Installing Squid proxy server running on Windows
2013-05-28 16:56
543 查看
我在WINDOWS2012上安装SQUID 2.8 UPDATE8.
按以下方法,不加认证,几乎不用更改就生效了。
(DOS窗口的操作都是以管理员身份操作的)
http://certcollection.org/forum/topic/98920-installing-squid-proxy-server-running-on-windows/
There are various software that implement a proxy server, some commercial and some free stuff. In this guide we will see how to implement a proxy server in a Windows environment is fully integrated into Active Directory at no cost.
The product concerned is Squid
, originally developed for the Linux porting is also available on the Windows platform.
Integration with Active Directory, you can if we install on a machine both Linux and Windows, on Linux configuration for authentication in AD is slightly more complex than in the Windows environment.
Squid can be installed on any machine of our network not necessarily with two network adapters, in which case must do also from gateway.
First we must download Squid from
site, follow the signs for Squid 2.7 for Windows-> Squid Download Page-> mirror mirror 1/ 2-> and here and get the latest version Stable, at the moment is the 2.7. STABLE8.
Once the download unpack the .zip file in the path c:\squid. Copy these three files in the path c:\squid\etc:
(以下必作)
Open the squid.conf and making some changes required for the first time:
* Section OPTIONS FOR AUTHENTICATION
o Remove the comment on these three rows and we complete the first so that you have:
(以下没作)
These parameters indicate to squid to use authentication NTLM, to use the program and mswin_ntlm_auth. xe to authenticate and use 5 concurrent processes for authentication.
* ACCESS CONTROLS Section
o Default Squid grants access from local networks that have private ip addresses of 3 standard classes, if our network does not fall into these we must add it to these 3 lines:
o In the basic configuration Squid grants access only to the following ports:
(以下没改)
Also here if we have other needs we must add the ports you want to be reached.
o Immediately after the last we must insert an ACL to verify authentication in Active Directory:
and set an access rule that denies all unauthenticated sessions:
be inserted immediately after the line:
* Section DISK CACHE OPTIONS
o In this section we have to set the configuration parameters of the disk cache, to do this, remove the comment line:
(这步我作了,参数未改,并且手工在VAR下新建了CACHE目录)
and edit the parameters according to our needs.
Taking into account that the three parameters have this meaning:
100 = maximum size in MB of disk cache
16 = number of subdirectories (1st level)
256 = number of subdirectory of 2nd level
Initially we can leave the default these 3 parameters.
* LOGFILE OPTIONS Section
o In this section we define the location and the type of access log file that is generated by Squid.
The path is defined by the following directive:
While the type is defined by the line:
in this case we define a log format called squid and use it in the command access_log.
* ADMINISTRATIVE PARAMETERS Section
o In case of failure or to access an unauthorized site Squid
displays a page with details including an e-mal address of the system
administrator. In this regard we can change this address by using the
following directive:
* ERROR PAGE OPTIONS Section
o The last parameter to change the language in which you want to display the error pages, to achieve this, we use this directive:
where instead of English we insert the name of the directory that reflects the language that we use inside the folder c:/squid/share/and rrors, in the case of English we:
At this point, the basic configuration Squid is finished and we can send him running for the first time. Open a dos directory, find the white flashing c:\squid\sbin and launch the command:
(这步必作)
in order to create the cache directory. If we have not made mistakes in the configuration file you should see something like:
We suggest that the creation of the directory is successful, otherwise we will see something like:
in which case we have committed some syntax error. (In this case was wanted!!).
NOTE: If we install squid in the default directory c:\squid we should never specify the location of the configuration file, if instead we use a different path is necessaroio change all references in the squid.conf file and use the parameter -f configfile every time I launch the command squid.exe.
Now we can install Squid as a service and start to test it. To do this, launch the command:
(这步必作)
If all is successful you will create the service Squid. If we want to call it differently, we need to add the parameter -n servicename. Once you have created the service we need to start it with the command:
(这步必作)
and we will get output like:
We verify that Squid is actually listening via the command:
As you can see clearly squid is listening on the default port 3128.
Open Internet Explorer on a client and to configure the proxy settings using the menu Tools > Internet Options-> Connections-> LAN Settings and set the proxy server as shown in Figure:
replacing the address and port of the server with those of our configuration.
Let's go back to the browser and try to reach a site any, if everything works you should see the page without any problem.
To verify the actual use of the proxy, we can use one of several test online type
or check the file access.log in the folder C:\squid\var\logs.
