f r 1sas

8/10/2019 f r 1sas

1/47

Configuration of Proxy Server

GRWP Tasgaon Page 1

1.INTRODUCTION

1.1 PROBLEM DEFINITION:-

We can block unwanted websites by words, by websites, by sentence.

To speed up access to resources using caching. Faster Internet Connections for Internal LAN.Secure the Internal LAN When browsing the Internet. Blocks the unwanted activity by clients on

the www.

1.2 OBJECTIVE

Squid is a high-performance HTTP and FTP caching proxy server. It isalso known as a Web proxy cache. It can make your network connections more efficient. As it

stores data from frequently used Web pages and files, it can often give your users the data they

need without having to look to the Internet.

Studies on very busy networks suggest that a Squid server can reduce thesize, or bandwidth, of your Internet connection by 10-20 percent. That can lead to considerable

savings for larger office.

8/10/2019 f r 1sas

2/47


GRWP,Tasgaon Page 2

2. PLANNING AND SYSTEM

2.1 STUDY OF EXISTING SYSTEM:-

In existing System we block the website using Internet

browser setting but it take more time and effort. In LAN connection if we want to block some

website then we require configure internet setting in all machines in that LAN. But there is

possibility to user can change this setting of machine in LAN connection in school and colleges.

Using proxy server we can avoid all this possibilities and efforts. So we require configure proxy

server on main server of that LAN.

2.2 PROPOSED SYSTEM:-

In our whole project we mostly concentrate on configuring proxy

server using two features that are blocking website and cashing most frequently webpages.

For that purpose we need to install the following:-

1] Red Hat Enterprise Linux

2] Bind Packages

3] Squid package

In the LINUX operating system proxy server is also called squid

proxy server. In our system all machines are connected to Proxy server. User can not directly

access Internet connection. If user wants to Internet connection then it has to be send request to

the first proxy server. When proxy server accept this request then he first check it is accessible or

not in the directory. If this request is accessible then it send to main server and main server. If

request is dined then he sends response to user that is access dined.

And also proxy server cashing most frequently WebPages. If therequested webpage is store in cache then proxy server give response that webpage without

forwarding this request to the main server.

8/10/2019 f r 1sas

3/47

8/10/2019 f r 1sas

4/47


GRWP,Tasgaon Page 4

Types of Proxy Server

Transparent Proxy:-

A Transparent Proxy Server tells the remote Computer the IP Address of

your Computer. This provides no privacy. Anonymous Proxy Servers can further be broken

down into two more categories, Elite and Disguised. An Elite Proxy Server is not identifiable to

the remote computer as a Proxy in any way. A Disguised Proxy Server gives the remote

computer enough information to let it know that it is a Proxy, however it still does not give away

the IP of the Computer it is relaying information for.

Open proxy:-

An open proxy is a proxy server which will accept client.connections fromany IP address and make connections to any Internet resource. Abuse of open proxies is currently

implicated in a significant portion of e-mail spam delivery. Spammers frequently install open

proxies on unwitting end users' operating systems by means of computer viruses designed for

this purpose. Internet Relay Chat (IRC) abusers also frequently use open proxies to cloak their

identities.

Anonymous Proxy

This type of proxy server identifies itself as a proxy server, but does not make

the original IP address available. This type of proxy server is detectable, but provides reasonableanonymity for most users.

Distorting Proxy

This type of proxy server identifies itself as a proxy server, but make an

incorrect original IP address available through the http headers.

High Anonymity Proxy:-

This type of proxy server does not identify itself as a proxy server and does not make available

the original IP.

8/10/2019 f r 1sas

5/47


GRWP,Tasgaon Page 5

3. REQUIREMENT ANALYSIS

3.1 Software Requirement :

1. Red Hat Linux Enterprise Edition 5.

2. Squid Package.

3. Bind Package.

Advantages of Linux :

Multitasking:

Several programs can run at the same time.

Multiuser:

Several users can logon to the same machine at the same time. There is no need to

have separate user licenses.

Multiplatform:

Linux runs on many different CPUs that mean it supports multiprocessor

machine.

