Installing and Configuring SquidNT 2.7 on a Windows Domain
If your company is looking to beef up its security somewhat then a free and flexible proxy is a good thing to have. A proxy such as squidnt sits between your users and the Internet and handles requests, usually for websites. It can provide protection for users and use a web cache to make browsing faster. SquidNT is a free Windows version of the popular linux based proxy.
In this How To Solutions guide I’ll walk you through …
- installing SquidNT
- configuring browsers to use the proxy
- Using user authentication across a Windows domain
- Blocking websites of your choice
- Accessing and reviewing web logs of sites users have visited
I write this merely because nearly all of the documentation is for Linux or is outdated and not centralised. This was installed on a Windows XP machine but I imagine it will work on Windows Server 2003 too.
Installing SquidNT
Download SquidNT 2.7 here – you’re looking under binaries for 2.7 STABLE5, the Standard build type which is in zip format.
Unzip the squid file to your desktop. This should create a squid folder – move it into your C: drive at the top level. Don’t put it in Program Files! Squid doesn’t like spaces in folder structures.
Open up CMD by clicking Start > Run > typing “cmd” > OK. Type in the following commands, pressing Enter after each line.
| cd c:\squid cd sbin squid.exe -i |
Leave the cmd window open. This will install SquidNT as a Windows service – starting it when the computer first boots.
In Windows Explorer navigate to C:\squid\etc. Rename the four files in there so that the .default extensions are removed from all of them.
Next we will create the Squid cache directories. This should improve browser performance by caching websites locally reducing the need to download each item on the webpage. Create the directories by again using CMD to run the following command:
| C:\squid\sbin>squid -z |
We can now start Squid running. Open up Windows services by clicking Start > Control Panel > Administrative Tools > Services. You should see Squid listed there – right click it and Start.
Configuring Browsers
Firefox (v2)
Tools > Options > Advanced > Network tab > Settings.
Click on “Manual proxy configuration” and enter the IP of the machine which SquidNT was installed. For the port use 3128 (the squid default).
Internet Explorer (v7)
Tools > Internet Options > Connections tab > LAN Settings
Under the proxy server section click the “Use a proxy server for your LAN” box. For the server use the IP of the machine SquidNT was installed on and use port 3128 (the default for Squid).
Testing
Once the settings are saved in the browser of your choice then test to make sure you can still access websites. You can see the access logs if you navigate to C:\squid\var\logs\access.log and open it in a text editor.
User Authentication on a Windows domain
If you’re going to run the Squid proxy over a Windows domain using Active Directory then rather than log an IP address you can set Squid to log authenticated users. This comes in particular use when reviewing the logs later on.
Open up Windows Services (Control Panel > Administrative Tools > Services) and stop Squid. You need to go to C:\squid\etc and open the squid.conf file in a text editor.
Go to line 292 which should be a blank line below “#auth_param basic casesensitive off”. Paste in the following and leave a blank line below it.
| auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 |
We then determine the access control list (ACL) that will allow only authenticated users on the network to go through the proxy. Navigate to line 623 (it might be a few lines more due to the previous input!) and look for the blank line below “acl CONNECT method CONNECT”. Paste in the following
| acl localnet proxy_auth REQUIRED src 10.0.0.1/255 |
Note: Change th IP range to suit your specific network. I have used 10.0.0.x as an example but you may use another range.
Once that is pasted in scroll down again until line 649 (again this will be lower due to the two previous pastes. Look for the line that reads “http_access deny manager”. Under that line paste the following…
| http_access allow localnet |
At this point you should save the squid.conf file and restart Squid as a Windows Service. Go back to your favourite web browser and make sure you can still access sites. Again you can check the access logs (C:\squid\var\logs\access.log) to make sure the Windows authentication is being recorded.
Blocking Websites
A very good reason to use a web proxy is to block websites across a network that could be potentially harmful. Again we’ll need to use the squid.conf file to declare which sites to block.
Open up squid.conf and look for where you pasted in “acl CONNECT method CONNECT” around line 628. Create a new blank line BELOW this line. It should be directly above an earlier line you pasted in (acl localnet proxy_auth REQUIRED src 10.0.0.1/255). Paste in the contents below making sure to edit the URLs. I have used Facebook and Myspace as an example but you can use anything.
| acl facebook url_regex facebook.com acl myspace url_regex myspace.com |
This should create something that looks like what is in the box below.
| acl CONNECT method CONNECT acl facebook url_regex facebook.com acl myspace url_regex myspace.com acl localnet proxy_auth REQUIRED src 10.0.0.1/255 |
Now let’s look for line 655 (again it will be somewhere near there but depends on the earlier pastes). Look for the line that reads “# Only allow cachemgr access from localhost”. Make the http_access lines read like in the box below. It is important to make sure “http_access allow localnet” is the last line in this section. If you have added more sites to be blocked then use “http_access deny name”, where ‘name’ is what you defined in the acl section (acl name url_regex urlforname.com).
| http_access allow manager localhost http_access deny manager http_access allow manager localhost http_access deny manager http_access deny facebook http_access deny myspace http_access allow localnet |
Lastly scroll up to line 613 (or there abouts). Look for the section that reads like the box below. We don’t want to include this section so put a hash sign (#) before each acl statement.
| acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network |
Save squid.conf and close the file. Restart the Squid service and make sure your browsers can see the Internet.
Reviewing Web Logs
To review Squid logs I wouldn’t recommend opening the log file in a text editor. I’ve previously used Kraken Reports though it’s not very nice to look at. In fact all free Squid log analysers for Windows I’ve seen are fairly horrible. It would be nice to find a well made one that was more flexible.
Add to Favourites