.
is there any way to setup automatically get the proxy setting as dhcp. I have tried transparent proxy but no success.
View 3 Replies
View Related
Apr 26, 2011
I'm trying to get https/443 traffic go through squid.
View 3 Replies
View Related
Oct 18, 2010
I'm running a squid server on debian lenny with ntlm_auth.
Everything is working good after following those two tutorials : [url] and [url]
As all was working perfectly i decided to rebbot my server, and after reboot the ntlm-auth was not working anymore.
When i tried to run the command "wbinfo" with many options i had this error message "error looking up domain users" or"error looking up domain group" so i think that the problem deals with winbind module.
I know that proxy user needs rights and that after reboot the rights are reseted, so this problem doesn't come from here.
And when i try to open IE with a client i have this "cache accesss denied" because the ntlm_auth wasn't done.
I tried to restart all services (samba,winbind,squid) without any success, only the "kinit" command is still working...
What is going on with winbind when the server is rebooted ?
View 2 Replies
View Related
Jan 17, 2011
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies
View Related
Dec 9, 2010
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;
[code]....
View 2 Replies
View Related
Jan 29, 2010
I am trying to setup a web-based secure ftp client that can handle not only file transfers to and from one of my company's servers, but also allow new clients of ours to visit our site, create an account of their own and use it to log in and begin transferring files. This way, the users can manage their own accounts.
I don't know a lot about exactly what is running on our server, though I am almost positive it is debian based. I really only have access via ssh and ftp. I may be able to do more in the server room, but haven't tried. I thought about using net2ftp, but that doesn't seem to work with sftp, and also doesn't allow the creation of new users on the server.
Is there anything out there for me??You will undoubtedly require more information from me, so please let me know what it is and where I can find it and I'll get back to you as quickly as I can.
View 3 Replies
View Related
Feb 23, 2011
Please review my webmin Linux firewall. This is a squid proxy / Firewall / Router. Everything works fine until I change that last line to reject or drop all. Then the traffic behind the firewall that is trying to reach the internet gets borked. I can only assume that something is killing the connections to squid. But everything looks right to me. Here is my prerouting. (please ignore the green box) The red box is the action to be taken following the given rule. But I don't think the problem is in prerouting.
View 1 Replies
View Related
Feb 23, 2010
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
View 4 Replies
View Related
Jul 6, 2011
Is my ssl connection secure if I'm going through a proxy. Is it possible to craft a malicious proxy to steal/crack authentication?
View 2 Replies
View Related
Nov 25, 2010
I've been searching for the exact set of tools to accomplish what I need. I was once at a LANparty. I used my webmail account and I think someone stole my password. I realized that the LAN used hubs instead of switches.
So next time, I thought I could run a server at home, which would allow me to connect with SSL (??). Then I would be able to connect to whatever website knowing that I was secure between myself and my home computer. I guess I would need to have a key before a secure connection could be made. Otherwise a "man in the middle" kind of exchange could take place.
So I guess I would need a VPN between myself and my home computer. Then my home computer would act as a proxy to allow me to surf securely. I'm not sure if these are the correct terms to use. Does anyone know what type of server I'm looking for?
View 1 Replies
View Related
Jun 25, 2010
I'm using Ubuntu 10.04, and starting a SOCKS proxy with 'ssh -D', and setting Ubuntu to use it with "System -> Preferences -> Network Proxy". Firefox uses the proxy, and the proxy's IP appears when I visit a site like [URL]. is Firefox resolving DNS requests through this proxy? Is my web-browsing truly secure? (That is, until I exit the other end of the proxy.
I know it's insecure after that.) (And I've verified the keys, I'm not being man-in-the-middled) (And--screw it. You know what I mean. Is it resolving DNS requests through the proxy?)I don't know how I would go about verifying such a thing for myself.Using additional hardware such as another debugging proxy is not an option. If Firefox isn't resolving my DNS requests through the SOCKS proxy, how do I go about fixing it?
View 3 Replies
View Related
Jul 25, 2011
i want to setup squid proxy server at my home. my service provider has ISA server install on its machine. in windows as a client we have to enter proxy settings manually to IE and firefox. but now in squid where i have to define to use this proxy settings. and what about /etc/resolv.conf . my service provider's connection settings are stated as under.:
IP ADDR= 192.168.1.x
subnet mask=255.255.255.0
Proxy= 192.168.1.1 port= 8080
View 1 Replies
View Related
May 4, 2011
i need squid proxy on my centos server. But i just can't get it to work. I did yum install squid. Here is my squid.conf file (i removed all comments):
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
[code].....
View 2 Replies
View Related
Apr 7, 2009
I am trying to configure squid with Fedora 10 to use it as a transparent proxy webcache.Is there any good tutorial you would recommend to a novice?