Demand loads executables:

Linux only reads from those parts of a program that are actually used on the disk.

8/10/2019 f r 1sas

6/47


GRWP,Tasgaon Page 6

3.2 HARDWARE REQUIREMENT

PROCESSOR 32-bit/64-bit Pentium 4

RAM 4 GB

(may vary depends on number of

clients)

Hard Disk

Ethernet Cards

300 GB

(As there are number of users have

own disk space)

Two

8/10/2019 f r 1sas

7/47


GRWP,Tasgaon Page 7

4. DESIGN METHODLOGY

4.1 System Architecture

This field gives the overall information of the project via diagrammatic

structure. The system architecture contain following fields:-

1. Installing Red Hat Enterprise Linux 5 server.

2. Configuration of Network services.

3. Configuration of squid.

4. Etc

The diagrammatic representation shows how the system will work. Also is

shows that how the data should flow in overall system. The explanation

Related to the system architecture is as following:-

1. Installing Red Hat Linux 5:-

Linux operating system is very secure and its file system is very Strong. So

we choose the Linux operating system &install Linux Red Hat RHEL5.

2. Configuration of Network services:-

In the configuration of Network services we configure Host file & assign

IP.

3.

Configuration of squid:-

Then configure this file using different acl(Access Control List) statements.

a. Deny access to specific user

b. Deny access by websites

c. Deny access by time

d. Allow websites

e. Caching recently requested web pages

8/10/2019 f r 1sas

8/47


GRWP,Tasgaon Page 8

SYSTEM ARCHITECTURE

C1 C2 C3 C4

Proxy Server

Installing

RHEL 5 server

Administrator

Configure

Network

services

Implement

Proxy

Assigning

IP

Configure

host file

Configure

Squd.conf file

Deny access to

specific userDeny access

to Website

Deny Access

by time

Allow

Websites

Cashing

Web pages

Web Server

8/10/2019 f r 1sas

9/47


GRWP,Tasgaon Page 9

DATA FLOW DIAGRAMS

DFD Level 1

aw

Web

Server

Main Server

Proxy

Server

C1

C2

C3

C4

8/10/2019 f r 1sas

10/47


GRWP,Tasgaon Page 10

DFD LEVEL 2

Web

Server

C1

C2

C3

C4

Main Server

ProxyServer

CashingBlocking Log

8/10/2019 f r 1sas

11/47



DFD LEVEL 3

Web

Server

Cashing

C1

C2

C3

Main Server

Proxy

Server

BlockingLog

Directory

Hard

Disk

Deny

access to

specific

user

Deny

Access

by time

Deny

access

to

Websit

Log

Report

8/10/2019 f r 1sas

12/47



UML DIAGRAM

UML (Unified Modeling Language)

UML is a (Unified Modeling Language).It is a standard language for writing software blueprints.

The UML is used to

a) Visualize

b) Specify

c) Construct

d) Document the artifacts of software-intensive system.

We implement three types of UML diagrams that are

1. Use case Diagram

2. Sequence Diagram

3. Activity Diagram

1. Use case Diagram:-

Use case diagram is useful to view a set of use cases that is special type of

class and their relationships.

2. Sequence Diagram:-

In Sequence diagram an interaction is made up of set of objects and their

relationships

3. Activity Diagram:-

Activity Diagram represents the flow from activity to activity within a system. It is type of State

chart diagram.

8/10/2019 f r 1sas

13/47



1. USE CASE DIGRAM

User

Proxy Server

Request web site

Filtering web site

Allow and deny

specific web sites

Deny access to

s ecific user

Caching web sites

Response for

Allow web site

Maintain log record

Administrat

8/10/2019 f r 1sas

14/47



2. SEQUENCE DIAGRAM

USER PROXY SERVER MAIN SERVER

1. Request for web side

2. Filtering

3. Allow the web side

5. Blocked web sit

6. Response to website

4. Response to web site

10. Response to web page

7. Most frequently web pages

8. Check it is in cache

9. Web page found

11. Web page not found

12. Request to main server

13. Response for web pages

5. Caching

16. Maintain log records

15. Response for webpage 14. Cashing

8/10/2019 f r 1sas

15/47



3. ACTIVITY DIAGRAM

User

Proxy Server

Filtering

Check it is

in cache

Main Server

Send

Response

Send

response to

proxy server

Send Request Access is denied

Block Website

Allow Websites

Not found in cache

Found in cache

Send

Response

8/10/2019 f r 1sas

16/47

8/10/2019 f r 1sas

17/47



Step 2: - Keyboard Configuration

Next step is to select the correct layout type (for example U.S. English)for the

keyboard you would prefer to use for the installation and as the system default as shown in fig 5.2.

Figure 5.2. Keyboard Configuration

Once selecting the appropriate type then click on Next to continue.

8/10/2019 f r 1sas

18/47



Step 3: - Disk Partitioning Setup

Partitioning allows you to divide your hard drive into isolated sections,

where each section behaves as its own hard drive. Partitioning is particularly useful if you run

multiple operating systems. On this screen, we choose to perform automatic partitioning.

Step 4: - Automatic Partitioning

While doing automatic partitioning the three options are:

A] Remove all Linux partitions on this system

B] Remove all partitions on this system:-

We select this option to remove all partitions on your hard drive.

C] Keep all partitions and use existing free space

Figure5.3. Automatic Partitioning

8/10/2019 f r 1sas

19/47



Clicking Next to continue.

Step 5: - Partitioning Your System

If you chose automatic partitioning and selected Review, you can eitheraccept the current partition settings (click Next), or modify the setup using Disk Druid, the

manual partitioning tool.

If you chose to partition manually, you must tell the installation program

where to install Red Hat Enterprise Linux. This is done by defining mount points for one or more

disk partitions in which Red Hat Enterprise Linux is installed. You may also need to create

and/or delete partitions at this time.

Figure5.4 Partitioning with Disk Druid on x86, AMD64, and Intel EM64T Systems

8/10/2019 f r 1sas

20/47



Figure5.5. Partitioning with Disk Druid on Itanium Systems

Step 5.1: - Adding partitions

To add a new partition, select the New button

Step 5.5:- Adding Partitions

To add a new partition, select the Newbutton.

8/10/2019 f r 1sas

21/47



Fig.5.6. Creating a New Partition

Mount Point:-

Enter the partition's mount point. For example, if this partition should be the root

partition, enter /; enter /boot for the /boot partition, and so on.

File System Type:-

Using the pull-down menu, select the appropriate file system type for this partition.

Allowable Drives:

This field contains a list of the hard disks installed on your system. If a hard disk's

box is highlighted, then a desired partition can be created on that hard disk. If the box is notchecked, then the partition will never be created on that hard disk. By using different checkbox

settings, you can have Disk Druid place partitions where you need them, or let Disk Druid decide

where partitions should go.

8/10/2019 f r 1sas

22/47



Size (MB):

Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB;

unless changed only a 100 MB partition will be created.

Additional Size Options:

Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the

available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard

drive space available.

Step 6: - Network Configuration

Figure 6.1 Network Configurations

The installation program automatically detects any network devices you have and

display them in the Network Devices list.

8/10/2019 f r 1sas

23/47



Once you have selected a network device, click Edit. From the Edit

Interface pop-up screen, you can choose to configure the IP address and Netmask of the device

via DHCP (or manually if DHCP is not selected) and you can choose to activate the device at

boot time. If you select Activate on boot, your network interface is started when you boot. If you

do not have DHCP client access or you are unsure what to provide here, please contact your

network administrator.

Figure 6.2 Editing a Network Device

8/10/2019 f r 1sas

24/47



Step 7: - Firewall Configuration

Red Hat Enterprise Linux offers firewall protection for enhanced system

security. A firewall exists between your computer and the network, and determines which

resources on your computer remote users on the network can access.

Figure7.1. Firewall Configuration

Next, we decide whether to enable a firewall for your Red Hat Enterprise Linux system.

