Do I need to be technical to use squid proxy?

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Antony Stone
On Wednesday 15 August 2018 at 18:26:16, Oldman wrote:

> I found a script and automatically created squid proxy in a centos vps
> then set up the proxy in my pc and am using it
> I am good in learning but not very technical . while trying to figure out
> all those tcp denied and other logs I realized it is very technical
> Isn't there easy to manage  way for non technical person like me?

Sorry, but why is a non-technical person trying to manage a proxy server?

To answer the question in your subject line "Do I need to be technical to use
squid proxy?", the answer is definitely "no".  So long as you can use a
browser, you can use Squid proxy, but if you want to *manage* the proxy,
that's a different matter, and you need to have at least a certain amount of
familiarity with networking concepts and client-server communications.

Maybe it helps to look at your request completely differently - what are you
trying to *achieve* with Squid?  Tell us that and we might be able to help you
do it.


Regards,


Antony.

--
René Descartes walks in to a bar.
The barman asks him "Do you want a drink?"
Descartes says "I think not," and disappears.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Antony Stone
On Wednesday 15 August 2018 at 19:27:07, Oldman wrote:

> What do you think about my squid configuration?  here ? I can't see any
> cache logs

> cache_log /dev/null

You do understand what "/dev/null" means, do you?

> acl SSL_ports port 1-65535
> acl Safe_ports port 1-65535

This suggests to me that your lack of familiarity with networking may be
dangerous.


Antony.

--
Police have found a cartoonist dead in his house.  They say that details are
currently sketchy.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Antony Stone
On Wednesday 15 August 2018 at 20:34:26, Oldman wrote:

> No sir I do not understand

Okay, "/dev/null" means "discard the output".  That is why:

        cache_log /dev/null

produces no cache log file.

> that is why I am here trying to just come up with some configuration that
> helps me keep the squid swimming :)
>
> About being dangerous  please guide me what to remove or add
>
> I suppose you are telling me that
>
> > acl SSL_ports port 1-65535
> > acl Safe_ports port 1-65535
>
> Are dangerous ?  Please guide me should I remove them all?

I recommend you simply do not change them from the defaults.

In general, do not change anything in the default Squid config file unless you
know why you need to change it.


Regards


Antony.

--
It may not seem obvious, but (6 x 5 + 5) x 5 - 55 equals 5!

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Antony Stone
On Wednesday 15 August 2018 at 21:09:57, Oldman wrote:

> Thanks
>
> I won't change any thing unless I am sure here.

Well, you've certainly changed quite a lot of the standard config in the file
you showed us earlier.

> What was dangerous ?  Did you mean I could be hacked with that
> configuration file?

I seriously doubt you can be "hacked" (whatever you specifically mean by that)
but only because you are running the Squid proxy on a domestic network and it
is therefore almost certainly unreachable from the Internet.

However, defining "safe ports" to be "any port at all" means your proxy can be
used for quite a number of protocols other than HTTP/S (for example, SMTP) and
since this is almost certainly not what you want this proxy to be (ab)used
for, you should stick the the default definition of safe ports which is
designed to prevent this sort of abuse.

Just out of interest, what made you make the changes you did to the standard
config?


Antony.

--
"The future is already here.   It's just not evenly distributed yet."

 - William Gibson

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Adam Majer
In reply to this post by Oldman
On 08/15/2018 08:34 PM, Oldman wrote:

> No sir I do not understand that is why I am here trying to just come up with
> some configuration that helps me keep the squid swimming :)
>
> About being dangerous  please guide me what to remove or add  
>
> I suppose you are telling me that
>> acl SSL_ports port 1-65535
>> acl Safe_ports port 1-65535
>
> Are dangerous ?  Please guide me should I remove them all?

It's dangerous to run random code from random site. The things you list
downloads,

wget -O /etc/squid/squid.conf
https://raw.githubusercontent.com/hidden-refuge/squid-proxy-installer/master/spi-rhel5664.conf
--no-check-certificate;;

which is a big WTF in the first place.

1. the --no-check-certificate flag
2. the file there is different from the repository file

If you want to install squid, install it from your distribution's
source, not just run some random program you find in Google's search
engine. All distros have squid available. And at least those squid
versions don't come with malicious config files.

Best of luck,
Adam
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Oldman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Matus UHLAR - fantomas
In reply to this post by Antony Stone
>On Wednesday 15 August 2018 at 21:09:57, Oldman wrote:
>> I won't change any thing unless I am sure here.

On 15.08.18 21:20, Antony Stone wrote:
>Well, you've certainly changed quite a lot of the standard config in the file
>you showed us earlier.

>> What was dangerous ?  Did you mean I could be hacked with that
>> configuration file?

>I seriously doubt you can be "hacked" (whatever you specifically mean by that)
>but only because you are running the Squid proxy on a domestic network and it
>is therefore almost certainly unreachable from the Internet.

in which case I ask if you (OP, Oldman) are really sure that your proxy is
not accessible from the internet.

Otherwise, any weak password in /etc/squid/passwd can be guessed by
attackers and your squid could be abused.

>However, defining "safe ports" to be "any port at all" means your proxy can be
>used for quite a number of protocols other than HTTP/S (for example, SMTP) and
>since this is almost certainly not what you want this proxy to be (ab)used
>for, you should stick the the default definition of safe ports which is
>designed to prevent this sort of abuse.
>
>Just out of interest, what made you make the changes you did to the standard
>config?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Do I need to be technical to use squid proxy?

Amos Jeffries
Administrator
In reply to this post by Oldman
On 16/08/18 18:59, Oldman wrote:
> Thanks a lot . I take your advice  delete every thing and install a new os
> but I will need help

That is not what was being suggested (unless you installed the whole OS
from a source without knowing what was going on). Just using safe
practices when installing software.

Reading that script it does use your OS providers package installer and
repository. So that part is safe enough.

The weird parts are how it then completely replaces your squid.conf with
its own broken config file and some (wrong) claims it makes about
htpasswd hashing.

You should be able to just drop in the default config for your Squid
version. Which should be one of these:

<https://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#Do_you_have_a_squid.conf_example.3F>

OR, a squid.conf.default file containing the above with a few more
comments should have been installed with your Squid.


A Squid using those defaults should "just work". So your needed
technical know-how scales with the complexity of what you are trying to
do - from none (default setup) to expert (lots of custom config).


eg. if you have sufficient technical know-how to read that installer
script and understand it - then choosing to run it can be okay as you
should then also know how to fix the broken bits in it.


> Can you please point me to one online tutuorial that is easy to understand
> and I can just
> enter command ?  I will install centos I suppose

If you are already familiar with that OS then sure. Just be aware CentOS
is targeted at corporate installations, so a moderate level of expertise
is assumed and building/patching ones own software more common in that
community.

distrowatch.com is a pretty good resource for getting into OpenSource
systems. For example; it lists the top-ten most popular OS distributions
as currently:

Rank Distribution
1 Manjaro
2 Mint
3 Ubuntu
4 Debian
5 elementary
6 Solus
7 MX Linux
8 Antergos
9 Fedora
10 openSUSE

The distro popularity tends to mean they are more polished and easier to
use than the less popular OS (which likewise tend to be more targeted at
specific uses). Or at very least there are a lot of people knowing about
them to be found.

[Manjaro being #1 surprises me. The others all match what I have heard
from many sources in terms of OS people are finding easy to use.]

Tutorials and How-To's should be readily available for most OS. Via your
favourite search engine, if not the distribution itself. If you cannot
find something you understand for a particular OS it's likely not a good
choice to be installing as a beginner.

That level of help is technically off-topic here. Once you have a
machine you can use, help with the Squid installation and setup parts is
what we are all about.

HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users