Episode #341: Introduction to Using Squid Web Proxy Server

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello again as you know I'm Eli the computer guy and this is episode 341 introduction to using squid web proxy servers so squid web proxy servers are so cool once you start using squid web proxy servers you will wonder why you have not been using them for the past decade you will wonder why proxy servers went into the dustbin of history and many people don't think about them anymore basically what a proxy server is is a proxy server is a server on your network that the other computers on your network connect to to go out to the internet so proxy servers were really big very important back in the 1990s because if you wanted to have multiple computers be able to get out onto the Internet they all had to go through a proxy server well sometime way back when it was like 12 years ago 13 years ago NAT started to be put into all routers what NAT is is that as something called network address translation this means that individual computers and devices on the network can directly connect to the router and go out and speak to the internet now without nap without network address translation that is not possible and that is why we used to use proxy servers so if you wanted to use Internet Explorer if you wanted 10 computers on a network to be able to use Internet Explorer to go out and browse the Internet back in the 1990s they all had to connect to your proxy server and then the proxy server connected out to the Internet basically the proxy server is what routed all web traffic then as I say sometime around 1999 the early 2000 timeframe nat network address translation was pushed out into mass consumption devices and proxy servers went the way of the dodo essentially they were out there but people really didn't use them a lot well squid proxy server is simply an open-source version of a proxy server that can be stole on to a Linux server so this can be installed onto a bug to the students on descent OS so on and so forth now what I have found is that with squid squid can be very very very functional in the modern world so again like I said a lot of us a lot of old timers we remember proxy servers from the way old days and we were really happy to throw those darn things into the trash can but what I have found in the modern world is that proxy service can actually be very useful and since basically you can install squid proxy onto a Linux box you can get a free squid server that can do a lot of functional things for you so basically you can just grab some old crappy computer that you have collecting dust installed and bunch you onto it install squid onto it configure it and it will be a nice proxy server so the question that you're probably thinking eli's like well okay now you're saying squid or proxy servers were important 12 years ago then you're saying they weren't important now you're saying they are important well why is that well let's go over the whiteboard so I can show you and kind of explain to you why proxy servers are really useful nowadays so the thing with proxy servers the proxy server can do a number of different functions for your network and in different classes I will show you these different functions today I would actually I would just show you how to install the squid proxy and how to connect to it and do one configuration but in the future I will show you how to do more so the overall idea of a squid proxy servers you have the proxy server here and then all your computers that you're trying that you want to get out to the Internet will connect to that proxy server that proxy server then connects to the router which then connects to the Internet so all the web traffic is now going through this proxy server and out to the router now if you were a smart technician if you are a newbie but if you're a smart technician what you're thinking is Eli don't we want to make our systems as as possible by adding a proxy server to the middle here doesn't that make things more complicated or more prone to break why would we not just have all of these individual computers connect directly to a router and bypass something like a proxy server well the reason is is because the proxy server can give you a couple of nifty neat features the main feature it can give you is cash cash is phenomenal for the proxy server so what happens is when one computer goes out on to the Internet and let's say this computer goes out and it downloads the latest version of Ubuntu so you want to download a version currently it's 12.04 right and you want to download it to this computer well the first time this computer goes out through the proxy through the router out to the Internet it's going to take you 30 minutes let's say to download that it want to file to your computer why because it's grabbing about the Internet and it will only be 30 minutes if you have a pretty good internet connection it might be a lot longer if you have crappy internet connection right well what happens when the second computer computer number 2 wants to download Ubuntu in a normal network configuration with NAT what would happen is a computer the second computer will go out to the Internet and it would also download the entire file and that would take another 30 minutes and if another computer want to download the exact same file it would take another 30 minutes so on so forth it would take up a lot of bandwidth it would take a lot of time it's just really tedious and horrible well with a proxy service squid proxy server you can configure a cache so that when computer number 1 downloads the Ubuntu operating system it will be downloaded to their computer but it will also be stored in cache on the proxy server so the proxy server has its own hard drive and you can configure the size of the cache and whenever a computer going through the proxy server goes out to a website or downloads a file from the internet that proxy server will cache it onto the hard drive it will store it on the hard drive so that means a first computer when it down Ubuntu operating system will take 30 minutes well then the second computer when it goes to download Ubuntu the proxy server will see it already has a local copy of the Ubuntu operating system and so it will transfer it locally what