How to block flash videos using Squid proxy Server

One popular example is to block flash video, used by sites such as Youtube.The MIME type for such content is "video/x-flv". Creating an ACL to block this is easy.First, create an ACL which matches the MIME type in question:acl deny_rep_mime_flashvideo rep_mime_type video/x-flvThen create a HTTP Reply ACL which denies any replies with that MIME type:http_reply_access deny deny_rep_mime_flashvideoThis has been verified to block Youtube flash video...

Read More

HowTo Allow windows updates through squid

Add the following to your squid.conf, It 'MUST' be added near the top before any ACL that require authentication.acl windowsupdate dstdomain windowsupdate.microsoft.comacl windowsupdate dstdomain .update.microsoft.comacl windowsupdate dstdomain download.windowsupdate.comacl windowsupdate dstdomain redir.metaservices.microsoft.comacl windowsupdate dstdomain images.metaservices.microsoft.comacl windowsupdate dstdomain c.microsoft.comacl windowsupdate dstdomain www.download.windowsupdate.comacl windowsupdate dstdomain wustat.windows.comacl windowsupdate...

Read More

Block mp3, mpg, mpeg, exe files using Squid proxy server

First open squid.conf file /etc/squid/squid.conf: # vi /etc/squid/squid.confNow add following lines to your squid ACL section: acl blockfiles urlpath_regex “/etc/squid/multimedia.files.acl”Now create the the file # vi /etc/squid/multimedia.files.acl\.[Ee][Xx][Ee]$\.[Aa][Vv][Ii]$\.[Mm][Pp][Gg]$\.[Mm][Pp][Ee][Gg]$\.[Mm][Pp]3$Save and close the file and Restart Squid: # /etc/init.d/squid rest...

Read More

HowTo Clean and Re-build Squid cache

First, Check you squid.conf fileand locate the location of you cache directory, you should have line starting with "cache_dir"1) Shutdown your squid serversquid -k shutdown2) Remove the cache directoryrm -r /squid/cache/*3) Re-Create the squid cache directorysquid -z4) Start the squid...

Read More

squid configuration : ACL's based on MAC address

There are many times that client are having dynamic ip address (assigned by DHCP server) and in this cases it's hard to set any rules on bases of ip address as, you would not know what ip address the client machine be getting, in such case we could use mac based ACL's to set up any rules on that particular machine. # vi /etc/squid/squid.conf Look for acl section and append ACL as follows:acl mac1 arp 00:11:22:70:44:90 acl mac2 arp 00:11:22:33:44:55 http_access allow mac1 http_access allow mac2 http_access deny...

Read More

Squid Password Authentication Using NCSA

You can configure Squid to prompt users for a username and password. Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file.1) Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it’s universally readable.# touch /etc/squid/squid_passwd# chmod o+r /etc/squid/squid_passwd2) Use the htpasswd program to add users to the password file. You can add users at anytime without having to restart Squid. In this case, you add a username called...

Read More

cachemgr (Cache Manager) configuration for Squid

The cache manager (cachemgr.cgi) is a CGI utility comes with squid for displaying statistics about the squid process as it runs. The cache manager is a convenient way to manage the cache and view statistics without logging into the serverTo make this configuration you need a webserver (Apache) running and configured.1) Try to locate your cachemgr.cgi file which comes with the squid package, this can be done using rpm -ql command (different distro...

Read More

Squid Password Authentication Using PAM

We’ll be using the pam_auth module. This will allow anyone who has a shell account to also be able to use the Squid server. Search for the auth_param section in the config and add these lines:auth_param basic program /usr/lib/squid/pam_authauth_param basic children 5auth_param basic realm Squid proxy-caching web serverauth_param basic credentialsttl 2 hoursNext search for this line and uncomment it:acl password proxy_auth REQUIREDNow create a pam module called /etc/pam.d/squid that contains:auth required /lib/security/pam_unix.soaccount...

Read More

Configure Squid to use other Proxy (cache)

If you want Squid to be part of a hierarchy of proxies or want Squid to fetch content from another proxycache_peer proxy.isp.com parent 8080 0 no-query no-digest ever_direct allow allFor Multiple parentcache_peer proxy.isp1.com parent 8080 0 no-query no-digest defaultcache_peer proxy.isp2.com parent 8080 0 no-query no-digestMultiple parents with weight:cache_peer proxy.isp1.com parent 8080 0 no-query no-digest weight=1 cache_peer proxy.isp2.com parent 8080 0 no-query no-digest weight=2Multiple parents with round-robin:cache_peer proxy.isp1.com...

Read More

HowTo do Transparent proxy with Squid

Modify or add following to squid configuration file (/etc/squid/squid.conf):httpd_accel_host virtualhttpd_accel_port 80httpd_accel_with_proxy onhttpd_accel_uses_host_header onacl lan src 192.168.1.1 192.168.2.0/24http_access allow localhosthttp_access allow lanAdded following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :[eth0 connected to internet and eth1 connected to local lan]iptables -t nat -A PREROUTING -i eth1 -p tcp –-dport 80 -j DNAT –to 192.168.1.1:3128iptables -t nat -A PREROUTING -i eth0 -p tcp...

Read More

Forward Squid traffic to secure tunnel (SSH)

When Squid is installed and running, it uses port 3128 by default. You should test it manually by setting your HTTP proxy to the server that runs Squid. For instance, in Firefox to go Tools -> Options -> Advanced -> Network -> Settings and enter the IP address or host of the Squid proxy (e.g. 192.168.0.100) and 3128 for the port. Try to load any web page. If you see an access denied error, check out the http_access...