8/10/2019 f r 1sas

25/47



No firewall

No firewall provides complete access to your system and does no security checking.

Security checking is the disabling of access to certain services. This should only be selected if

you are running on a trusted network (not the Internet) or plan to do more firewall configuration

later.

Enable firewall

If you choose Enable firewall, connections are not accepted by your system (other

than the default settings) that is not explicitly defined by you. By default, only connections in

response to outbound requests, such as DNS replies or DHCP requests are allowed. If access to

services running on this machine is needed, you can choose to allow specific services through the

firewall. If you are connecting your system to the Internet, this is the safest option to choose.

Next, select which services, if any, should be allowed to pass through the firewall.

Enabling these options allow the specified services to pass through the firewall. Note, these

services may not be installed on the system by default. Make sure you choose to enable any

options that you may need.

Remote Login (SSH)

Secure Shell (SSH) is a suite of tools for logging in to and executing commands on a

remote machine. If you plan to use SSH tools to access your machine through a firewall, enablethis option. You need to have the openssh-server package installed in order to access your

machine remotely, using SSH tools.

Web Server (HTTP, HTTPS)

The HTTP and HTTPS protocols are used by Apache (and by other Web servers) to

serve WebPages. If you plan on making your Web server publicly available, enable this option.

This option is not required for viewing pages locally or for developing WebPages. You must

install the httpd package if you want to serve WebPages.

File Transfer (FTP)

The FTP protocol is used to transfer files between machines on a network. If you

plan on making your FTP server publicly available, enable this option. You must install the

vsftpd package in order to publicly serve files.

8/10/2019 f r 1sas

26/47



Mail Server (SMTP)

If you want to allow incoming mail delivery through your firewall, so that remote

hosts can connect directly to your machine to deliver mail, enable this option. You do not need toenable this if you collect your mail from your Internet Service Provider's server using POP3 or

IMAP, or if you use a tool such as fetch mail. Note that an improperly configured SMTP server

can allow remote machines to use your server to send spam.

Three states are available for you to choose from during the installation process:

i) Disable

Select Disable if you do not want SELinux security controls enabled on this

system. The Disabled setting turns enforcing off and does not set up the machine for the use of a

security policy.

ii) Warn

Select Warn to be notified of any denials. The Warn state assigns labels to data

and programs, and logs them, but does not enforce any policies. The Warn state is a good starting

place for users who eventually want a fully active SELinux policy, but who first want to see what

effects the policy would have on their general system operation.

iii) Active

Select Active if you want SELinux to act in a fully active state. The Active

state enforces all policies, such as denying access to unauthorized users for certain files and

programs, for additional system protection. Choose this state only if you are sure that your

system can still properly function with SELinux fully enabled.

Step 8: - Language Support Selection

We select a language to use as the default language. The default language is the

language used on the system once the installation is complete. Typically, the default language is

the language you selected to use during the installation.

8/10/2019 f r 1sas

27/47



Figure8.1. Language Support Selection

Step 9:- Time Zone Configuration

Set your time zone by selecting the city closest to your computer's physical location.

There are two ways for you to select your time zone:

Using mouse, click on the interactive map to select a specific city (represented by a yellow dot).

A red Xappears indicating your selection.

We can also scroll through the list at the bottom of the screen to select your time zone. Using

your mouse, click on a location to highlight your selection.

8/10/2019 f r 1sas

28/47



Figure9.1. Configuring the Time Zone

Step 10:- Set Root Password

Setting up a root account and password is one of the most important steps during

your installation. Your root account is similar to the administrator account used on Windows NT

machines. The root account is used to install packages, upgrade RPMs, and perform most system

maintenance. Logging in as root gives you complete control over your system.

8/10/2019 f r 1sas

29/47



Figure 10.1 Root Password

Step 11: - Package Group Selection

The Package Installation Defaults screen appears and details the default package set for

your Red Hat Enterprise Linux installation. This screen varies depending on the version of Red Hat

Enterprise Linux you are installing.

