SlideShare uma empresa Scribd logo

Configuring a Squid proxy cache on Linux

Leandro Almeida
Leandro Almeida
TecnologiaNegócios
1 de 3
Baixar para ler offline
Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
#Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320

Recomendados

Netmiko library
Netmiko libraryNetmiko library
Netmiko libraryManjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi nodeNarasimha sreeram
 
Nginx
NginxNginx
NginxShaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
Squid server
Squid serverSquid server
Squid serverRohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernetJose Antonio Vacas
 

Recomendados

Netmiko library
Netmiko libraryNetmiko library
Netmiko libraryManjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi nodeNarasimha sreeram
 
Nginx
NginxNginx
NginxShaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELopenstackstl
 
Squid server
Squid serverSquid server
Squid serverRohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernetJose Antonio Vacas
 
Nat
NatNat
NatMohamed Gamel
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdoNarasimha sreeram
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
Squid Server
Squid ServerSquid Server
Squid ServerSumant Garg
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco routerIT Tech
 
Squidinstallation
SquidinstallationSquidinstallation
SquidinstallationChirag Gupta
 
Squid
SquidSquid
SquidSyeda Javeria
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Squid file
Squid fileSquid file
Squid fileNalin Peiris
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Cargagsroma
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Squid
SquidSquid
SquidChirag Gupta
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_awssparrowAnalytics.com
 
Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiroLeandro Almeida
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxpLeandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent osLeandro Almeida
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiroLeandro Almeida
 
D do s
D do sD do s
D do sLeandro Almeida
 

Mais conteúdo relacionado

Mais procurados

Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdoNarasimha sreeram
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco routerIT Tech
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Cargagsroma
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 

Mais procurados (17)

Nat
NatNat
Nat
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
 
Squid Server
Squid ServerSquid Server
Squid Server
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
 
Squid
SquidSquid
Squid
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Squid file
Squid fileSquid file
Squid file
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
 
Squid
SquidSquid
Squid
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
 

Destaque

Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxpLeandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent osLeandro Almeida
 

Destaque (6)

Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiro
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxp
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent os
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiro
 
D do s
D do sD do s
D do s
 
Unidade7 roteiro
Unidade7 roteiroUnidade7 roteiro
Unidade7 roteiro
 

Semelhante a Configuring a Squid proxy cache on Linux

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Renaun Erickson
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registryVipin Mandale
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]Krisman Tarigan
 
Home Automation Using RPI
Home Automation Using RPIHome Automation Using RPI
Home Automation Using RPIAnkara JUG
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...Felipe Prado
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackCosimo Streppone
 

Semelhante a Configuring a Squid proxy cache on Linux (20)

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]
 
Home Automation Using RPI
Home Automation Using RPIHome Automation Using RPI
Home Automation Using RPI
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Cisco Ios advanced
Cisco Ios advancedCisco Ios advanced
Cisco Ios advanced
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 

Mais de Leandro Almeida

Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da redeLeandro Almeida
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentestLeandro Almeida
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprintLeandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnLeandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnLeandro Almeida
 

Mais de Leandro Almeida (20)

Segurança de-redes
Segurança de-redesSegurança de-redes
Segurança de-redes
 
Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da rede
 
Roteiro cups
Roteiro cupsRoteiro cups
Roteiro cups
 
Roteiro sambaswat
Roteiro sambaswatRoteiro sambaswat
Roteiro sambaswat
 
Roteiro samba
Roteiro sambaRoteiro samba
Roteiro samba
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentest
 
Roteiro vsftpd
Roteiro vsftpdRoteiro vsftpd
Roteiro vsftpd
 
Roteiro sshd
Roteiro sshdRoteiro sshd
Roteiro sshd
 
Roteiro nfs
Roteiro nfsRoteiro nfs
Roteiro nfs
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprint
 
Unidade5 footprint
Unidade5 footprintUnidade5 footprint
Unidade5 footprint
 
Unidade 8 ieee802-11i
Unidade 8 ieee802-11iUnidade 8 ieee802-11i
Unidade 8 ieee802-11i
 
Unidade4 cripto
Unidade4 criptoUnidade4 cripto
Unidade4 cripto
 
Roteiro dns
Roteiro dnsRoteiro dns
Roteiro dns
 
Unidade 6 servico dns
Unidade 6 servico dnsUnidade 6 servico dns
Unidade 6 servico dns
 
Roteiro web
Roteiro webRoteiro web
Roteiro web
 
Unidade 7 cripto
Unidade 7 criptoUnidade 7 cripto
Unidade 7 cripto
 
Unidade 5 servico web
Unidade 5 servico webUnidade 5 servico web
Unidade 5 servico web
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Configuring a Squid proxy cache on Linux

  • 1. Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
  • 2. #Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  • 3.   # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320