Proxy Server

Short Description about Proxy Server:

A Proxy Server acts as an intermediary between the computers of a LAN and Internet.

Maximum time proxy server is used for web when it’s an http proxy. There can be proxy servers for every application protocol (such as FTP.).

Squid proxy:

Squid proxy aggregates the requests of many web surfers that use it into a single stream of requests. When the Squid server aggregates multiple outbound connections, it is called a proxy. When it aggregates multiple inbound connections it is called a reverse proxy. This is also called “accelerator mode”.  

There are many reasons to create squid proxy. Two important goals are:

1. Reduce Internet bandwidth charges
2. Limit access to the Web to only authorized users.

The operating principle of a proxy server:

When a user connects to the internet using a client application configured to use a proxy server, the application will first connect to the proxy server and give it its request. The proxy server then connects to the server which the client application wants to connect to and sends that server the request. Then the server gives its reply to the proxy, which then sends it to the application client.

Important Features of Proxy Server:

1.       Caching

2.       Filtering

3.       Authentication

Transparent proxy:

It is possible to limit HTTP Internet access to only the Squid server without having to modify the browser settings on your client PCs. This called a transparent proxy configuration. It is usually achieved by configuring a firewall between the client PCs and the Internet to redirect all HTTP (TCP port 80) traffic to the Squid server on TCP port 3128 (Default port).

 

Quick Simple Proxy Server Configuration on Debian Squeeze:

#apt-get install squid          [2.7.stable9]

Then edit the /etc/squid/squid.conf file:

******ACL Configuration portion******

acl src c.c.c.c/24 [c.c.c.c /24 is the local network]

http_access allow   [Just allow the local net]

[Access can be controlled by various way. Such as , specific website, port, content, time based etc. It depends on requirement]

To restrict specific site:

Create a file with any name in any location with restricted site name. here I create:

/etc/squid/restricted-sites.squid

Then in squid.conf file

acl Badsites dstdomain "/etc/squid/restricted-sites.squid"

http_access deny Badsites

[acl will write in acl section and http_access will write in http_access section before all deny]

Then

Cache_mem MB                 [Not more than RAM/4]

cache_dir aufs /var/spool/squid 100 16 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

emulate_httpd_log on

logformat squid %tl %6tr %>a %Ss/%03Hs %   [To see http format]

visible_hostname

http_port :3128 transparent  [Here I have used default port. Transparent is used for using transparently by without configuring proxy in browser].

Then add the service in startup by

#chkconfig - -level 2345 squid on

In console and restart the service by

#/etc/init.d/squid/restart

IPTABLES Configuration :

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE            [for nat]

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 3128

iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth1 -p tcp --dport 80

iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth1 -p tcp --sport 80

iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth0 -p tcp --sport 80

Now Its ok.

[Don’t follow this for you because this is quick reference for me. You can read some book or websites for your better understanding].

[Reverse proxy, FTP through proxy will submit next time].

Crontab Quick Reference

Setting up cron jobs in Unix and Solaris

cron is a unix, solaris utility that allows tasks to be automatically run in the background at regular intervals by the cron daemon. These tasks are often termed as cron jobs in unix , solaris.  Crontab (CRON TABle) is a file which contains the schedule of cron entries to be run and at specified times.
This document covers following aspects of Unix cron jobs
1. Crontab Restrictions
2. Crontab Commands
3. Crontab file – syntax
4. Crontab Example
5. Crontab Environment
6. Disable Email
7. Generate log file for crontab activity

1. Crontab Restrictions
You can execute crontab if your name appears in the file /usr/lib/cron/cron.allow. If that file does not exist, you can use crontab if your name does not appear in the file /usr/lib/cron/cron.deny.
If only cron.deny exists and is empty, all users can use crontab. If neither file exists, only the root user can use crontab. The allow/deny files consist of one user name per line.

2. Crontab Commands
export EDITOR=vi ;to specify a editor to open crontab file.
crontab -e    Edit your crontab file, or create one if it doesn’t already exist.
crontab -l      Display your crontab file.
crontab -r      Remove your crontab file.
crontab -v      Display the last time you edited your crontab file. (This option is only available on a few systems.)

3. Crontab file
Crontab syntax :
A crontab file has five fields for specifying day , date and time followed by the command to be run at that interval.

*     *   *  *   *  command to be executed -     -    -   -  - |     |     |   |    | |     |     |   |    +----- day of week (0 - 6) (Sunday=0) |     |     |   +------- month (1 - 12) |     |     +--------- day of month (1 - 31) |     +----------- hour (0 - 23) +------------- min (0 - 59)

* in the value field above means all legal values as in braces for that column.
The value column can have a * or a list of elements separated by commas. An element is either a number in the ranges shown above or two numbers in the range separated by a hyphen (meaning an inclusive range).
Notes
A. ) Repeat pattern like /2 for every 2 minutes or /10 for every 10 minutes is not supported by all operating systems. If you try to use it and crontab complains it is probably not supported.
B.) The specification of days can be made in two fields: month day and weekday. If both are specified in an entry, they are cumulative meaning both of the entries will get executed .

4. Crontab Example
A line in crontab file like below removes the tmp files from /home/someuser/tmp each day at 6:30 PM.
30     18     *     *     *         rm /home/someuser/tmp/*
Changing the parameter values as below will cause this command to run at different time schedule below :

min	hour	day/month	month	day/week	Execution time
30	0	1	1,6,12	*	– 00:30 Hrs  on 1st of Jan, June & Dec.
0	20	*	10	1-5	–8.00 PM every weekday (Mon-Fri) only in Oct.
0	0	1,10,15	*	*	– midnight on 1st ,10th & 15th of month
5,10	0	10	*	1	– At 12.05,12.10 every Monday & on 10th of every month
:

Note : If you inadvertently enter the crontab command with no argument(s), do not attempt to get out with Control-d. This removes all entries in your crontab file. Instead, exit with Control-c.

5. Crontab Environment
cron invokes the command from the user’s HOME directory with the shell, (/usr/bin/sh).
cron supplies a default environment for every shell, defining:
HOME=user’s-home-directory
LOGNAME=user’s-login-id
PATH=/usr/bin:/usr/sbin:.
SHELL=/usr/bin/sh
Users who desire to have their .profile executed must explicitly do so in the crontab entry or in a script called by the entry.

6. Disable Email
By default cron jobs sends a email to the user account executing the cronjob. If this is not needed put the following command At the end of the cron job line .
>/dev/null 2>&1

7. Generate log file
To collect the cron execution execution log in a file :
30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log