View 1 Replies
View Related
Feb 7, 2011
I have to use squid proxy server on fedora14 to develop the application/ software based on the Proxy sever analysing and count number of user and downloaded file size... .My main problems are, I'm not able to configure the access.log file in "Common Logfile Format" and how to develop the application
View 1 Replies
View Related
Jan 20, 2011
we having more than 5000 users and will have 7 squid proxy servers with high end configuration upto 4gb ram n 320*5 HD in rhel4&5 most of them complaining that at peak hours their browsing speed is slow but we are having 1gbpgs link at peak hours i.e when established connections r flowing more than 550 browsing gets slow how to do fine tuning are squid is only responsible to access upto 600 connections
View 2 Replies
View Related
Aug 17, 2010
I'm trying to set up squid proxy as a replacement for a cgiproxy perl script.I would like to be able to hit it with a url, and have it pass everything back to the browser, something like URL... much the same way the cgiproxy script works.
This is my first time messing with squid, and I am completely lost. Does anyone have a link to some very detailed step by step instructions on how to do this?Can someone please tell me *which* kind of proxy I'm looking for? I see "interception proxy" or "transparent proxy" and a bunch of other terms thrown around in the docs, but nothing I have seen tells me which of those I'm actually looking for, or if what I'm trying to do is even possible with squid.
View 8 Replies
View Related
May 11, 2010
I have 4 servers running squid/3.1.1 proxy server. Since the latest version I can no longer FTP. I have posted this problem in multiple places but have received almost no response. I've found several other post to this problem throughout the Internet which have also gone unanswered. So, once again, I thought I'd give it a try. As I said "I have 4 servers running the newest version of Squid". When I try to access an ftp, any ftp, I receive an error (check attached image). This was never a problem until just recently. Squid should work perfectly find with ftp, it is not a strictly http proxy.
I turned my firewall off just to make sure, still had the same issue. If I jump directly on the server itself with no proxy settings set in the browser it will work fine. As soon as I set the browser setting to access the Squid software I get the same error. I've included my squid config (which is unchanged from the default settings), maybe somebody better versed than myself can point out an obvious flaw. Everything else seem to work just fine, it's only FTP that's a problem.
View 3 Replies
View Related
Mar 14, 2011
I have a reverse proxy set up with squid. I'm going to try and explain what it's doing and I apologize for it being confusing, I'll do the best I can to describe my problem. First, it's for our phone system. We run a ShoreTel Voip system. The owner has decided he wants me to setup MCM (Mobile Call Manager), which from what I can see is an under developed, and almost impossible to get help with Shoretel software. But he's convinced he needs it for his Iphone. It's supposed to, in a nutshell, turn his Iphone into his work phone with all the advantages and doodads that come with it. Apparently, "they have an app for that". On the server side, I need to setup a reverse proxy back into the network on our phone server. Simple enough, I did this with squid. I used the following lines:
Code:
http_port 80 accel defaultsite=172.17.137.7
cache_peer http://172.17.137.7 parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain http://172.17.137.7
[code]....
Code:
always_direct allow all It most definitely is allowing traffic back to the phone server, the problem is, it hands out my internal server address to the outside client. So for instance, if I connect to the outside routable address with my phone, it will immediately change the url to http://172.17.137.7 which is the inside nat address of my phone server. Which of course doesn't work, since I couldn't browse to that address from the outside. It does however work from the inside of the network, obviously because 172.17.137.7 is accessible from the inside.
View 4 Replies
View Related
Dec 28, 2010
I followed this guide: [URL] and restart the Squid Server with no errors but when I try to SSH into it:
Code:
ssh -L 8080:squidserver:8080 user@squidserver
It just hangs there for a long time, not timing out and eventually (after a long wait) I get this:
Code:
ssh_exchange_identification: Connection closed by remote host
What could be the problem? I can SSH normally into the computer, but not into the proxy server. Do I need to forward the 8080 port on that network?
View 2 Replies
View Related
Sep 28, 2009
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies
View Related
Feb 17, 2010
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?
acl blocksites url_regex yahoo http_access deny blocksites
I have also tried saving some url & filter content in a file and edited configuration as follows,
acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites
The squid-block.acl file contents are, .cricinfo.com mp3
View 4 Replies
View Related
Dec 17, 2009
We have two offices suppose A and B. At office A, we use centos 5.3 computer as router and squid proxy server. At office B we use a cisco router to connect to Internet. Computers at office A that has direct access to Internet can access computers behind cisco router at office B using vnc viewer. But computers at office A that can use internet only through squid proxy can't access computers behind cisco router at office B. Is there any way so that I could allow squid clients to access computer behind cisco router at office B using vnc viewer.
View 3 Replies
View Related
Apr 26, 2011
How to make squid proxy transparent?I have configured a Squid proxy server with some ACLs but we have to check from client side whether those ACLs work or not ,I have to open their firefox and manually enter my machine's i.e. proxy server's ip, only after entering this ip , Those ACLs work properly.But now I want to make it work without manually entering the proxy on clients machine.I guess transparent proxy is the solution, but how to configure it/Please guide me and I am one of the machine in LAN.
View 1 Replies
View Related
Feb 10, 2010
I am a newbie to SQUID.How to configure it and make it active in my system?
View 1 Replies
View Related
Apr 26, 2011
http_port 3128 transparent --> What does this mean? Is this a only thing we do to make Squid Proxy Transparent?
View 2 Replies
View Related
