MAC ADDRESS BASED SQUID ACL with DELAY POOLS
Posted 09-10-2011 at 03:22 PM by baig
MAC ADDRESSES are maintained in file named "unlimited.txt", "out_1mbps.txt", "out_512kbps" and "our_256kbps.txt" under /etc/squid/ directory. to create those file use "touch command"
Install squid and squid guard on yum based systems, enable rpmforge repository by downloading and installing their rpm package from their site.
Once the package is downloaded, "cd" to the directory where it is saved and then issue the following command.
once it is installed, do
then install squid and squidguard using yum
if you haven't created files for mac address files for delay pools, create them now by issueing
move squid.conf to squid.conf.ori as following
now create a new file named squid.conf and copy paste the following squid.conf
squidguard.conf is as following
put the mac address into appropriate file in /etc/squid/*.txt that you want to give bandwidth according to delay pool rules
and don't forget to edit several parameters according to your needs specially IP Address in squid.conf and squidguard.conf
cheers
Install squid and squid guard on yum based systems, enable rpmforge repository by downloading and installing their rpm package from their site.
Once the package is downloaded, "cd" to the directory where it is saved and then issue the following command.
Code:
yum localinstall --nogpgcheck <package_just_downloded> -y
Code:
yum clean all && yum update
Code:
yum install squid squidguard -y
Code:
cd /etc/squid touch unlimited.txt our_1mbps.txt out_512kbps.txt out_256kbps.txt
Code:
cd /etc/squid mv squid.conf squid.conf.ori
Code:
######################## IP SOURCES FOR SQUID ################################## acl all src 0.0.0.0/0.0.0.0 acl unlimited arp "/etc/squid/unlimited.txt" acl our_1mbps arp "/etc/squid/our_1mbps.txt" acl our_512kbps arp "/etc/squid/our_512kbps.txt" acl our_256kbps arp "/etc/squid/our_256kbps.txt" acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 ################################## SAFE PROT DEFINITIONS ####################### acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl morning time M T W H F A S 08:00-9:00 #acl blocksites url_regex "/etc/squid/block.acl" ################################## ACCESS RULES ################################ #http_access deny blocksites http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow unlimited http_access allow our_1mbps http_access allow our_512kbps http_access allow our_256kbps http_access allow localhost http_access deny all icp_access allow all ######################## SQUID GUARD URL REWRITE PROGRAM LOCATION AND CONFIG FILE ##### ## uncomment this if you want to setup squidguard #url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf ############################ SQUID TYPE, IP AND PROT ########################### http_port 192.168.50.1:8080 hierarchy_stoplist cgi-bin ? ################################# MAXIMUM RAM TO BE USED ####################### cache_mem 256 MB ########################### MAXIMUM OBJECT SIZE TO KEEP IN RAM ################# maximum_object_size_in_memory 20 MB ############################# CACHE DIRECTORY ################################## cache_dir ufs /var/spool/squid 4096 16 256 ############################ MAXIMUM OBJECT SIZE TO SAVE ON DISK ############### maximum_object_size 200 MB ############################### ACCESS LOG DIRECTORY ########################### access_log /var/log/squid/access.log squid ##################################CGI BIN QUERY ################################ acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache_effective_user proxy cache_effective_group proxy ################################# REFRESH PATTERN############################### refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache ie_refresh on #################################CACHE MANAGER NAME############################# cache_mgr squid@linux ################################### VISIBLE HOST NAME########################### visible_hostname squid@linux #####################################SHUTDOWN LIFETIME######################### shutdown_lifetime 5 seconds #####################################DELAY POOLS################################ delay_pools 4 delay_class 1 2 delay_access 1 allow unlimited delay_access 1 deny all delay_parameters 1 -1/-1 -1/-1 delay_class 2 2 delay_access 2 allow our_1mbps delay_access 2 deny all delay_parameters 2 -1/-1 131072/131072 delay_class 3 2 delay_access 3 allow our_512kbps delay_access 3 deny all delay_parameters 3 -1/-1 65536/65536 delay_class 4 2 delay_access 4 allow our_256kbps delay_access 4 deny all delay_parameters 4 -1/-1 32786/32786 ########################################CORE DUMP DIRECTORY#################### coredump_dir /var/spool/squid
squidguard.conf is as following
Code:
# # CONFIG FILE FOR SQUIDGUARD # dbhome /var/lib/squidguard/db/blacklists logdir /var/log/squidGuard # # TIME RULES: # abbrev for weekdays: # s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat #time workhours { # weekly mtwhfas 08:00 - 16:30 # date *-*-01 08:00 - 16:30 #} # # REWRITE RULES: # #rew dmz { # s@://admin/@://admin.foo.bar.no/@i # s@://foo.bar.no/@://www.foo.bar.no/@i #} # # SOURCE ADDRESSES: # #src admin { # ip 1.2.3.4 1.2.3.5 # user root foo bar # within workhours #} #src foo-clients { # ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200 #} src ournet { ip 192.168.50.2-192.168.50.254 } # # DESTINATION CLASSES: # #dest good { #} #dest local { #} dest ads { domainlist ads/domains urllist ads/urls log advertising.log redirect http://192.168.50.1/adv.gif } #dest aggressive { # domainlist aggressive/domains # urllist aggressive/urls # redirect http://localhost/block.html # #} #dest audio-video { # domainlist audio-video/domains # urllist audio-video/urls # redirect http://localhost/block.html #} #dest drugs { # domainlist drugs/domains # urllist drugs/urls # redirect http://localhost/block.html #} #dest gambling { # domainlist gambling/domains # urllist gambling/urls # redirect http://localhost/block.html #} dest hacking { domainlist hacking/domains urllist hacking/urls log hackingsites.log redirect http://192.168.50.1/block.html } dest mail { domainlist mail/domains log mailsites.log redirect http://192.168.50.1/adv.gif } dest porn { domainlist porn/domains urllist porn/urls log pornaccess.log redirect http://192.168.50.1/block.html } dest proxy { domainlist proxy/domains urllist proxy/urls log proxyaccess.log redirect http://192.168.50.1/adv.gif } dest redirector { domainlist redirector/domains urllist redirector/urls redirect http://192.168.50.1/adv.gif } dest spyware { domainlist spyware/domains urllist spyware/urls redirect http://192.168.50.1/block.html } #dest suspect { # domainlist suspect/domains # urllist suspect/urls # redirect http://localhost/block.html #} dest violence { domainlist violence/domains urllist violence/urls log violence.log redirect http://192.168.50.1/block.html } #dest warez{ # domainlist warez/domains # urllist warez/urls # redirect http://localhost/block.html #} acl { ournet { pass !proxy !porn !redirector all } default { pass none redirect http://192.168.50.1/block.html } }
put the mac address into appropriate file in /etc/squid/*.txt that you want to give bandwidth according to delay pool rules
and don't forget to edit several parameters according to your needs specially IP Address in squid.conf and squidguard.conf
cheers
Total Comments 0