that means is you have no additional pull on your bandwidth you're not using any internet connection because it's now a local transfer and it will be really really really fast so instead of going over an internet connection that might be 10 megabits per second or if you're really lucky 100 megabits per second you can be transferring this data over your local area network at a gate per second so the first thing that's really important and really freaking awesome about squid is this cache this is amazing a Kevin one of my assistants when I had the shop open the last time he set up a squid proxy server basically so that we could cache all of the Microsoft updates so remember our benches would have anywhere between 4 to 10 computers all doing updates at the exact same time right well if they are all connecting out to Microsoft comm and pulling the data in that bogs up our internet connection and also takes a long time because they're all going out to the Internet they're all pulling in the exact same data right well since Kevin set up the proxy server all those updates got cached on the proxy server and then the first computer to get updated all that information will you cache but then the second computer would then just get the information from the proxy server the third computer were getting from the proxies are the fourth with from the proxy server fifth for the proxy server so instead of pulling all that data down from the internet it was all getting from down from the proxy server and with wreckin awesome I am telling you if you are still a poor schmuck that is still doing normal computer repair still doing antivirus repair still doing wipe and reloads and still doing updates setting up a squid proxy turret server you will just think is the bee's knees when you set this up and you can figure it you will be like oh it is so awesome so basically the first thing is cache cassia's all that data onto its own hard drive the next thing if you're doing this locally that's very important is ACL access control lists so again when you're dealing with the business world the question is is what websites do you want your users to go to now you as an employee's right if you're an employee you'll go to facebook.com you under Twitter comm your comm you go to Moviefone comm you will go to all these wonderful websites right because when you're at work I mean you still should be able to check your status updates well obviously as a boss if I'm paying you money to be at work I do not want you to Kathy Facebook or Yahoo or Moviefone comm so what you can do is in the proxy server you can create text files of ACLs access control lists that say where the web browsers or the connections can connect to so you can say I don't want people to go to facebook.com and when somebody goes to facebook.com that connection will get blog I don't want them to go to Moviefone comm and that will get blocked one of the nice things with a squid proxy server is again this is all stored in a text file so it's a lot easier to manage than some other solutions out there such as like Open DNS org which is a very good way to block people from going to websites using dns but that can be a little harder a little more complicated to configure with with squid proxy all this is going to be stored in a text file and and so you can either create a script to update the text file you can manually update it with something like notepad or them it's just a lot easier to use the less configuration so the important thing so from the security and the management standpoint of why you would want to squid proxy servers one cach cach cach cach cach get this is phenomenal seriously once you've took out this cache setup you're just not going to know how how you live life any other way and then from a business perspective you then want a Ciel's access control list this allows you to block connections to websites or servers you don't want we'll have access to now the other way the third way that web proxy servers squid proxy server is very useful for you is from the hacker perspective because the problem is let's say your your computer you're on this network and let's say you're at college right and the issue is is when you try to go out you try to go to sex comm or you try to go to utorrent com you try to go to any of these websites well what happens most likely especially if you're at college they have some kind of web filter that blocks you from being able to access these websites and therefore you can't get to them well then you might be thinking hey Eli I know I am going to use a web proxy server something like proxifier com but then when you connect try to connect proxifier com well proxifier comm is a well known domain name and so you find out that proxifier com also is blocked because they know about well here's the thing if you're connecting to the Internet well if you could build a proxy server and let's say you put it at your parents house or your home then what you can do is you can connect to your proxy server and then your proxy server will go out and go to all the web sites on the internet that you want to go to so instead of you going to Saks com you connect to your proxy server it connects this XCOM that information is sent to the proxy server which is then sent to you which means you buy pass all of those web filters so depending on what you're doing this can be very nefarious or very normal again you know if you're at college and you're looking all these naughty sites then this might be some kind of form of hacking um to get around B then we get to go to those sites from the security world what I use to see in the real world with technicians is unfortunately a lot of corporate security would make connecting to a lot of websites that we need use to difficult so the fact of the matter is as real professionals sometimes we need to be able to connect to torrent sites sometimes we need to be able to connect to things like Facebook in order to talk to our peers in order to solve problems which at the end of the day profits the business remember when we're talking about business is always about making money for the business so the problem is a corporate security guys would come in and they would put in blanket security policy across the corporation of you can't get facebook well