Proxy Server Nedir?

Birden Fazla PC’den internete erişilen ve bu bilgilerin log’landığı sistemlerdir.Linux / Windows ve Appliance Şeklinde Mevcuttur.Bu yazımızda linux / squid v 2.0 proxy sunucuya ait konfigurasyon dosyasını inceleyeceğiz.

Squid Server Örnek konfigurasyon dosyası.

squid.conf file begin

cache_mem 600 MB
 http_port 3128
 forwarded_for off
 #dns_defnames on
 max_filedesc 8192

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
 auth_param ntlm children 100
 auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server
 auth_param basic credentialsttl 2 hours

authenticate_ttl 1 hour
 authenticate_cache_garbage_interval 1 hour

acl manager proto cache_object
 acl localhost src 127.0.0.1/32
 http_access allow manager localhost

acl all src 0/0
 acl no_auth dst 10.110.24.0/24
 acl no_auth_dmn dstdomain .itmakale.com.tr
 acl blocked url_regex -i ""
 acl allowed_urls url_regex -i ""
 acl only_itmakale proxy_auth ""
 acl test_users proxy_auth ""
 acl kioskdst dst 93.89.224.45 10.110.24.20
 acl AuthorizedUsers proxy_auth REQUIRED
 acl itmakaleDMN dstdomain  .itmakale.com.tr
 acl itmakaleIP dst 10.110.24.0/24
 acl white_list_dst_ip dst 93.89.224.45
 acl numeric url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
 acl connect method CONNECT
 acl no_auth_src_ip_adr src 10.110.24.0/24

acl download urlpath_regex -i \.exe$
 acl download_users src 10.110.24.0/24
 acl download_link dstdomain .microsoft.com .installshield.com

no_cache deny itmakaleDMN
 no_cache deny itmakaleIP

# deny some source ip addresses
 #http_access deny blocked_src_ip

# allow some source ip addresses
 http_access allow  no_auth_src_ip_adr

# allow some destination ip addresses
 http_access allow white_list_dst_ip

# allow some domains
 http_access allow no_auth_dmn

# allow some URLs
 http_access allow allowed_urls

# block requests that are matched both numeric and have connect method
 http_access deny connect numeric all

# block content of the blocked.txt file
 http_access deny blocked

# Izinli kullanicilar haricinde EXE indirilmesini kisitlamak için aşağıdaki satırlar kullanılabilir.
 http_access allow download_link
 http_access allow download_users download
 http_access deny download

# allow authorized users
 http_access allow AuthorizedUsers

# block all source IP addressess
 http_access deny all

cache_effective_user squid
 cache_effective_group squid

#squid hatalarını turkce olarak dondurmek icin
 cache_dir ufs /var/spool/squid 1024 16 256
 error_directory /usr/share/squid/errors/Turkish

# forward all requests to parent
 cache_peer 10.10.1.5 parent 8080 0 no-query default
 never_direct allow all

half_closed_clients off
 visible_hostname squid
 cache_store_log none
 cache_access_log /var/log/squid/access.log squid
 useragent_log /var/log/squid/useragent.log squid
 cache_log /var/log/squid/cache.log
 logfile_rotate 60

icp_access deny all
 request_header_max_size 10 KB
 request_body_max_size 10 MB

#debug_options ALL,1 33,2
 #debug_options ALL,1 33,2 28,9

# conf file ended