To customize your package set further, select Customize the set of packages to be installed

option on the screen. Clicking Next takes you to the Package Group Selection screen.

You can select package groups, which group components together according to function

(for example, X Window System and Editors), individual packages, or a combination of the two.

8/10/2019 f r 1sas

30/47



Figure 11.1 Package Group Selection

Select each component you wish to install. Selecting Everything (at the end of the

component list) installs all packages included with Red Hat Enterprise Linux. Once a package

group has been selected, click on Details to view which packages are installed by default, and to

add or remove optional packages from that group.

8/10/2019 f r 1sas

31/47



Figure11.2 Package Group Details

A screen preparing you for the installation of Red Hat Enterprise Linux now appears.

Step 12: - Installation Complete

Congratulations! Your Red Hat Enterprise Linux installation is now complete!

8/10/2019 f r 1sas

32/47

8/10/2019 f r 1sas

33/47



# TAG: http_access

# Allowing or Denying access based on defined access lists

#

# Access to the HTTP port:

# http_access allow|deny [!]aclname ...

#

# NOTE on default values:

# If there are no "access" lines present, the default is to deny

# the request.

#

# If none of the "access" lines cause a match, the default is the

# opposite of the last line in the list. If the last line was

# deny, the default is allow. Conversely, if the last line

# is allow, the default will be deny. For these reasons, it is a

# good idea to have an "deny all" or "allow all" entry at the end

# of your access lists to avoid potential confusion.

#

#Default:

# http_access deny all

##Recommended minimum configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to unknown ports

http_access deny !Safe_ports

8/10/2019 f r 1sas

34/47



#

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src 192.168.1.0/24 192.168.2.0/24

#http_access allow our_networks

# And finally deny all other access to this proxy

http_access allow localhost

http_access deny web_deny

http_access allow allow_network

http_access deny all

# TAG: http_reply_access

# Allow replies to client requests. This is complementary to http_access.

#

# http_reply_access allow|deny [!] aclname ...

#

# NOTE: if there are no access lines present, the default is to allow

# all replies

8/10/2019 f r 1sas

35/47



#

# If none of the access lines cause a match the opposite of the

# last line will apply. Thus it is good practice to end the rules

# with an "allow all" or "deny all" entry.

#

#Default:

# http_reply_access allow all

#

#Recommended minimum configuration:

#

# Insert your own rules here.

#

#

# and finally allow by default

http_reply_access allow all

# TAG: icp_access

# Allowing or Denying access to the ICP port based on defined

# access lists

#

# icp_access allow|deny [!]aclname ...

#

# See http_access for details

#

8/10/2019 f r 1sas

36/47



# OPTIONS WHICH AFFECT THE CACHE SIZE

# -----------------------------------------------------------------------------

# TAG: cache_mem (bytes)

# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS

SIZE.

# IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID

WILL

# USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR

OTHER

# THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.

#

# 'cache_mem' specifies the ideal amount of memory to be used

# for:

# * In-Transit objects

# * Hot Objects

# * Negative-Cached objects

#

# Data for these objects are stored in 4 KB blocks. This

# parameter specifies the ideal upper limit on the total size of

# 4 KB blocks allocated. In-Transit objects take the highest

# priority.

#

# In-transit objects have priority over the others. When

# additional space is needed for incoming data, negative-cached

# and hot objects will be released. In other words, the

# negative-cached and hot objects will fill up any unused space

# not needed for in-transit objects.

8/10/2019 f r 1sas

37/47



# If circumstances require, this limit will be exceeded.

# Specifically, if your incoming request rate requires more than

# 'cache_mem' of memory to hold in-transit objects, Squid will

# exceed this limit to satisfy the new requests. When the load

# decreases, blocks will be freed until the high-water mark is

# reached. Thereafter, blocks will be used to store hot

# objects.

#

#Default:

