Showing posts with label proxy. Show all posts
Showing posts with label proxy. Show all posts

Jan 15, 2013

Set proxy settings on apt

Apt is the default package manager in most debian distributions including Ubuntu. If the system in behind a proxy and a firewall, systems administrator need to set proxy settings on the system in order to connect that system to the Internet. Systems administrator can user the method that I describe in a previous post to set proxy settings on the system. But apt will not use that settings when it try to connect to the Internet. Therefore, systems administrator need to set those proxy settings in its configurations file. To do that;

You need to edit the '/etc/apt/apt.conf ' file or if that file does not exist, you need to add a new file in '/etc/apt/apt.conf.d/01proxy'

Then you need to add the following line to one of these files.

Acquire::http::Proxy "http://[proxy server ip]:[proxy listening port]";


You need root level privileges to do this task. After editing the you can run a "apt-get update" command to update the apt database.

Jan 4, 2013

Deny Youtube in office hours using Squid proxy

We can use Squid-cache as a internet access controlling system. In this post I will show you how to configure squid-cache to do access controlling on youtube.com website.

You need to edit the '/etc/squid/squid.conf' file to these changes.

First we need to defined our local network (eg : 192.168.2.0/24 ). To do that we can edit the 'acl localnet src * ' line in the config file to;

acl localnet src 192.168.2.0/24

Then we assume that we need to block youtube access within working hours to all uses in the network. Therefore, we need to set the working hours in the configurations file. This configuration should come soon after defining 'Safe_ports'.

acl officehours time M T W H F 8:00-17:00

Now you can give the host name of the host machine by;

visible_hostname proxy.domain.com

If anyone need to access youtube within office hours we need to have a option for that. For an example, we can set a youtbe allowed IP range and/or some individual IP addressed like this.

acl allowyoutube src 192.168.2.21-192.168.2.40
acl allowyoutube src 192.168.2.75
acl allowyoutube src 192.168.2.65

Now we can block youtube to all users except special users by setting;

acl youtube dstdomain .youtube.com
http_access deny CONNECT youtube !allowyoutube officehours
http_access deny youtube !allowyoutube officehours

# deny access to not safe and non-ssl ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# allow only local network
http_access allow localnet
http_access deny all

Then restart the squid service  and see the logs on ' /var/log/squid/ ' for more information.

Jan 3, 2013

Set proxy settings on Linux systems


If a system is connected to the internet via a proxy server, we need to give those information to the system. To do that, can use ' /etc/environment ' file to set system wide proxy settings.

You just need to add the proxy server IP or the domain name and the port number.
http_proxy=proxysvr.local:3128
https_proxy=proxysvr.local:3128
ftp_proxy=proxysvr.local:3128

if you need to avoid some hosts going through the proxy server you need to add this;
no_proxy="localhost,127.0.0.1,localaddress,.server.local"

Some software products refer to the upper case of those variables therefore it is better to use the upper case copy of the same settings.
HTTP_PROXY=proxysvr.local:3128
HTTPS_PROXY=proxysvr.local:3128
FTP_PROXY=proxysvr.local:3128
NO_PROXY="localhost,127.0.0.1,localaddress,.server.local"


Note:-
Event though you add proxy settings in this, some tools like apt-get will not work. In such a case you need to refer the configurations guide of that tool.
You can set user specific proxy settings by settings those environment variables in '~/.bash_profile' file.