Thursday, October 26, 2006

Setup your own http proxy server

In this document, I will show you how to setup an http proxy server with content filter and virus scanner on Linux platform.

We will use following open-source software to achieve our goal,
Squid - a free and open-source web proxy server

Pre-installation
First of all, you have to create user accounts, which will be used to install the proxy server. Login to your linux machine, and type the following command, if you don't have these user accounts in your system.

command> useradd -M squid
command> groupadd clamav
command> useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

Download all required packages

Please download all following packages to your Linux machine. I used to download them to my "/downloads" folder, so I will refer to this folder in the whole installation process.

Squid - the latest version when this doc. written is squid-2.6.STABLE4
Webmin - the latest version when this doc. written is webmin-1.3
Clamav - the latest version when this doc. written is clamav-0.90RC1.1
SARG - the latest version when this doc. written is sarg-2.2.2

Compile Squid Proxy Server
Now, we are going to start our proxy installation. First, compile your squid proxy server, if you are not advance linux user (like me), you can follow my settings which shown below. If you are advance user, and wanna custom your proxy installation setting, you can check the config parameters and use your own setting.

command> su squid
command> cd /downloads
command> tar -xzvf squid-2.6.STABLE4.tar.gz
command> cd squid-2.6.STABLE4
command> ./configure \
command> --enable-arp-acl \
command> --enable-ssl \
command> --enable-linux-netfilter \
command> --enable-underscores
command> make
command> exit

Notes: You must use the "squid" account to compile the proxy server

Install Squid Proxy Server
command> make install

Okay, we have installed our server and next we will configure it. As usual, I use vi to modify config file. You can use your famous editor to edit the config file.

command> vi /user/local/squid/etc/squid.conf

Search for tag "cache_effective_user" and add the line below after the tag.
"cache_effective_user squid"

Search for tag "visible_hostname" and add the line below after the tag.
"visible_hostname MYPROXYSERVER"
where MYPROXYSERVER is the machine hostname

Save your modification and then exit

Install Webmin
You will like to install webmin which will ease you to play with your proxy server, like add access rule, configure content filter, and generate access reports.

command> cd /downloads
command> tar -xzvf webmin-1.3.tar.gz
command> cd webmin-1.3
command> ./setup.sh /usr/local/webmin

During the installation, you will be ask several questions, where you can custom your installation, I used to answer the them with default values as follows,

1) /etc/webmin
2) /var/webmin
3) /usr/bin/perl
4) port:10000
5) username: admin
6) password:
7) start at boot time: y

After installed webmin, we will configure it, so that it can work with our installed proxy server.

Enable SSL for webmin
Go to "http://host-ipaddress:10000" and login with the username which entered while installation.
Click the tags "Webmin" >> "Webmin Configuration" >> "SSL Encryption"
Click the link "download and install"
After downloaded required packages, click "Continue With Install"
After installation, click the link "Return to webmin configuration"
Click "SSL Encryption" again, select "Yes" under "Enable SSL if availabe"
Select "Yes" under "SSL requests to SSL mode"
Click the "Save" button to confirm the settings

Configure Squid Proxy Server Webmin Module
Go to "http://host-ipaddress:10000" and login with the username which you entered while installation.
Click the tags "Servers" >> "Squid Proxy Server" >> "Module Config"
Edit following fields:
  • Full Path to squid config file: /usr/local/squid/etc/squid.conf
  • Command to start squid: /usr/local/squid/sbin/squid
  • Command to stop squid: /usr/local/squid/sbin/squid -k shutdown
  • Command to apply changes: /usr/local/squid/sbin/squid -k reconfigure
  • Squid Executable: /usr/local/squid/sbin/squid
  • Full path to PID file: /usr/local/squid/var/logs/squid.pid
  • Full path to squid cache directory: /usr/local/squid/var/cache
  • Squid cachemgr.cgi executable: /usr/local/squid/libexec/cachemgr.cgi
  • Full path to squid log directory: /usr/local/squid/var/logs
Press the "Save" button

Start Squid Proxy Server
For a simple web squid proxy server, it is nearly done. Let's start to initialize our server, and then go to next section to install anti-virus software.

Press the button "Initialize Cache"
Click the link "Return to squid index"
Press the button "Start Squid"

Install Clamav
We want our server able to decline all infected files downloading, so we need an anti-virus software to scan download files. Clamav is a free anti-virus tool, I think it is good enough for us as the purpose of filtering, you may try out any other commercial anti-virus software for the same purpose, and you are very welcome to comment it. Let's start to install it.

We install it with its default settings.

command> cd /downloads
command> tar -xzvf clamav-0.90rc1.1.tar.gz
command> cd clamav-0.90rc1.1
command> ./configure
command> make
command> make install
command> make clean

Intall DansGuardian
We need a tool to link up the squid proxy server and clamav anti-virus scanner, and it is where DansGuardian placed in, which is a content filter software.

To be Continue ...

No comments: