Squid_ The Definitive Guide - Duane Wessels [107]
Squirm
http://squirm.foote.com.au/
Squirm comes from Chris Foote. It is written in C and distributed as source code under the GNU General Public License (GPL). Squirm's features include:
Being very fast with minimal memory usage
Full regular expression pattern matching and replacement
Ability to apply different redirection lists to different client groups
Interactive mode for testing on the command line
Fail-safe mode passes requests through unchanged in the event that configuration files contain errors
Writing debugging, errors, and more to various log files
Jesred
http://www.linofee.org/~elkner/webtools/jesred/
Jesred comes from Jens Elkner. It is written in C, based on Squirm, and also released under the GNU GPL. Its features include:
Being faster than Squirm, with slightly more memory usage
Ability to reread its configuration files while running
Full regular expression pattern matching and replacement
Fail-safe mode passes requests through unchanged in the event that configuration files contain errors
Optionally logging rewritten requests to a log file
squidGuard
http://www.squidguard.org/
squidGuard comes from Pål Baltzersen and Lars Erik Håland at Tele Danmark InterNordia. It is released under the GNU GPL. The authors also make sure squidGuard compiles easily on modern Unix systems. Their site contains a lot of good documentation. Here are some of squidGuard's features:
Highly configurable; you can apply different rules to different groups of clients or users and at different times or days
URI substitution, not just replacement, à la sed
printf-like substitutions allow passing parameters to CGI scripts for customized messages
Supportive of the 301/302/303/307 HTTP redirect status code feature for redirectors
Selective logging for rewrite rule sets
At the squidGuard site, you can also find a blacklist of more than 100,000 sites categorized as porn, aggressive, drugs, hacking, ads, and more.
AdZapper
http://www.adzapper.sourceforge.net
AdZapper is a popular redirector because it specifically targets removal of advertisements from HTML pages. It is a Perl script written by Cameron Simpson. AdZapper can block banners (images), pop-up windows, flash animations, page counters, and web bugs. The script includes a list of regular expressions that match URIs known to contain ads, pop-ups, etc. Cameron updates the script periodically with new patterns. You can also maintain your own list of patterns.
Exercises
Write a redirector that never changes the requested URI and configure Squid to use it.
While running tail -f cache.log, kill Squid's redirector processes one by one until something interesting happens.
Download and install one of the redirectors mentioned in the previous section.
Chapter 12. Authentication Helpers
I originally talked about proxy authentication in Section 6.1.2.12. However, I only explained how to write access control rules that use proxy authentication. Here, I'll show you how to select and configure the particular authentication helpers.
Recall that Squid supports three methods for gathering authentication credentials from users: Basic, Digest, and NTLM. These methods specify how Squid receives the username and password from a client. From a security standpoint, Basic authentication is extremely weak. Digest and NTLM are significantly stronger. For each method, Squid provides some authentication modules, or helper processes, which actually validate the credentials.
All of the authentication helpers that I mention here are included in the Squid source code distribution. You can compile them with ./configure options that match their directory names. For example:
% ls helpers/basic_auth
LDAP NCSA getpwnam
MSNT PAM multi-domain-NTLM
Makefile SASL winbind
Makefile.am SMB
Makefile.in YP
% ./configure --enable-basic-auth-helpers=LDAP,NCSA ...
Helper programs are normally installed in the $prefix/libexec directory.
As