Tuesday, June 28, 2016

Configuring a Whitelist for SQUID PROXY

Configuring a Whitelist

Open the squid configuration file, which on Linux should be in the following location:
/etc/squid/squid.conf
Squid whitelists are created using the acl whitelist directive.
To setup a small whitelist of sites, you can add them directly to the Squid conf file. To do this, add the following directives to the Squid conf file:
acl whitelist dstdomain .example.com .google.com .bing.com
http_access allow whitelist
Note: Make sure you add this http_access line before the http_access line that allows proxy authenticated connections (this is the one that you would have added to configure proxy authentication). Otherwise the whitelist will not work.
In this example three domains are whitelisted. The whitelist includes all subdomains of these sites as well.
Save the configuration file. We are now ready to start Squid. If Squid is already running, reload the configuration file using the following command:
squid -k reconfigure
If squid is not already running, start it using the following command:
service squid start
Open a browser on a client machine. If you browse to one of the sites in the whitelist, Squid should not ask for a username and password. If you browse to any other site, Squid should ask you for a username and password.
Although this works, an easier to maintain solution would be to create a file of whitelisted sites. To do this, change the acl whitelist directive as follows:
acl whitelist dstdomain "/etc/squid/sites.whitelist.txt"
Next create a file called /etc/squid/sites.whitelist.txt and add in a list of sites to be whitelisted. For example:
.example.com
.google.com
.bing.com
Save the configuration file.
We are now ready to start Squid. If Squid is already running, reload the configuration file by running the following command as the root user:
squid -k reconfigure
If squid is not already running, start it by running the following command as the root user:
/etc/init.d/squid start

Wednesday, June 15, 2016

Configuring HTTP Proxy in the CLI for yum updates

Configuring HTTP Proxy in the CLI

  • Run the subscription-manager command as follows:
    # subscription-manager config --server.proxy_hostname=proxy.example.com --server.proxy_port=8080 --server.proxy_user=admin --server.proxy_password=secret
  • Also edit /etc/yum.conf for http://:8080

Wednesday, June 8, 2016

engine-image-uploader ERROR: not a gzip file!! ->> Creating an OVF Archive That is Compatible with the Image Uploader!

Creating an OVF Archive That is Compatible with the Image Uploader
  1. Run the tar -zcvf my.ovf images/ master/ command to create the tar/gzip ovf archive.
  2. Anyone you give the resulting ovf file to (in this example, called my.ovf) can import it to Red Hat Enterprise Virtualization Manager using the engine-image-uploader command.

You have created a compressed OVF image file that can be distributed. Anyone you give it to can use the engine-image-uploader command to upload your image into their Red Hat Enterprise Virtualization environment.