SquidGuard: Instalasi di Ubuntu 16.04

From OnnoWiki
Revision as of 09:33, 23 June 2017 by Onnowpurbo (talk | contribs) (Created page with " After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


After reading a lot of guides on how to set this up, I never found one guide that didn't leave something out that made me have to search for some answers.. I've made a very straightforward and simple guide on how to setup Squid/SquidGuard on a network.. If you have any questions or something in the guide is left out/wrong, please let me know.

How to setup a Squid Server with SquidGuard Protecting your Network from Ads/Spyware/Malware Follow this guide at your own risk! I will not be held responsible for any damages

For this guide, we are going to use Ubuntu 14.04.1 LTS, I will assume that you have the knowledge on how to install an Ubuntu Server on hardware or a VM. Also, set a static IP for the server.

Just follow these commands, and you’ll be up and running!

1. sudo apt-get update 2. sudo apt-get upgrade 3. sudo apt-get install squid3 4. sudo nano /etc/squid3/squid.conf 5. You can actually just copy and paste this into the squid.conf, everything is commented out.. Just change the hostname to the hostname of the server.. visible_hostname your-machines-hostname http_port 3128 cache_dir ufs /var/spool/squid 1000 16 256 cache_access_log /var/log/squid/access.log 6. Add this also to your squid.conf “intranet” is just the name of the group you are making to allow access to the squid server. Make sure you use your IP range and correct subnet. You can make additional groups if needed, either to allow or deny them. The next is giving access to the group, “intranet”. acl intranet 10.50.0.0/32 http_access allow intranet 7. sudo service restart squid3

Now, you have a fully working squid server that is going to only allow the IP range of 10.50.0.0/32. If someone tries to connect to the proxy server in a different IP range, they will be blocked by the proxy. You can use this to limit access to certain departments and groups as well as set up times which they can allow internet access.. That is for a more in-depth guide. To test your proxy with Firefox, go to options, Advance, Network, Connection Settings. Enter your proxy’s IP and proxy’s port number. Default port number is 3128 as we set in the squid.conf. If you want to use a different port number, edit it in the squid.conf under “http_port”.


Now, it’s time to install SquidGuard! 1. sudo apt-get install squidguard 2. sudo mkdir /opt/3rdparty We are going to use the list from shalalist.de for “testing”, since it’s 100% free for non-commerical. For a bigger and much more through blacklist, I use http://urlblacklist.com/. It’s free to try once, and has different pricing tiers for person/school/business. 3. sudo wget http://www.shallalist.de/Downloads/shallalist.tar.gz 4. sudo tar xzf shallalist.tar.gz 5. sudo cp -a /opt/3rdparty/BL/porn/var/lib/squidguard/db sudo cp -a /opt/3rdparty/BL/adv/var/lib/squidguard/db sudo cp -a /opt/3rdparty/BL/spyware /var/lib/squidguard/db 6. Add this to /etc/squid3/squid.conf , type “sudo nano /etc/squid3/squid.conf” url_rewrite_program /usr/bin/squidGuard 7. sudo squidGuard -C all 8. chown -R proxy:proxy /var/lib/squidguard/db 9. Add this to my /etc/squid3/squid.conf type, “sudo nano /etc/squid3/squid.conf” url_rewrite_program /usr/bin/squidGuard

Now, we need to edit the squidGuard.conf

I recommend to make a backup of your squidGuard.conf then making a new one.. 1. sudo cp /etc/squidguard/squidGuard.conf /etc/squidGuard.conf.bak 2. sudo rm /etc/squidguard/squidGuard.conf 3.sudo nano /etc/suqidgurd/squidGuard.conf Copy and paste this,

  2. CONFIG FILE FOR SQUIDGUARD

dbhome /usr/local/squidGuard/db logdir /usr/local/squidGuard/logs dest porn { domainlist porn/domains urllist porn/urls } dest adv { domainlist adv/domains urllist adv/urls } dest spyware { domainlist spyware/domains urllist spyware/urls } acl { default { pass !porn !adv !spyware all redirect http://localhost/block.html } } You can test your squidguard by doing a dry run sudo echo "http://www.pornhub.com 10.50.55.10/- - GET" | squidGuard -c /etc/squidguard/squidGuard.conf –d

You should see, squidGuard ready for requests squidGuard stopped If there are errors, it will tell you.. The most likely errors you’ll run into are permission issues.. If it gives you permission issues with your database, make sure that you set the user and group named “proxy” ownership. You can tell that by “sudo ls -l /var/lib/squidguard/db*”

You can now use the Firefox browser you setup to use with your proxy server to make sure you are blocking porn and ads. For better protection, I recommend using the blacklist from, http://urlblacklist.com/


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=SquidGuard:_Instalasi_di_Ubuntu_16.04&oldid=48867"