ServerBuddies Support Blog

Creating and editing ACLs

Before you can block or allow requests from some address, to some server or for some page you will need to create an appropriate ACL. The basic steps to do this are :

1. Select the type of ACL to create from the drop-down menu below the Access control lists table and click the* Create new ACL* button.

2. On the form that appears, enter a name for your new ACL in the ACL name field. If more than one has the same name, it will be treated as matched if any ACL with that name matches. The name should consist of only letters and numbers, with no spaces or special characters.

3. Fill in the rest of the form as explained in the table below.

4. In the Failure URL field, enter a complete URL that clients who are denied by this ACL will be redirected to. This allows you to define custom error pages to be displayed instead of the default Squid responses.

5. Click the Save button at the bottom of the form.

Once an ACL has been created you can edit it by clicking on its name in the list, changing the fields and clicking Save. Or your can delete it (if it is not in use by some proxy or ICP restriction) with the Delete button. As usual, the Apply Changes link must be used to activate any changes that you make.

Squid has an amazing number of ACL types, although not all are available in all versions of the server.

Many types of ACL are inappropriate for certain situations. For example, if a client sends a CONNECT request the URL path is unavailable, and thus a URL Path Regexp ACL will not work. In cases like this the ACL is automatically assumed not to match.

Article taken from - http://doxfer.com/Webmin/

Changing the proxy ports and addresses in Webmin

By default, Squid listens for proxy requests on TCP port 3128 on all of your system’s IP addresses. Because this is not the usual port that proxies are run on (8000 and 8080 seem to be the most common), you may want to change it. You might also want to edit the listening address so that only clients on your internal network can connect, if your system has more than one network interface.

To specify the ports that Squid uses, follow these steps :

1. On the module’s main page, click on the Ports and Networking icon.

2. In the Proxy addresses and ports table, select the Listed below option. In the table below, each row defines a listening port and optionally an address to bind to. Any existing ports and addresses will be listed, followed by a single blank row for adding a new one. In the first empty field in the Port column, enter a port number like 8000 or 8080. In the Hostname/IP address column, either select All to accept connections on any of your system’s interfaces, or the second option to enter an IP address in the adjacent text box. Using this table, Squid can be configured to listen on as many ports as you like. However, because only one blank row appears at a time you will need to save and re-open the form to add more than one new port.

3. ICP is a protocol used by Squid to communicate with other proxies in a cluster. To listen on a port other than the default of 3130 for ICP, fill in the ICP port field. This is not generally necessary though, as only other proxies ever use this protocol.

4. Squid will normally accept ICP connections on any IP address. To change this, select the second radio button in the Incoming UDP address field and enter one of your system’s interface IPs into its text field. This can be useful if all of the other proxies that your server might want to communicate with are on a single internal LAN.

5. Click the Save button at the bottom of the page to update the configuration file with your new settings, then click the Apply Changes link back on the main page to activate them.

Article taken from http://doxfer.com/

Configuration Files in Webmin

Most Webmin modules work by editing configuration files on your system, like

Each module knows which configuration files it manages, and what commands need to be run to activate them. Not all modules actually deal with config files though - for example, the MySQL module works by executing SQL commands.

As such, it cannot participate in the configuration backup process.

More in details at http://doxfer.com/Webmin/

The iostat command

The iostat command at its most basic provides an overview of CPU and disk I/O statistics:

Below the first line (which contains the system’s kernel version and hostname, along with the current date), iostat displays an overview of the system’s average CPU utilization since the last reboot.

The CPU utilization report includes the following percentages:

Percentage of time spent in user mode (running applications, etc.)

Percentage of time spent in user mode (for processes that have altered their scheduling priority using nice(2))

Percentage of time spent in kernel mode.

Percentage of time spent idle.

Below the CPU utilization report is the device utilization report. This report contains one line for each active disk device on the system.

dig, or domain information groper, provides the ability to query any domain server for information about the domains it serves. It operates in both an interactive mode and a batch query mode.

Using dig is much like using host, in that in its simplest mode you enter just the command and the name to lookup.

However, dig is more verbose by default and presents a much wider array or information, though in a somewhat less readable form.

Just like host, it is possible to query your default system resolver, or you can query a name server specified on the command line. For example, I could query name server about the google.com domain.

Above, we have a large amount of information, though not all of it is generally useful to us. First is the version of dig, and the command line options we specified.

The comes some status information, including the NOERROR designator that indicates the name was retrieve without error. If the domain did not exist, or could not be queried, there would be an NXDOMAIN error or some other error. Next are the flags of the query.

In this case, we have one query and one answer which are contained in the QUESTION and ANSWER sections below it. The next two items inform us of the number of AUTHORITY and ADDITIONAL sections that follow. In this case, the authority section gives us the primary and secondary name servers for this domain, ns1.serverbuddies.com and ns2.serverbuddies.com, and the additional section provides the IP addresses of those name servers.

The last few lines give the time the query required, the server that was queried and the port on which it was queried, the time and date on which the query was made, and the size of the message received from the name server.

Like host, dig has a mode in which you can query all of the information available about the domain. This can be done by appending the ANY argument to the end of the command line. Furthermore, the options NS, MX, CNAME, etc. are also available and do just what you would expect.

Reference - for more please check - http://doxfer.com/Webmin/