208.3. Implementing a proxy server

208.3 Implementing a proxy server

Weight: 2
Description: Candidates should be able to install and configure a proxy server, including access policies, authentication and resource usage.
Key Knowledge Areas:
    Squid 3.x configuration files, terms and utilities
    Access restriction methods
    Client user authentication methods
    Layout and content of ACL in the Squid configuration files
Terms and Utilities:
    squid.conf
    acl
    http_access
In this light weight lesson we talk about squid proxy server. Squid has a giant configuration file and covering all aspect of that needs spending more time, but for this course we just discuss about items which are important for LPIC2 exam.

What is a proxy server?

A proxy server is a computer that acts as an intermediary between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. There are many reasons why we might want to include a proxy server on our network:
    To share internet connection on a LAN
    To speed up internet surfing
    To hide the IP address of the client computer for anonymous surfing
    To implement internet access control
    To scan outbound content
    To circumvent regional restrictions
Clearly some of the above reasons are perfectly fitting for a business and some others do not.Regardless, knowing how to install and configure a proxy server is a must-have skill for a network administrator.

What is squid ?

Squid is a free and open-source full featured web proxy cache server released under GPL 3, which can be used in many other ways like a web server caching daemon to speed up websites loading, cache DNS lookups, filter the traffic and many other network protocols, right now, Squid server supports HTTP and FTP protocols, there is a limited support to other protocols like TLS and SSL, it was first released in 1996.

Installing Squid

Lets install squid on CentOS7 and see what does really look like:
1
[[email protected] ~]# yum install squid
2
3
[[email protected] ~]# rpm -ql squid | grep etc
4
/etc/NetworkManager/dispatcher.d/20-squid
5
/etc/httpd/conf.d/squid.conf
6
/etc/logrotate.d/squid
7
/etc/pam.d/squid
8
/etc/squid
9
/etc/squid/cachemgr.conf
10
/etc/squid/cachemgr.conf.default
11
/etc/squid/errorpage.css
12
/etc/squid/errorpage.css.default
13
/etc/squid/mime.conf
14
/etc/squid/mime.conf.default
15
/etc/squid/squid.conf
16
/etc/squid/squid.conf.default
17
/etc/sysconfig/squid
Copied!
The current version of squid server is version 3 , so based on our distribution we might need to mention that or version 3 will be automatically installed.