cache_mem 8 MB

# TAG: cache_swap_low (percent, 0-100)

# TAG: cache_swap_high (percent, 0-100)

#

# The low- and high-water marks for cache object replacement.

# Replacement begins when the swap (disk) usage is above the

# low-water mark and attempts to maintain utilization near the

# low-water mark. As swap utilization gets close to high-water

# mark object eviction becomes more aggressive. If utilization is

# close to the low-water mark less replacement is done each time.

#

# Defaults are 90% and 95%. If you have a large cache, 5% could be

# hundreds of MB. If this is the case you may wish to set these

# numbers closer together.

#

8/10/2019 f r 1sas

38/47

8/10/2019 f r 1sas

39/47



# TAG: cache_access_log

# Logs the client request activity. Contains an entry for

# every HTTP and ICP queries received. To disable, enter "none".

#

#Default:

cache_access_log /var/log/squid/access.log

# TAG: cache_log

# Cache logging file. This is where general information about

# your cache's behavior goes. You can increase the amount of data

# logged to this file with the "debug_options" tag below.

#

#Default:

cache_log /var/log/squid/cache.log

# TAG: cache_store_log

# Logs the activities of the storage manager. Shows which

# objects are ejected from the cache, and which objects are

# saved and for how long. To disable, enter "none". There are

# not really utilities to analyze this data, so you can safely

# disable it.

#

#Default:

cache_store_log /var/log/squid/store.log

8/10/2019 f r 1sas

40/47



# TAG: cache_swap_log

# Location for the cache "swap.state" file. This log file holds

# the metadata of objects saved on disk. It is used to rebuild

# the cache during startup. Normally this file resides in each

# 'cache_dir' directory, but you may specify an alternate

# pathname here. Note you must give a full filename, not just

# a directory. Since this is the index for the whole object

# list you CANNOT periodically rotate it!

#

# If %s can be used in the file name it will be replaced with a

# a representation of the cache_dir name where each / is replaced

# with '.'. This is needed to allow adding/removing cache_dir

# lines when cache_swap_log is being used.

#

# If have more than one 'cache_dir', and %s is not used in the name

# these swap logs will have names such as:

## cache_swap_log.00

# cache_swap_log.01

# cache_swap_log.02

#

# The numbered extension (which is added automatically)

# corresponds to the order of the 'cache_dir' lines in this

# configuration file. If you change the order of the 'cache_dir'

# lines in this file, these log files will NOT correspond to

# better to keep these log files in each 'cache_dir' directory.

#

8/10/2019 f r 1sas

41/47



In this way we block this web site using acl statements. We also create recode for cashing most

frequently web pages.

Web-deny

www.facebook .com

www.youtube.com

www.rediffmail.com
http://www.youtube.com/http://www.youtube.com/

8/10/2019 f r 1sas

42/47

8/10/2019 f r 1sas

43/47

8/10/2019 f r 1sas

44/47



ADVANTAGES

Faster internet connection for LAN.

Secure the LAN when browsing the internet.

Blocks the unwanted activity by clients on the http.

Allow the internet access to the authorized users only.

Always watch & filter the sensitive data.

Proxy Server is give to speed up access to resource using cashing.

Do the acceleration of web page.

8/10/2019 f r 1sas

45/47



FUTURE ENHANCEMENT

In advance we implement following features of proxy server

SMTP Proxy

Implementation of firewall in proxy server

Anonym zing proxy

Open proxy

Forced proxy

8/10/2019 f r 1sas

46/47



9. CONCLUSION

In our project finally we conclude that Proxy Server is a invisible to the user. All

internet request & returned responses appear to be directly with the addressed internet server. It is act as aboth server as well as server. It reduces Network traffic and they could regulate, allowing disallowing

certain communication. It is able to share single internet connection.

Proxy server used in LAN connections, school, colleges etc.

8/10/2019 f r 1sas

47/47


10. Bibliography

Books:

Computer Network :- Andrew S. Tanenbumb.

The Complete Reference Book :- Oraig Zacker.

Web site:

www.squidproxy.net

www.adeelkml.tk

www.linux.org
http://www.squidproxy.net/http://www.adeelkml.tk/http://www.linux.org/http://www.linux.org/http://www.adeelkml.tk/http://www.squidproxy.net/

f r 1sas

Documents