If you see a window like this:
We ask for your login credentials means that the proxy is working but there is some problem with NTLM authentication. In this case we change the LAN Manager authentication level in value:
For simplicity we can change the Default Domain Policy so you want to configure all machines in the domain. The setting is located in the key:
Once change expect the policy is applied or forziamola with the command GPUDATE/force, then try again and if everything went well this time the request for username and password should appear.
With the procedures specified so far according to Squid configuration has finished, access is granted to all for any site and a log is generated for each login.
In next part we will see some parameters for optimization of Squid and how to configure the proxy settings in the browser automatically
按以下方法,不加认证,几乎不用更改就生效了。
(DOS窗口的操作都是以管理员身份操作的)
http://certcollection.org/forum/topic/98920-installing-squid-proxy-server-running-on-windows/
There are various software that implement a proxy server, some commercial and some free stuff. In this guide we will see how to implement a proxy server in a Windows environment is fully integrated into Active Directory at no cost.
The product concerned is Squid
http://www.squid-cache.org/
, originally developed for the Linux porting is also available on the Windows platform.
Integration with Active Directory, you can if we install on a machine both Linux and Windows, on Linux configuration for authentication in AD is slightly more complex than in the Windows environment.
Squid can be installed on any machine of our network not necessarily with two network adapters, in which case must do also from gateway.
First we must download Squid from
http://squid.acmeconsulting.it/index.html
site, follow the signs for Squid 2.7 for Windows-> Squid Download Page-> mirror mirror 1/ 2-> and here and get the latest version Stable, at the moment is the 2.7. STABLE8.
Once the download unpack the .zip file in the path c:\squid. Copy these three files in the path c:\squid\etc:
(以下必作)
* squid.conf.default==> squid.conf * mime.conf.default==> mime file * cachemgr.conf.default==> cachemgr. conf
Open the squid.conf and making some changes required for the first time:
* Section OPTIONS FOR AUTHENTICATION
o Remove the comment on these three rows and we complete the first so that you have:
(以下没作)
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth .exe auth_param ntlm children 5 auth_param ntlm keep_alive on
These parameters indicate to squid to use authentication NTLM, to use the program and mswin_ntlm_auth. xe to authenticate and use 5 concurrent processes for authentication.
* ACCESS CONTROLS Section
o Default Squid grants access from local networks that have private ip addresses of 3 standard classes, if our network does not fall into these we must add it to these 3 lines:
(以下没改) acl localnet src 10.0.0.0/8# RFC1918 possible internal network acl localnet src 172.16.0.0/12# RFC1918 possible internal network acl localnet src 192.168.0.0/16# RFC1918 possible internal network
o In the basic configuration Squid grants access only to the following ports:
(以下没改)
acl SSL_ports port 443 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443# https acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http
Also here if we have other needs we must add the ports you want to be reached.
o Immediately after the last we must insert an ACL to verify authentication in Active Directory:
acl Authenticatedusing proxy_auth ACL REQUIRED
and set an access rule that denies all unauthenticated sessions:
http_access deny!Authenticated
be inserted immediately after the line:
# INSERT YOUR OWN RULE (S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
* Section DISK CACHE OPTIONS
o In this section we have to set the configuration parameters of the disk cache, to do this, remove the comment line:
(这步我作了,参数未改,并且手工在VAR下新建了CACHE目录)
cache_dir ufs c:/squid/var/cache 10016256
and edit the parameters according to our needs.
Taking into account that the three parameters have this meaning:
100 = maximum size in MB of disk cache
16 = number of subdirectories (1st level)
256 = number of subdirectory of 2nd level
Initially we can leave the default these 3 parameters.
* LOGFILE OPTIONS Section
o In this section we define the location and the type of access log file that is generated by Squid.
The path is defined by the following directive:
access_log c:/squid/var/logs/squid access.log
While the type is defined by the line:
logformat squid%0% ts.3tu%6tr% a%Ss/>%< st 03Hs%% rm% ru% a%Sh/%<% mt
in this case we define a log format called squid and use it in the command access_log.
