Ubuntu环境下:
$ sudo apt-get install squid
$ sudo vim /etc/squid/squid.conf
#2.6下基础配置中
http_port 3128 transparent
cache_men cache_dir (根据目标的代理服务器进行配置)
dns_nameservers 202.101.172.35 202.101.172.46 202.101.172.47
auth_param 相对进行开放,children 5
realm Squid proxy-caching web server
casesensitive off
#acl 配置
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl denydomain dstdomain -i "/etc/squid/denydomain"
acl allowsrcip src "/etc/squid/allowsrcip"
acl denyurlregex url_regex -i "/etc/squid/denyurlregex"
acl time1 time SMTWHFA 0:00-23:59
acl conn1 maxconn 60
acl file1 urlpath_regex -i \.mp3$ \.exe$ \.zip$ \.rar$ \.torrent$ \.avi$ \.rmvb$ \.wma$ \.com$ \.mpg$ \.rm$ \.scr$ \.ocx$ \.cab$
#http_access deny/allow
http_access deny denydomain
http_access deny !allowsrcip
http_access deny file1
http_access deny denyurlregex
http_access deny allowsrcip !time1
http_access deny allowsrcip conn1
http_access allow localhost
http_access allow allowsrcip
http_access deny all
denydomain dengyurlregex allowsrcip 进行配置
#2.5的反向代理加速配置
#httpd_accel_host 127.0.0.1
#httpd_accel_port 80
#httpd_accel_single_host on
#httpd_accel_uses_host_header on
#httpd_accel_with_proxy on
总体来说整个SQUID在版本升级以后变的更为简单,但是一开始并不是十分适应,我大概用了将近一个礼拜也没有讲透明代理的效果设置出来,根据前面设置的IPTABLES相互配合,两者可以相辅相成,对于两者来说需要怎么样使用都可以来看。
在经理的调试下,终于成功。
$ sudo apt-get install squid
$ sudo vim /etc/squid/squid.conf
#2.6下基础配置中
http_port 3128 transparent
cache_men cache_dir (根据目标的代理服务器进行配置)
dns_nameservers 202.101.172.35 202.101.172.46 202.101.172.47
auth_param 相对进行开放,children 5
realm Squid proxy-caching web server
casesensitive off
#acl 配置
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl denydomain dstdomain -i "/etc/squid/denydomain"
acl allowsrcip src "/etc/squid/allowsrcip"
acl denyurlregex url_regex -i "/etc/squid/denyurlregex"
acl time1 time SMTWHFA 0:00-23:59
acl conn1 maxconn 60
acl file1 urlpath_regex -i \.mp3$ \.exe$ \.zip$ \.rar$ \.torrent$ \.avi$ \.rmvb$ \.wma$ \.com$ \.mpg$ \.rm$ \.scr$ \.ocx$ \.cab$
#http_access deny/allow
http_access deny denydomain
http_access deny !allowsrcip
http_access deny file1
http_access deny denyurlregex
http_access deny allowsrcip !time1
http_access deny allowsrcip conn1
http_access allow localhost
http_access allow allowsrcip
http_access deny all
denydomain dengyurlregex allowsrcip 进行配置
#2.5的反向代理加速配置
#httpd_accel_host 127.0.0.1
#httpd_accel_port 80
#httpd_accel_single_host on
#httpd_accel_uses_host_header on
#httpd_accel_with_proxy on
总体来说整个SQUID在版本升级以后变的更为简单,但是一开始并不是十分适应,我大概用了将近一个礼拜也没有讲透明代理的效果设置出来,根据前面设置的IPTABLES相互配合,两者可以相辅相成,对于两者来说需要怎么样使用都可以来看。
在经理的调试下,终于成功。
评论