here's a problem what if all of your IT buddies are on Facebook and whenever you have a problem you ping them on Facebook and now Facebook is blocked it kind of screwed right so what I have bad buddies do is they would set up a proxy server in their house then when they are at the company they would connect their computer to their home proxy server and then they would be able to go out and again to facebook.com/ utorrent whatever so on and so forth so this is the idea of why proxy servers are important for cache for access control lists and to be able to get around web filters that are set up on the network now when you're using the proxy server there are two ways to configure the proxy server again today we're going to show you the first way I'm going to make this fairly simple today today we're going to be showing you the manual way of configuring your computers to use a proxy server with Internet Explorer what this means is that the proxy server that you're going to be using so you have a proxy server it will have an IP address 192.168.1.1 X it then has a port that it uses for the proxy service as I recall 3128 is the default port so remember with any networking service there is always a port HTTP is normally port 80 what we're using for this proxy server today is 320 31:28 so what this means is we set up our proxy server then on the computer that we'll be accessing the proxy server we go into Internet Explorer and we Emmanuel we input this information so this is how you manually input the information there's also something called a transparent proxy server a transparent proxy server means that there is no configuration that the end user needs to do in order to to touch that proxy server basically the proxy server ends up being like the default gateway if you plug the computer into the network you will automatically be getting routed through the proxy server and there's nothing nothing else that you need to do again today I'm keeping everything really simple so we're not going to go into the transparent proxy the other warning while what I will give you is once once we do the class on the transparent proxy is as I say with everything all pieces of technology can be squirrelly every once in a while every piece of technology can be a little bit quirky now remember squid is doing all of this caching of information so that means it stores information so the question is is what happens if you go to a website that regularly updates will the cache and the proxy server be refreshed and so it is supposed to be refreshed it is built so if there is a newer version on the server that will automatically be downloaded and the end user will get that instead of the cache in the proxy again things get squirrely things get quirky sometimes that doesn't happen properly so that would be my caution against using the transparent the automatic proxy because sometimes things can frankly just just screw up so today we're going to be showing you the manual so where we're going to go back to the computer now and basically what I'm going to show you and get very simply is we're going to install show you how to install squid onto an in bun - 12.04 server then I'm going to show you how to configure a Internet Explorer in order to connect to that that squid server and then we are going to change one configuration within to the squid configuration file in order for will to actually work and that's all we're going to do do today and that will be the basic configuration for squid proxy server even with that basic configuration it is still pretty nifty the one warning that I will give you again when I am doing these classes remember these are professional level classes so you guys need to think sometimes you need to think right as I talked about one of the pains in the butt about Linux is different distributions and different versions of Linux do things slightly differently so I am showing you this okay want to repeat on to bunt to 12.04 squid on Ubuntu 12.04 has to be configured in its own particular quirky little way if you are using sent OS if you were using Mint if you are using some other distribution you may have to go to Google to make sure what you're doing essentially the overall concept of what you need to do today is you need to install squid not too not too hard you need to edit the squid dot Kumpf the squid configuration file and then you need to be able to restart the squid service those are the three tasks that you need to be able to do again I will be showing you this on a bun to twelve point oh four if you're using a different distribution of Linux it might be slightly different all you have to do is go on to Google and say how do I restart squid service on cent OS and then follow the directions but basically so I just want to give you that because I know some of you guys get all lost and but I thought that that's it's really not that bad so let's go over to computer here you know and I'll show you how all this stuff works okay so so we're back at my computer system now so you understand what's going on what I've done is I have this laptop computer here you know my trusty 4 Giga RAM laptops that I bought like two years ago for $400 a piece again I love them they're these little Gateway pieces of crap that I bought it Best Buy and they were great for uh for for basic test machines so what I've done is I've installed again Ubuntu 12.04 server onto this laptop now to do the the demonstration that I'm doing I also install SSH secure shell so that I can be on this computer and remotely control the server so basically if you're at this point of life and you're messing around Linux you should be able to know how to install secure shell and be able to use putty and if you don't you got some bigger problems so let's go over to the computer so I can show you what's going on so this is the squid server so i am using putty to use SSH to connect to the squid server so what you are going to do is when you get to the squid server or the the Linux server you're going to say sudo Super User do apt-get install if you know anything about Ubuntu this should be very simple and then squid so sudo apt - get install squid this is what will install squid for you you do not need any additional packages so we'll ask you for the password and then I'll do all this