Read More

Setting up squid proxy server on Ubuntu

Install SquidOpen up the terminal and type the following command to install squid:sudo apt-get install squidSquid ConfigurationOpen the squid.conf file for editing using command:gksudo gedit /etc/squid/squid.confFind the http_port tag, By default it reads# http_port 3128This is the default port that Squid will listen on for requests. If you want to change it, uncomment the line and set the correct port. If you want Squid to listen only on one specific...

Read More

How to mount samba share on Linux client

Samba can be used to allow connectivity between Linux and Windows. Samba can be used to share printers, share directories, connect to an windows domain, and many other useful features.In order to mount your samba share to your Linux client open up the /etc/fstab file and insert the following line into this file//172.19.12.137/Music /mnt/samba cifs credentials=/etc/accessfile 0 0Now create a new file: /etc/accessfile with following contentsusername=Suhailpassword=some_passwordSave the above file and restart your Linux client (or type command mount...

Read More

How to Convert smbpasswd to tdbsam on Samba

The latest release of Samba offers many new features including new password database backends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many backends may not be suitable for production use.The tdbsam backend provides an ideal database back-end for local servers, servers that do not need built-in database replication, and servers that do not require the scalability or complexity of LDAP. The tdbsam back-end includes all of the smbpasswd database...

Read More

Creating Recycle Bin for Samba storage

Samba is mainly used to share the files between Linux and windows and many times it happens that user deletes the file from the samba server and later wants to get back deleted files which is not possible with the default configuration of samba server.The best option is to have a "Recycle bin" for every users on the samba server.Here is an example of modifying the home directories of your users in samba configuration file[homes]comment = Home Directoryvalid users = %Sbrowsable = noguest ok = noread only = novfs object = recyclerecycle:repository...

Read More

Transfer Linux user to Samba users

To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:# cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswdIf the system uses NIS, type the following command:# ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswdThe mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.2. Change the permissions of the Samba password file...

Read More

Sync users' Samba passwords with their system passwords

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. If a user invokes the passwd command, the password the uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:password required /lib/security/pam_smbpass.so nullok use_authtok try_first_p...

Read More

Sync Samba and Unix password

The pam_smbpass PAM module can be used to sync users’ Samba passwords with their system passwords. If a user invokes the passwd command, the password he uses to log in to the system as well as the password he must provide to connect to a Samba share are changed. To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:password required /lib/security/pam_smbpass.so nullok use_authtok try_first_p...

Read More

Samba Server As Primary Domain Controller

Servera.Operating System :- Fedora-15b.Samba Server :- Samba version 3.0.23c-2 (included in Fedora Dvd) Computer Name:-server Comment :- Domain ControllerDomain Name :- rizvi.comDomain admin Name :- rootIp Address :- 192.168.0.10 Clienta.Operating System :- Windows Xp Sp2Computer Name :- wxpDomain Name :-     rizvi.comIp Address :- 192.168.0.20 ConfigurationServer1.  vi /etc/hosts# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1      ...

Read More

Mount Samba share using fstab

To mount a Samba share when Linux system comes up after rebootedit the /etc/fstab file and put entry as follows for your Windows/Samba share://ntserver/share /mnt/samba smbfs username=username,password=password 0 0 For example,if you want to mount a share called //ntserver/docs then you need to write following entry in /etc/fstab file://192.168.0.1/share /mnt/samba smbfs username=sohail,password=passwd123 0 ...

Read More

Using Samba As File Server in Linux with guest(Anonymous) login and read-write access

1. Create a folder for share purpose    mkdir sharedrive2.Give full access to that folder   chmod 777 sharedrive 3.Edit smb conf file vi /etc/samba/smb.conf[global]# workgroup = NT-Domain-Name or Workgroup-Name   workgroup = WORKGROUP                                                                               ...

Read More

Setting Hostname(Computer Name) in Linux (RedHat)

Edit the following files with vi 1.           /etc/hosts # Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1    localhost.localdomain localhost 192.168.0.20    sohail.bom.labs.net 2.          /etc/sysconfig/networkNETWORKING=yesHOSTNAME=sohail.bom.labs....

Read More

Configure ipaddress in linux

1.edit the file with vi vi/etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0ONBOOT=yesBOOTPROTO=staticIPADDR=192.168.0.20NETMASK=255.255.255.0GATEWAY=192.168.0.1 2.To put Dns Server ip addressvi /etc/resolv.confnameserver=192.168.0.103.restart the network serviceservice network rest...

Read More

How to install Linux / UNIX *.tar.gz tarball files

Tarballs are a group of files in one file. Tarball files have the extension .tar.gz, .tgz or .tar.bz2. Most open source software use tarballs to distribute programs/source codes.# 1: Uncompress tarballTo uncompress them, execute the following command(s) depending on the extension: $ tar zxf file.tar.gz $ tar zxf file.tgz $ tar jxf file.tar.bz2 $ tar jxf file.tbz2 Now change directory $ ls $ cd path-to-software/# 2: Build and install softwareGenerally you need to type 3 commands as follows for building and compiling software: # ./configure #...

Read More

How to replay YouTube video automatically

In the address bar, add the word "infinite" before the word "youtube".This is the easiest way to put Youtube videos on loop.When you are finished your address bar should be changed from:Code: http://www.youtube.com/watch?v=MrMNHwmd9HcToCode: http://www.infiniteyoutube.com/watch?v=MrMNHwmd9Hc...

Read More

How to make an OS X Lion USB thumb drive

Here are three different ways to put Lion on a USB thumb drive. If you buy and install Lion from the App Store  it downloads all 3Gigabytes from the App Store, installs Lion, then deletes the installer!  So when you go to install it on another machine it needs another 3Gigabyte download! Here’s how to make a re-usable installer.Option 1: Put a full bootable Lion installation on the USB Drive with a recovery partition.What you need:...

Read More