Pesquisar neste blog

quinta-feira, 20 de março de 2014

Configurando Squid Proxy com ClamAV Antivirus usando HAVP (HTTP Anti Virus Proxy)

HAVP (HTTP Anti Virus Proxy) is a non caching proxy which scans for viruses with ClamAV anti-virus scanner at the same time. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. It can be used with squid or standalone, and it also supports transparent proxy mode.

HAVP (HTTP Anti Virus Proxy) features:
  * HTTP Antivirus proxy
  * Multiple scanner support at the same time
  * Scans complete incomming traffic
  * Nonblocking downloads
  * Smooth scanning of dynamic and password protected traffic
  * Can used with squid or other proxy
  * Parent proxy support
  * Transparent proxy support
  * Use Clamav (GPL antivirus)

Install HAVP
Open up the terminal and type following command to install HAVP:
sudo apt-get install havp
You can look at the detail configuration of HAVP under /etc/havp/havp.config file, most of the settings are fine with the default, finally start HAVP if it didn't start after the installation using following command:
/etc/init.d/havp start
It's ready, by default HAVP listens on port 8080. You can configure your web browser to use the server as a proxy.

Configure Squid to Use HAVP:
Once clamav and HAVP have been setup we need to setup squid to run with HAVP. edit the squid.conf file (/etc/squid/squid.conf) and add the following line
cache_peer 127.0.0.1 parent 8000 0 no-query no-digest no-netdb-exchange default
Finally, we need to start/restart all the services, from command line ..
/etc/init.d/havp start
/etc/init.d/clamd start
/etc/init.d/squid restart
Check here for quick start squid configuration under Ubuntu system


Read more: http://linuxpoison.blogspot.com.br/2010/12/configure-squid-proxy-with-clamav.html#more#ixzz2wVt9Q3pM

Bloqueando extensões mp3, mpg, mpeg, exe files usando Squid proxy server

First open squid.conf file /etc/squid/squid.conf:
# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:
acl blockfiles urlpath_regex “/etc/squid/multimedia.files.acl”
Now create the the file
# vi /etc/squid/multimedia.files.acl
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
Save and close the file and Restart Squid:
# /etc/init.d/squid restart


Read more: http://linuxpoison.blogspot.com.br/search?q=squid#ixzz2wVsLPzFf

Configurando o Squid para usar diferentes links de internet

SQUID is a powerful and fast object cache server. It proxies FTP and WWW sessions making it relatively safe. Squid would be very hard to use to actually compromise the system and runs as a non root user (typically 'nobody'), so generally it's not much to worry about. Your main worry with Squid should be improper configuration. For example, if Squid is hooked up to your internal network (as is usually the case), and the internet (again, very common), it could actually be used to reach internal hosts (even if they are using non-routed IP addresses). Hence proper configuration of Squid is very important.

The simplest way to make sure this doesn't happen is to use Squid's internal configuration and only bind it to the internal interface(s), not letting the outside world attempt to use it as a proxy to get at your internal LAN. In addition to this, firewalling it is a good idea. Fortunately Squid has very good ACL's (Access Control Lists) built into the squid.conf file, allowing you to lock down access by names, IP’s, networks, time of day, actual day. Remember however that the more complicated an ACL is, the slower Squid will be to respond to requests.

Example where requests from 10.0.0.0/24 will be forwarded with source address 10.1.0.1,

10.0.2.0/24 forwarded with source address 10.1.0.2 and the rest will be forwarded with source address 10.1.0.3.

acl abc src 10.0.0.0/24
acl xyz 10.0.2.0/24


tcp_outgoing_address 10.1.0.1 abc
tcp_outgoing_address 10.1.0.2 xyz
tcp_outgoing_address 10.1.0.3

This will prevent anyone from using Squid to probe your internal network.

Read more: http://linuxpoison.blogspot.com.br/search?q=squid#ixzz2wVs2zVKD

Usando autenticação NCSA no Squid

You can configure Squid to prompt users for a username and password. Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file.

1) Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it’s universally readable.

# touch /etc/squid/squid_passwd
# chmod o+r /etc/squid/squid_passwd

2) Use the htpasswd program to add users to the password file. You can add users at anytime without having to restart Squid. In this case, you add a username called nikesh:

# htpasswd /etc/squid/squid_passwd nikeshNew
password:Re-type new password:
Adding password for user nikesh

3) Find your ncsa_auth file using the locate/find command. (different distro stores this file at different locations)

# locate ncsa_auth/usr/lib/squid/ncsa_auth

4) Edit squid.conf; specifically, you need to define the authentication program in squid.conf, which is in this case ncsa_auth. Next, create an ACL named ncsa_users with the REQUIRED keyword that forces Squid to use the NCSA auth_param method you defined previously. Finally, create an http_access entry that allows traffic that matches the ncsa_users ACL entry. Here’s a simple user authentication example; the order of the statements is important:

## Add this to the auth_param section of squid.conf

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

# Add this to the bottom of the ACL section of squid.conf
acl ncsa_users proxy_auth REQUIRED

# Add this at the top of the http_access section of squid.conf
http_access allow ncsa_users

Remember to restart Squid for the changes to take effect.


Read more: http://linuxpoison.blogspot.com.br/search?q=squid#ixzz2wVrOOZ4q