and basically what it will say I've already had squid installed if you did not have squid installed it would it would say do you want to install this you would say yes so basically that is all you have to do to install squid it's just got to be connected to the Internet it has to have a real life it has to have an IP address and then you do Stu sudo apt I can get install squid now once you have this you've installed squid you then need to go into the configuration file for skip squid so with this again I use sudo and then I've used them so again in the Linux world in the Linux world everybody has their own favorite text editor again it's kind of like out in the windows world where everybody has their own favorite antivirus software that they like I prefer them it is installed by default on Ubuntu 12.04 so I do sudo BEM et Cie slash and here's one of the quirks with Ubuntu is it squid 3 so etc' forward slash squid 3 if you read some of the instructions they tell you ET c 4 slash squid boat ubuntu it's squid 3 and then you do squid comp and now you can see that I am in the squid file and I can scroll down and I can go in and I can start configuring things now you are going to see that there are a lot of configurations that can be done and squid today we are only going to do a single configuration I will warn you when you look at the squid configuration files especially if you're new to them it's going to seem overwhelming essentially with the squid configuration file file they piled the man page and the configuration file and did a nasty mash into one obnoxiously long file and so when you're looking at it most of the configuration file is actually just text just instructions on how to use squid there there aren't nearly as many options as you may think but the problem is it's such a long nasty horrible file that you've got to scroll through one of the things that I would suggest if you are new to squid and especially if you're new to anything in Linux when you go to these configuration pages don't feel sheepish about printing them out print them out to a laser printer and then actually just sit there and read through all of them because especially if you don't know what you're looking for in the squid Cadfael there's a lot of stuff there so in these classes I'm going to show you what to look for but once you start playing around it really might be worth your effort just to print everything out so you can see what's what's going on so basically we go back and we can see here that there's just a whole bunch of fonts so what we need to do now is we need to actually allow the local computers to be able to access the squid sir so by default the squid server is on but local users can't access it so what we can do is we can go over and I am now going to looking at Internet Explorer so Internet Explorer currently is not going through the squid server so if I go to cnn.com you can see I can go to cnn.com just fine and go cnn.com I can go to google.com and there are no issues so what I want to do is I want to set this up so it will go through the squid proxy server so to do that I click on the little uh a little cog thing up there and then I go to internet options I then click on internet options I then go to connections I then go down to LAN settings LAN settings almost all the way at the bottom this is where you can set the configuration information for the proxy server so I can check the use proxy server for your LAN box I then put in the address so I know the address of this this squid proxy server is 192.168.1.2 so you put in whatever IP address your squid proxy server has then the port number again you're going to be using whatever pour is configured for the proxy by default the port number is 3128 it can change that that's something we will mess with in the future so now I would say just leave it as is so you put in the IP address and you put in a port number and you hit OK and you hit OK then we'll be on Google and now that we're on Google we can say hey I want to go back to cnn.com right and when I go back to cnn.com Oh No Oh No yeah let me do the home alone thing Oh No what happened I broke it well the first thing again whenever you're doing Linux whenever you're doing administration make sure to read error codes error codes tell you a lot of things and will tell you where you're screwing up so the following error was encountered while trying to retrieve access denied now that's a very important world there it is telling you what the problem is this is a security problem access is denied it's not saying that the website can't be found it's not saying any other errors it's saying access is not the one that is denied which means you do not have permission to access that website so if you don't have permission then you need to change permissions right well the way you change permissions is by going into the squid dot-com file so now let's go back and we are going to go back into our linux ubuntu the squid server and we are going to change the squid conf on so we are already here now I know what I need to change so I am going to use the find command so on them in order to do a find you do forward slash and then you type in what you're trying to find so HTTP underscore s so what I do is I hit enter and it will look for HTTP underscore s so all I need to heat hit is in in as November and it will start doing next so next next next next and so okay so I'm getting closer next next next okay I keep you access allow manager deny manager deny deny what I'm looking for is right here HTTP access on HDTV underscore access deny all deny all means to deny unless otherwise told not to deny again whenever I do these basic classes I am NOT using best security practices but I don't I admit that I'm trying to make this easy for you guys so that you can make this work so what we are going to do is we are going to open up this proxy server so everybody on the land can use it possibly not the best security practice but it will work and frankly if you've got a pretty secure Network who cares really so what we're going to do is we're going to go back and I'm going to we're at the HTTP access deny all I hit I eyes for insert and then delete deny and I put allow space so now is HTTP - or HTTP underscore is allow all and then I hit this game so we have