Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-statistics domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wordpress/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wordpress/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wordpress/wp-includes/functions.php on line 6114
Squid Proxy pour Debian - Plessy

Squid Proxy pour Debian

Pour information: Un script est disponible pour les membres.

Squid est un serveur mandataire, en anglais un proxy, entièrement libre et très performant. Squid est capable de gérer les protocoles FTP, HTTP, HTTPS et Gopher. Il est généralement utilisé dans certaines entreprises et universités pour des fonctions de filtrage d’URL ou en tant que tampon. Les pages Internet sont stockées localement ce qui évite d’aller les recharger plusieurs fois et permet d’économiser la bande passante Internet

Installation:

sudo apt install squid

Configuration:

Éditez le fichier de configuration:

sudo mv /etc/squid/squid.conf sudo cp /etc/squid/squid.conf.old
sudo nano /etc/squid/squid.conf

Et collez la configuration suivante:

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager

include /etc/squid/conf.d/*

acl allowed_ips src "/etc/squid/allowed_ips.txt"
http_access allow localnet
http_access allow localhost
http_access allow allowed_ips

acl authenticated proxy_auth REQUIRED
http_access allow authenticated
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy

http_access deny all

http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .

Changez le port (de base 3128) et ajoutez l’IP du serveur:

sudo sed -i "s/http_port 3128/http_port $IPServeur:$SQUIDPORT/g" /etc/squid/squid.conf

Ajoutez les IPs de confiance:

echo "$IPMaison" | sudo tee -a /etc/squid/allowed_ips.txt

Ajoutez un utilisateur de confiance avec un mot de passe (8 caractères max):

sudo printf "$USERNAME:$(openssl passwd -crypt "$PASSWORD")\n" | sudo tee -a /etc/squid/htpasswd

Redémarrez Squid:

sudo systemctl restart squid

Firewall:

Si vous avez suivi le tuto sur la mise en place d’un firewall vous devrez ouvrir le port Squid:

sudo sed -i "/^echo - Initialisation des regles.*/i #Squid" /etc/init.d/firewall
sudo sed -i "/^echo - Initialisation des regles.*/i iptables -t filter -A INPUT -p tcp --dport 
$SQUIDPORT -j ACCEPT" /etc/init.d/firewall
sudo sed -i "/^echo - Initialisation des regles.*/i iptables -t filter -A OUTPUT -p tcp --dport 
$SQUIDPORT -j ACCEPT" /etc/init.d/firewall
sudo /etc/init.d/firewall stop
sudo /etc/init.d/firewall start

Fail2Ban:

Si vous avez suivi le tuto concernant la mise en place de Fail2Ban, vous pourrez l’activer pour Squid:

sudo sed -i '/^\[squid\].*/a enabled = true' /etc/fail2ban/jail.local
sudo sed -i "s/80,443,3128,8080/80,443,$SQUIDPORT,8080" /etc/fail2ban/jail.local
sudo systemctl restart fail2ban