/etc/squid/squid.conf

The default configuration file for squid is located under /etc/squid3/squid.conf or /etc/squid/squid.conf.
1
[[email protected] ~]# cd /etc/squid/
2
[[email protected]-2 squid]# ls -l
3
total 48
4
-rw-r--r--. 1 root squid 692 Apr 10 2018 cachemgr.conf
5
-rw-r--r--. 1 root root 692 Apr 10 2018 cachemgr.conf.default
6
-rw-r--r--. 1 root root 1817 Apr 10 2018 errorpage.css
7
-rw-r--r--. 1 root root 1817 Apr 10 2018 errorpage.css.default
8
-rw-r--r--. 1 root root 12077 Apr 10 2018 mime.conf
9
-rw-r--r--. 1 root root 12077 Apr 10 2018 mime.conf.default
10
-rw-r-----. 1 root squid 2315 Apr 10 2018 squid.conf
11
-rw-r--r--. 1 root root 2315 Apr 10 2018 squid.conf.default
Copied!
This file contains some configuration directives that needs to be configured to affect the behavior of the Squid.
1
[[email protected] squid]# cat squid.conf
2
#
3
# Recommended minimum configuration:
4
#
5
6
# Example rule allowing access from your local networks.
7
# Adapt to list your (internal) IP networks from where browsing
8
# should be allowed
9
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
10
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
11
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
12
acl localnet src fc00::/7 # RFC 4193 local private network range
13
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
14
15
acl SSL_ports port 443
16
acl Safe_ports port 80 # http
17
acl Safe_ports port 21 # ftp
18
acl Safe_ports port 443 # https
19
acl Safe_ports port 70 # gopher
20
acl Safe_ports port 210 # wais
21
acl Safe_ports port 1025-65535 # unregistered ports
22
acl Safe_ports port 280 # http-mgmt
23
acl Safe_ports port 488 # gss-http
24
acl Safe_ports port 591 # filemaker
25
acl Safe_ports port 777 # multiling http
26
acl CONNECT method CONNECT
27
28
#
29
# Recommended minimum Access Permission configuration:
30
#
31
# Deny requests to certain unsafe ports
32
http_access deny !Safe_ports
33
34
# Deny CONNECT to other than secure SSL ports
35
http_access deny CONNECT !SSL_ports
36
37
# Only allow cachemgr access from localhost
38
http_access allow localhost manager
39
http_access deny manager
40
41
# We strongly recommend the following be uncommented to protect innocent
42
# web applications running on the proxy server who think the only
43
# one who can access services on "localhost" is a local user
44
#http_access deny to_localhost
45
46
#
47
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
48
#
49
50
# Example rule allowing access from your local networks.
51
# Adapt localnet in the ACL section to list your (internal) IP networks
52
# from where browsing should be allowed
53
http_access allow localnet
54
http_access allow localhost
55
56
# And finally deny all other access to this proxy
57
http_access deny all
58
59
# Squid normally listens to port 3128
60
http_port 3128
61
62
# Uncomment and adjust the following to add a disk cache directory.
63
#cache_dir ufs /var/spool/squid 100 16 256
64
65
# Leave coredumps in the first cache dir
66
coredump_dir /var/spool/squid
67
68
#
69
# Add any of your own refresh_pattern entries above these.
70
#
71
refresh_pattern ^ftp: 1440 20% 10080
72
refresh_pattern ^gopher: 1440 0% 1440
73
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
74
refresh_pattern . 0 20% 4320
Copied!
The file in Ubuntu is so huge cause of its rich documents.Lets take a look at important ones:
port [mode] [options]
This is the default port for the HTTP proxy server, by default it is 3128
cache_mem [bytes]
Defines the amount of memory Squid can use for cache. The default is 256 MB and it is commented out. This does not specify the memory usage of Squid and may be exceeded.
maximum_object_size_in_memory [bytes]
Objects greater than this size will not be attempted to kept in the memory cache. This should be set high enough to keep objects accessed frequently in memory to improve performance whilst low enough to keep larger objects from hoarding cache_mem. And the default size is 512 KB.
cache_dir aufs Directory-Name Mbytes L1 L2 [options]
The entry cache_dir defines the directory where all the objects are stored on disk. The numbers at the end indicate the maximum disk space in MB to use and the number of directories in the first and second level. "ufs" is the old well-known Squid storage format that has always been there. By default disk caching is not turned on and we can enable it by commenting it out.
cache_dir ufs /var/cache/squid/ 100 16 256 : The default is 100 MB occupied disk space in the /var/cache/squid directory and creation of 16 subdirectories inside it, each containing 256 more subdirectories.
maximum_object_size [bytes]
Set the default value for max-size parameter on any cache_dir. The value is specified in bytes, and the default is 4 MB.
And after doing some configurations (as en example here we have turned on disk cache) we need to restart squid service :
1
[[email protected] ~]# systemctl status squid.service
2
● squid.service - Squid caching proxy
3
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
4
Active: inactive (dead)
5
[[email protected] ~]# systemctl start squid.service
6
[[email protected] ~]# systemctl status squid.service
7
● squid.service - Squid caching proxy
8
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
9
Active: active (running) since Wed 2018-10-10 11:49:42 EDT; 10s ago
10
Process: 35580 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
11
Process: 35571 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
12
Main PID: 35582 (squid)
13
CGroup: /system.slice/squid.service
14
├─35582 /usr/sbin/squid -f /etc/squid/squid.conf
15
├─35584 (squid-1) -f /etc/squid/squid.conf
16
└─35588 (logfile-daemon) /var/log/squid/access.log
17
18
Oct 10 11:49:42 centos7-2 systemd[1]: Starting Squid caching proxy...
19
Oct 10 11:49:42 centos7-2 squid[35582]: Squid Parent: will start 1 kids
20
Oct 10 11:49:42 centos7-2 squid[35582]: Squid Parent: (squid-1) process 35584 started
21
Oct 10 11:49:42 centos7-2 systemd[1]: Started Squid caching proxy.
22
23
[[email protected] ~]# telnet localhost 3128
24
Trying ::1...
25
Connected to localhost.
26
Escape character is '^]'.
27
helo
28
........
Copied!
And as a next step we need to configure our browser to goes trough proxy server (we use the same computer for our demonstration):
And if you like browsing in terminal with programs like lynx:
1
[[email protected] squid]# export http_proxy=http://192.168.52.135:3128
Copied!
Well, for testing purpose we need to show the speed of web surfing in our browser which is not possible here. Do not forget that each web browser has a local cache and try to clear that before reloading a page again and again.

ACLs(Access Control Lists)

ACLs allow us to restrict the access to websites, and / or monitor the access on a per user basis. We can restrict access based on day of week or time of day, or domain, for example.
The access control scheme of the Squid web proxy server consists of two different components:
1-The ACL elements are directive lines that begin with the word “acl” and represent types of data that are performed against any request transaction.
acl aclname acltype argument ...
1
acl SSL_ports port 443
2
acl Safe_ports port 80 # http
3
acl Safe_ports port 21 # ftp
4
acl Safe_ports port 443 # https
5
acl Safe_ports port 70 # gopher
6
acl Safe_ports port 210 # wais
7
acl Safe_ports port 1025-65535 # unregistered ports
8
acl Safe_ports port 280 # http-mgmt
9
acl Safe_ports port 488 # gss-http
10
acl Safe_ports port 591 # filemaker
11
acl Safe_ports port 777 # multiling http
Copied!
The lines above for squid.conf represent a basic example of the usage of ACL elements.
The first word, acl, indicates that this is a ACL element directive line.
The second word, localhost or Safe_ports, specify a name for the directive.
The third word, port in this case, is an ACL element type that is used to represent a TCP port. It can be a client IP address or range of addresses. Also it is possible to use hostname, if we have some sort of DNS resolution implemented.
1
***** Different ACL Elements *****
2
3
src: source (client) IP addresses
4
dst: destination (server) IP addresses
5
myip: the local IP address of a client's connection
6
arp: Ethernet (MAC) address matchingsrcdomain: source (client) domain name
7
dstdomain: destination (server) domain name
8
srcdom_regex: source (client) regular expression pattern matching
9
dstdom_regex: destination (server) regular expression pattern matching
10
src_as: source (client) Autonomous System numberdst_as: destination (server) Autonomous System number
11
peername: name tag assigned to the cache_peer where request is expected to be sent.
12
time: time of day, and day of week
13
url_regex: URL regular expression pattern matching
14
urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname
15
port: destination (server) port number
16
myport: local port number that client connected tomyportname: name tag assigned to the squid listening port that client connected toproto: transfer protocol (http, ftp, etc)
17
method: HTTP request method (get, post, etc)
18
http_status: HTTP response status (200 302 404 etc.)
19
browser: regular expression pattern matching on the request user-agent header
20
referer_regex: regular expression pattern matching on the request http-referer header
21
ident: string matching on the user's name
22
ident_regex: regular expression pattern matching on the user's name
23
proxy_auth: user authentication via external processes
24
proxy_auth_regex: regular expression pattern matching on user authentication via external processes
25
snmp_community: SNMP community string matching
26
maxconn: a limit on the maximum number of connections from a single client IP address
27
max_user_ip: a limit on the maximum number of IP addresses one user can login from
28
req_mime_type: regular expression pattern matching on the request content-type header
29
req_header: regular expression pattern matching on a request header contentrep_mime_type: regular expression pattern matching on the reply (downloaded content) content-type header. This is only usable in the http_reply_access directive, not http_access.
30
rep_header: regular expression pattern matching on a reply header content. This is only usable in the http_reply_access directive, not http_access.
31
external: lookup via external acl helper defined by external_acl_typeuser_cert: match against attributes in a user SSL certificate
32
ca_cert: match against attributes a users issuing CA SSL certificate
33
ext_user: match on user= field returned by external acl helper defined by external_acl_type
34
ext_user_regex: regular expression pattern matching on user= field returned by external acl helper defined by external_acl_type
Copied!
2-The access list rules consist of an allow or deny action followed by a number of ACL elements, and are used to indicate what action or limitation has to be enforced for a given request. There are a number of different access lists:
1
***** Different ACL types *****
2
http_access: Allows HTTP clients (browsers) to access the HTTP port. This is the primary access control list.
3
http_reply_access: Allows HTTP clients (browsers) to receive the reply to their request. This further restricts permissions given by http_access, and is primarily intended to be used together with rep_mime_type acl for blocking different content types.
4
icp_access: Allows neighbor caches to query your cache with ICP.
5
miss_access: Allows certain clients to forward cache misses through your cache. This further restricts permissions given by http_access, and is primarily intended to be used for enforcing sibling relations by denying siblings from forwarding cache misses through your cache.
6
cache: Defines responses that should not be cached.
7
url_rewrite_access: Controls which requests are sent through the redirector pool.
8
ident_lookup_access: Controls which requests need an Ident lookup.
9
always_direct: Controls which requests should always be forwarded directly to origin servers.
10
never_direct: Controls which requests should never be forwarded directly to origin servers.
11
snmp_access: Controls SNMP client access to the cache.
12
broken_posts: Defines requests for which squid appends an extra CRLF after POST message bodies as required by some broken origin servers.
13
cache_peer_access: Controls which requests can be forwarded to a given neighbor (cache_peer).
14
htcp_access: Controls which remote machines are able to make HTCP requests.
15
htcp_clr_access: Controls which remote machines are able to make HTCP CLR requests.
16
request_header_access: Controls which request headers are removed when violating HTTP protocol.
17
reply_header_access: Controls which reply headers are removed from delivery to the client when violating HTTP protocol.
18
delay_access: Controls which requests are handled by what delay pool
19
icap_access: (replaced by adaptation_access in Squid-3.1) What requests may be sent to a particular ICAP server.
20
adaptation_access: What requests may be sent to a particular ICAP or eCAP filter service.
21
log_access: Controls which requests are logged. This is global and overrides specific file access lists appended to access_log directives.
Copied!
Lets go back to squid.conf and fine some examples:
1
# Deny requests to certain unsafe ports
2
http_access deny !Safe_ports
Copied!
The two lines above are access list rules and represent an explicit implementation of the ACL directives mentioned earlier and it denies access to the localhost unsafe ports.
Notes:
    1.
    An access list rule consists of an allow or deny keyword, followed by a list of ACL element names.
    2.
    An access list consists of one or more access list rules.
    3.
    Access list rules are checked in the order they are written. List searching terminates as soon as one of the rules is a match.
    4.
    If a rule has multiple ACL elements, it uses AND logic. In other words, all ACL elements of the rule must be a match in order for the rule to be a match. This means that it is possible to write a rule that can never be matched. For example, a port number can never be equal to both 80 AND 8000 at the same time.
    5.
    To summarize the ACL logics can be described as: (note: AND/OR below is just for illustartion, not part of the syntax)
1
http_access allow|deny acl AND acl AND ...
2
OR
3
http_access allow|deny acl AND acl AND ...
4
OR
5
...
Copied!
If none of the rules are matched, then the default action is the opposite of the last rule in the list. Its a good idea to be explicit with the default action. The best way is to use the all ACL (Cache All). For example:
1
http_access deny all
Copied!
So to have a big picture in mind of how squid works, it works like that :
For demonstration Lets create required ACL elements and ACL rules to avoid visiting yahoo web site on Fridays:
1
acl YAHOO dstdomain .yahoo.com
2
acl FRIDAY time Friday
Copied!
Do not forget to define acl rule before cache all:
1
#
2
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
3
#
4
5
http_access deny YAHOO FRIDAY
6
7
# Example rule allowing access from your local networks.
8
# Adapt localnet in the ACL section to list your (internal) IP networks
9
# from where browsing should be allowed
10
#http_access allow localnet
11
http_access allow localhost
12
13
# And finally deny all other access to this proxy
14
http_access deny all
Copied!
and finally do not forget to restart thr service:
1
[[email protected] squid]# systemctl restart squid.service
Copied!

Squid Authentication

One another option of squid is adding user authentication . For that we need to use auth_param ACL element.

auth_param

The auth_param directive controls almost every aspect of Squid's external user authentication interface. Squid currently supports three authentication schemes: Basic, Digest, and NTLM. Basic authentication support is compiled by default (For the others, you must use the enable-auth option with ./configure.).
The auth_param directive is very complex, what we are presenting here for LPIC2 exam is HTTP Basic authentication helper, and the syntax would be:
auth_param basic program command ...
example:auth_param basic program /opt/squid/ncsa /etc/squid/passwd
So basic says what type of authentication we are going to use, so in browser it just pops up a window.
program defines what program is going to be used for Authentication, and the actual location of that program (the location might be different in different distributions, be careful and check it).
ncsa is a very simple program which uses the same apache htpasswd type format.
some others are:
1
=> NCSA: Uses an NCSA-style username and password file.
2
=> LDAP: Uses the Lightweight Directory Access Protocol
3
=> MSNT: Uses a Windows NT authentication domain.
4
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
5
=> SMB: Uses a SMB server like Windows NT or Samba.
6
=> getpwam: Uses the old-fashioned Unix password file.
7
=> SASL: Uses SALS libraries.
8
=> NTLM, Negotiate and Digest authentication
Copied!
And the last argument for ncsa is where the user password file is stored.
Start implementing basic user authentication in squid and as first step locate nsa_auth place in our distribution
(In ubuntu use dpkg -L squid | grep ncsa_auth ) :
1
[[email protected] squid]# locate ncsa_auth
2
[[email protected] squid]# rpm -ql squid | grep ncsa_auth
3
/usr/lib64/squid/basic_ncsa_auth
4
/usr/share/man/man8/basic_ncsa_auth.8.gz
5
6
[[email protected] squid]# ls -l /usr/lib64/squid/ | grep auth
7
-rwxr-xr-x. 1 root root 5399 Apr 10 2018 basic_db_auth
8
-rwxr-xr-x. 1 root root 11360 Apr 10 2018 basic_getpwnam_auth
9
-rwxr-xr-x. 1 root root 23768 Apr 10 2018 basic_ldap_auth
10
-rwxr-xr-x. 1 root root 5502 Apr 10 2018 basic_msnt_multi_domain_auth
11
-rwxr-xr-x. 1 root root 24032 Apr 10 2018 basic_ncsa_auth
12
-rwxr-xr-x. 1 root root 15488 Apr 10 2018 basic_nis_auth
13
-rwxr-xr-x. 1 root root 19664 Apr 10 2018 basic_pam_auth
14
-rwxr-xr-x. 1 root root 2975 Apr 10 2018 basic_pop3_auth
15
-rwxr-xr-x. 1 root root 20048 Apr 10 2018 basic_radius_auth
16
-rwxr-xr-x. 1 root root 15456 Apr 10 2018 basic_sasl_auth
17
-rwxr-xr-x. 1 root root 15536 Apr 10 2018 basic_smb_auth
18
-rwxr-xr-x. 1 root root 2657 Apr 10 2018 basic_smb_auth.sh
19
-rwxr-xr-x. 1 root root 41512 Apr 10 2018 basic_smb_lm_auth
20
-rwxr-xr-x. 1 root root 32192 Apr 10 2018 digest_edirectory_auth
21
-rwxr-xr-x. 1 root root 24112 Apr 10 2018 digest_file_auth
22
-rwxr-xr-x. 1 root root 28016 Apr 10 2018 digest_ldap_auth
23
-rwxr-xr-x. 1 root root 44688 Apr 10 2018 negotiate_kerberos_auth
24
-rwxr-xr-x. 1 root root 15648 Apr 10 2018 negotiate_kerberos_auth_test
25
-rwxr-xr-x. 1 root root 19744 Apr 10 2018 ntlm_fake_auth
26
-rwxr-xr-x. 1 root root 63088 Apr 10 2018 ntlm_smb_lm_auth
Copied!
Next we configure squid.conf file and search for auth_param . There are some documentations and examples :
1
# === Example Configuration ===
2
#
3
# This configuration displays the recommended authentication scheme
4
# order from most to least secure with recommended minimum configuration
5
# settings for each scheme:
6
#
7
##auth_param negotiate program <uncomment and complete this line to activate>
8
##auth_param negotiate children 20 startup=0 idle=1
9
##auth_param negotiate keep_alive on
10
##
11
##auth_param digest program <uncomment and complete this line to activate>
12
##auth_param digest children 20 startup=0 idle=1
13
##auth_param digest realm Squid proxy-caching web server
14
##auth_param digest nonce_garbage_interval 5 minutes
15
##auth_param digest nonce_max_duration 30 minutes