now modified the deny all to allow so then I do whatever : WQ what this will do is this will save the file and this will quit so the important thing is HTTP - access a space deny all - HTTP up underscore access space allow all very very important then you hit enter so now it has been written and now it has been saved but again as a professional so you've changed a configuration file for a service on the server what you need to do next you need to restart the service because whenever this the the the service starts right all the configuration information is loaded and then generally the service doesn't go back and read the configuration information until it is restarted so we're going to have to restart that service so we're in transition back and again depending on what version of Linux you're using you may use a different command for this version for Ubuntu 12.04 I use sudo space service space squid 3 space restart so if you try to use any other way to restart the service you know I and I period D blah blah blah blah blah restart that won't work this is the way you have to restart the service on a bunch of 12 point o4 and then you hit enter of course since you're restarting it will take a second so now we can see that it has restarted so we change a configuration file then we restarted now we go back to Internet Explorer and then I can just hit refresh and we can see that now cnn.com works properly so now the proxy server is working so this computer is now routing through the proxy server to go out to the Internet and that why we go into Internet Explorer and order changes configuration is that is where the core configuration is stored so it's stored there for Internet Explorer and for Chrome and for Windows updates and for a lot of other things so a lot of people say Elan I only use Chrome why would I be going into Internet Explorer well the reason is is because that's where those settings are stored chrome uses those settings by default you can put an extension or something to change that but generally it's used by default so that is all you need to do to install and get a squid proxy server running these are the absolute default base configurations it is caching a little bit of data but it's not very much I think it I think by default it will only cache files up to four megabytes in size but even if you have an office of 10 or 20 people simply using a squid proxy server with default settings I am going to tell you it will make things seem like they're running a lot faster because all of those little files instead of each computer have to go out to the Internet to ask them they're able to grab them off of that proxy server so again even on a small network it will make things run pretty well again if you're going to be building something like a squid proxy server for yourself for the production environment you should be thinking about what's important for a squid proxy server what I will tell you is the most important thing for a squid proxy server is the hard drive speed how fast data can be written to the hard drive and pulled off the hard drive ram and then uh the the cpu are not as important so if you're thinking about creating your own squid a proxy server if you have the budget I would definitely be telling you to take a look at by a solid-state hard drive for it because that is what will will be the best for you so that's all there to squid proxy server again why squid proxy servers are good now is especially in workshop environments if you are still a poor schmuck doing computer repair doing wipes and reloads doing hours and hours and hours of updates imagine if you could download all those five gigs of Microsoft updates not from Microsoft comm but from a local server and Windows Update will still work how it's supposed to work would that be useful wouldn't that be great I'm telling you we had this running in my old shop it was beautiful if I was gay I would have kissed Kevin I mean it was just so amazingly great so the caching is of what I think is the most important thing the access control lists are awesome if you are dealing with small business clients or organizations using a proxy server to block a traffic to things like Facebook command yahoo.com believe me the employees may not like you but the boss will and they're the ones who write the check and then finally whether it's for security or whether it's for hacking you can set up your own proxy server at your own house or at your mama or Papa's house right you can set up port forwarding in the router and then what you can do is you can be anywhere in the world you can connect to the proxy server and then that proxy server will connect out to the Internet I think you can go to sects calm or utorrent calm or I don't know wherever site you want to go to and it should work and then be blocked by the Web Filter that's what it is so this was episode 341 intro to using squid web proxy server my final note again every version of Linux does this slightly differently again if I if you haven't caught it yet I used a bug too 12.04 server version in order to do this if you decide to use something else all you have to do is you have to install it you have to modify the config file and you have to restart the service again do a little bit of google searching and I believe in you you can figure it out it's really not that hard there will be more classes in the squid series I'm going to show you how to create a caching server I want to show you how to do the access control list and I'm going to show you how to do the transparent so you can just set this up and then not have to do any configurations but those will be different classes since I want to try to keep this simple something special in the Linux world it's really easy to get confused really quick so so I am Eli the computer guy I enjoy teaching this class and look for to see you the next one
Info
Channel: Eli the Computer Guy
Views: 241,339
Rating: 4.8794522 out of 5
Keywords: Eli, the, Computer, Guy, squid proxy server, squid web proxy server, proxy server, squid, linux proxy server, linux squid proxy server, ubuntu squid proxy server, ubuntu web proxy server
Id: qRx_RkdvpS4
Channel Id: undefined
Length: 35min 21sec (2121 seconds)
Published: Tue Dec 04 2012
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.