* ADMINISTRATIVE PARAMETERS Section
o In case of failure or to access an unauthorized site Squid
displays a page with details including an e-mal address of the system
administrator. In this regard we can change this address by using the
following directive:
cache_mgr <indirizzo_email>
* ERROR PAGE OPTIONS Section
o The last parameter to change the language in which you want to display the error pages, to achieve this, we use this directive:
error_directory c:/squid/share/errors/English
where instead of English we insert the name of the directory that reflects the language that we use inside the folder c:/squid/share/and rrors, in the case of English we:
error_directory c:/squid/share/errors/Italian
At this point, the basic configuration Squid is finished and we can send him running for the first time. Open a dos directory, find the white flashing c:\squid\sbin and launch the command:
(这步必作)
squid-z
in order to create the cache directory. If we have not made mistakes in the configuration file you should see something like:
C:\squid\sbin>squid -z 2010/04/2411:33:24|CreatingSwapDirectories
We suggest that the creation of the directory is successful, otherwise we will see something like:
C:\squid\sbin>squid -z 2010/04/2411:41:28| parseConfigFile: squid.conf:4257 unrecognized:'error_directoryxxx'2010/04/2411:41:28|CreatingSwapDirectories
in which case we have committed some syntax error. (In this case was wanted!!).
NOTE: If we install squid in the default directory c:\squid we should never specify the location of the configuration file, if instead we use a different path is necessaroio change all references in the squid.conf file and use the parameter -f configfile every time I launch the command squid.exe.
Now we can install Squid as a service and start to test it. To do this, launch the command:
(这步必作)
C:\squid\sbin>squid -i Registry stored HKLM\SOFTWARE\GNU\Squid\2.6\Squid\ConfigFile value c:/squid/etc/squid.conf SquidCache version 2.7.STABLE8 for i686-pc-winnt installed successfully asSquidWindowsSystemService. To run, start it from the ServicesApplet of ControlPanel.Don't forget to edit squid.conf before starting it.
If all is successful you will create the service Squid. If we want to call it differently, we need to add the parameter -n servicename. Once you have created the service we need to start it with the command:
(这步必作)
net start Squid
and we will get output like:
TheSquid service is starting.TheSquid service was started successfully.
We verify that Squid is actually listening via the command:
C:\squid\sbin > netstat-na | findstr:31280.0.0.00.0.0.0:3128 TCP:0 LISTENING
As you can see clearly squid is listening on the default port 3128.
Open Internet Explorer on a client and to configure the proxy settings using the menu Tools > Internet Options-> Connections-> LAN Settings and set the proxy server as shown in Figure:
replacing the address and port of the server with those of our configuration.
Let's go back to the browser and try to reach a site any, if everything works you should see the page without any problem.
To verify the actual use of the proxy, we can use one of several test online type
http://www.lagado.com/proxy-test
or check the file access.log in the folder C:\squid\var\logs.
If you see a window like this:
We ask for your login credentials means that the proxy is working but there is some problem with NTLM authentication. In this case we change the LAN Manager authentication level in value:
Send LM and NTLM –useNTLMv2 session security if negotiated
For simplicity we can change the Default Domain Policy so you want to configure all machines in the domain. The setting is located in the key:
ComputerConfiguration->Policies->WindowsSettings->SecuritySettings->LocalPolicies->SecurityOptions->Network security: LAN Manager authentication level
Once change expect the policy is applied or forziamola with the command GPUDATE/force, then try again and if everything went well this time the request for username and password should appear.
With the procedures specified so far according to Squid configuration has finished, access is granted to all for any site and a log is generated for each login.
In next part we will see some parameters for optimization of Squid and how to configure the proxy settings in the browser automatically
相关文章推荐
- Installing an SSH Server on Windows 2003
- Installing OpenSSH on Windows server 2008
- [转]Installing and Configuring target iSCSI server on Windows Server 2012
- Installing Reporting Services on Windows 7, Vista or Windows Server 2008 无权限(rsAccessDenied)解决方法
- Installing UrlRewriter.NET on Windows Server 2003
- Installing UrlRewriter.NET on Windows Server 2003
- RabbitMQ Server安装及显示管理界面_Installing on Windows
- Installing Active Directory on Windows Server 2008 R2 Enterprise 64-bit
- Installing Zune software on Windows Server 2003 SP2 (x86)
- Using Nginx As Reverse-Proxy Server On High-Loaded Sites
- Zabbix server is not running alert on CentOS 6(同时解决SMTP发送失败问题)
- An easy way to setup a screaming server on Windows
- android搭建环境错误 daemon not running. starting it now on port 5037 ADB server didn't ACK
- Unable to start debugging on the web server. Debugging failed because integrated windows authentication is not enabled.
- brio6.6 error on windows 2003 server
- Excel automation on Windows Server 2008 x64: solution to SaveAs method problem
- How to run Windows Server 2003 version of SchTasks.exe on Windows 2000
- Installing Xgboost for Anaconda on Windows
- Running Apache Storm on Windows