Saturday, April 10, 2010

Centos - Network Gateway part 3 - Squid ( continued)

    e.    Config allow, deny site
    vim /etc/squid/deny_sites
        www.dantri.com.vn
    vim /etc/squid/allow_site
        www.google.com
        www.google.com.vn
        www.yahoo.com
        vn.yahoo.com
    vim /etc/squid/squid.conf
    Edit rules:
        acl     my_network      src     10.0.0.0/16
        acl     good_site       dstdomain       "/etc/squid/allow_sites"
        acl     bad_site        dstdomain       "/etc/squid/deny_sites"

        http_access             deny    bad_site
        http_access             allow   my_network      good_site
        http_access             deny    all
    Test.
    f. Config Author User:
    useradd u1
    htpasswd -c /etc/squid/squid.passwd u1
    vim /etc/squid/squid.conf
        auth_param      basic   program /usr/lib/squid/ncsa_auth        /etc/squid/squid_passwd

        acl     my_network      src     10.0.0.0/16
        acl     ncsa_users      proxy_auth      REQUIRED

        http_access             allow   my_network ncsa_users
        http_access             deny    all
    g.    Lock file extentions:
    vim lock_files
        \.gif
        \.jpeg
        \.jpg
    vim /etc/squid/squid.conf
        acl     my_network      src     10.0.0.0/16
        acl     lock_files      urlpath_regex   "/etc/squid/lock_files"

        http_access             deny    lock_files
        http_access             allow   my_network
        http_access             deny    all
    h. Filter content by url
    vim /etc/squid/squid.conf
        acl     url_filter      url_regex -i    dantri vnexpress nhanghi

        http_access             deny    url_filter
        http_access             allow   my_network
        http_access             deny    all
       
    Lasest: Config ip_tables to use transparent proxy ( without configuring the web browser)
    vim /etc/squid/squid.conf
        http_port 8080 transparent
    iptables -t nat -A PREROUTING -s 10.0.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables-save > gateway (save )
    Nice tutorial by me :D
---------------------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...