Squid: Intercept traffic

I was bored this weekend, so after finding some YouTube traffic occurring from one of the PCs on the network, I decided that I’d play with Squid, which is a very powerful, and flexible proxy server.

It has many different methods of operation, and can be used in different ways, such as a simple proxy, where you set it up, only allow your traffic, and set your browser to use it.

A reverse proxy, so that it caches traffic for busy websites and therefore removes load.

A transparent proxy, so that users don’t have a definite idea they are being proxied, and this is the method I used – purely so we didn’t have to set it up on the client machine, and that’d just be boring anyway.

So, I setup the access list in my wonderful Cisco 871. The access list is set such that any traffic that is not web traffic, goes out directly, the PCs that matter are also not routed to the access list, and every other machine is.

Then, I setup squid, I configured it as a transparent proxy, and then enabled the rewrite_program option, then I setup the rewrite script to rewrite the urls for youtube.com to xtube.com – so, any request for youtube, results in xtube – a more explicit knock off of youtube.

Unfortunately, the desired effect of having the traffic decrease was not the case, they indeed viewed the xtube traffic instead.

So, the next step (a later on thing), will be to setup a virtual host in apache on that server, mirror the youtube website content, and then replace the area where a video would normally appear with a singular cached video. I’ll have to find one worthy of such a task.

Then, any requests for youtube videos shall be met with a repeat video. Or, we could confuse things, and swap the code in the youtube video page, with one from another site, so when they next seek out the latest Black Eyed Pea (s)hit video on YouTube, they are met with a very, very different black, eyed, pea.

This entry was posted in Linux, Networking. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *