The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server.
Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn’t have to load again from the Web site. Instead it loads instantaneously from the proxy server.
Proxy servers have two main purposes:
Proxy servers can dramatically improve performance for groups of users. This is because it saves the results of all requests for a certain amount of time. Consider the case where both user X and user Y access the World Wide Web through a proxy server. First user X requests a certain Web page, which we’ll call Page 1. Sometime later, user Y requests the same page. Instead of forwarding the request to the Web server where Page 1 resides, which can be a time-consuming operation, the proxy server simply returns the Page 1 that it already fetched for user X. Since the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers support hundreds or thousands of users. The major online services such as America Online, MSN and Yahoo, for example, employ an array of proxy servers.
Proxy servers can also be used to filter requests. For example, a company might use a proxy server to prevent its employees from accessing a specific set of Web sites.
How to Do it
Let us take a look at how you can install a proxy server such as Squid and use it for a variety of purposes. Say, you have the following requirements at hand:
1. Deny access to some websites. For example, deny access to www.facebook.com for all users
2. Create authentication mechanism with at least two users.
3. Block a specific website to a specific user. For example, deny access to www.youtube.com for user1 and www.gmail.com for user2.
4. Block flash content.
How do we go about doing this? Let us see how it can be done step-by-step:
Installation of the Squid proxy server is simple and strightforward. We will use yum for this purpose:
# yum install squid
The installation path for Squid is /etc/squid
Once the installation is complete, we need to make necessary changes to the Squid configuration file/etc/squid/squid.conf
The default port in the conf file will be 3128. It will appear as follows:
You can change it to some other unused port for security reasons.
Now, the step is to set up an authentication mechanism for users who are allowed to use the proxy server. There are many ways of doing this but we will stick with the simplest one as shown below:
Creating passwd file to store username and encrypted password:
chown root.squid /etc/squid/passwd
chmod 640 /etc/squid/passwd
Using the built in UNIX authentication tool to generate user password:
htpasswd /etc/squid/passwd user1
htpasswd /etc/squid/passwd user2
Now, we have create two users ‘user1′ and user2’ and assigned respective password for them.
The next step is to create the rules of access. This is done by defining access control lists (ACLs).
Editing the /etc/squid/squid.conf file and adding the required rules:
1. Block facebook:
acl globalblk dstdomain .facebook.com
http_access deny globalblk
2. User authentication and selective blocking of websites for users:
acl my_auth proxy_auth REQUIRED
acl usrgrp1 proxy_auth user1
acl usrgrp2 proxy_auth user2
acl blkdom1 dstdomain .youtube.com
acl blkdom2 dstdomain .gmail.com
http_access deny usrgrp1 blkdom1
http_access deny usrgrp2 blkdom2
http_access allow my_auth
http_access deny all
3. Block flash content:
acl mimeblock rep_mime_type video/x-flv
http_reply_access deny mimeblock
After adding the required rules, we need to restart the Squid service.
Restart squid service:
service squid restart
You have successfully configured a proxy server!