16
##auth_param digest nonce_max_count 50
17
##
18
##auth_param ntlm program <uncomment and complete this line to activate>
19
##auth_param ntlm children 20 startup=0 idle=1
20
##auth_param ntlm keep_alive on
21
##
22
##auth_param basic program <uncomment and complete this line>
23
##auth_param basic children 5 startup=5 idle=1
24
##auth_param basic realm Squid proxy-caching web server
25
##auth_param basic credentialsttl 2 hours
26
#Default:
27
# none
Copied!
and the default is none. We add the previously discussed basic http authentication options :
1
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
2
###Specify squid password file and helper program location
3
4
auth_param basic children 5
5
###The number of authenticator processes to spawn:
6
7
auth_param basic realm Squid Basic Authentication
8
###Part of the text the user will see when prompted their username and password
9
10
auth_param basic credentialsttl 2 hours
11
Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
Copied!
Next we need to create an ACL element and then tell it to use that element in an ACL:
1
### ACL element
2
acl BASICAUTHENTICATED proxy_auth REQUIRED
Copied!
1
### ACL
2
http_access allow BASICAUTHENTICATED
Copied!
do not forget that based on the order you put your rules the result would be different. So if we put it above other rules, as long as users can authenticate it works fine. part of our squid.conf file:
1
acl Safe_ports port 591 # filemaker
2
acl Safe_ports port 777 # multiling http
3
acl CONNECT method CONNECT
4
5
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
6
auth_param basic children 5
7
auth_param basic realm Squid Basic Authentication
8
auth_param basic credentialsttl 2 hours
9
acl MYBASICAUTH proxy_auth REQUIRED
10
http_access allow MYBASICAUTH
11
12
##acl YAHOO dstdomain .yahoo.com
13
##acl FRIDAY time Friday
14
15
16
#
17
# Recommended minimum Access Permission configuration:
18
#
19
# Deny requests to certain unsafe ports
20
http_access deny !Safe_ports
Copied!
Now we have to create password file(for that we might need to install apach2-utils (Deb)or httpd-tools (RedHat)) :
1
[[email protected] squid]# htpasswd -c /etc/squid/passwords user1
2
New password:
3
Re-type new password:
4
Adding password for user user1
5
[[email protected] squid]# ls -l
6
total 52
7
-rw-r--r--. 1 root squid 692 Apr 10 2018 cachemgr.conf
8
-rw-r--r--. 1 root root 692 Apr 10 2018 cachemgr.conf.default
9
-rw-r--r--. 1 root root 1817 Apr 10 2018 errorpage.css
10
-rw-r--r--. 1 root root 1817 Apr 10 2018 errorpage.css.default
11
-rw-r--r--. 1 root root 12077 Apr 10 2018 mime.conf
12
-rw-r--r--. 1 root root 12077 Apr 10 2018 mime.conf.default
13
-rw-r--r--. 1 root root 44 Oct 10 14:21 passwords
14
-rw-r-----. 1 root squid 2565 Oct 10 13:49 squid.conf
15
-rw-r--r--. 1 root root 2315 Apr 10 2018 squid.conf.default
Copied!
and to make sure every thing is working properly with our passwords file:
1
[[email protected] squid]# /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
3
OK
Copied!
lets restart the service and see the results:
1
[[email protected] squid]# systemctl restart squid.service
Copied!

/var/log/squid/

That is squid log file directory. The logs give us information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (eg, memory, disk space). There are several log file maintained by Squid. Some have to be explicitely activated during compile time, others can safely be deactivated during.
    /var/log/squid/access.log : Most log file analysis program are based on the entries in access.log. We can use this file to find out who is using squid server and what they are doing etc
    /var/log/squid/cache.log : The cache.log file contains the debug and error messages that Squid generates.
    /var/log/squid/store.log : The store.log file covers the objects currently kept on disk or removed ones. As a kind of transaction log it is ususally used for debugging purposes.
To display log files in real time use tail command:
1
tail -f /var/log/squid/access.log
Copied!
that is all.
Last modified 2yr ago