Wednesday, October 21, 2009

Linux Securirty Notes 14: Squid notes 3: Cachemngr & Port configuration

Squid implementing cachemgr.cgi
    This script will return the information of squid process/performance such as memory usage, cpu usage, number of HITS & MISS etc.. The tool cachemgr.cgi is included in the squid rpm package.
# rpm -ql squid | grep cachemgr.cgi
    This will show the installation path of the cgi script.
The script is processed by apache so now we have to find out where the apache process the cgi scripts.
# grep -i scriptalias httpd.conf
ScrriptAlias /cgi-bin/  "/var/www/cgi-bin/"
    So we have to place the cachemgr.cgi in to "/var/www/cgi-bin/" directory to process by apache.
# cp cachemgr.cgi /var/www/cgi-bin/
# reload apache

Open the web browser and navigate to http://localhost/cgi-bin/cachemgr.cgi
    This will open the page which ask the information of squid server and the cache manager credentials. Default credentials is null. continue to explore more in the scripts. A menu will be available with all the system utilization report tools. Brows through each options to gather the information of the squid process and

Changing the default port of Squid
# vim /etc/squid/squid.conf
http_port 8080

# reload squid
    This changes the port to 8080. "https_port" is an another derivative used as a accelerator to speed up the back end SSL based servers.

squid - Safe ports
    This is the list of the ports to which squid will make the destination connection to. The safe ports are defined using the ACL
Below is a list of safe port configuration in squid
#vim squid.conf
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563

http_access deny !Safe_port

    The list of ports will be allowed by squid, all other ports will be denied, with the error html file to the client stating that"access denied viz ACL".For enable or disable any ports that squid need to server we can use this safe port ACL. In short we can restrict the access of destination port.

No comments:

Post a Comment

tag ur valuable ideas below