Squid正向代理

簡介

正向代理語義上更側重于,讓代理服務器去幫忙請求某個網址。讓代理服務器去幫忙訪問qq,baidu這些網站等。
在這里有兩個特征。
1、被訪問的服務器(qq、baidu)只知道是代理服務器請求的,而不知道是你請求的;
2、你可以明確知道你要請求的真實服務器(qq、baidu)
3、客戶端必須在瀏覽器設置代理服務器的地址和端口。(設置之后,意思就是說只要在這個瀏覽器上輸入的網址,統統都丟給代理服務器去幫忙訪問)

安裝

yum install -y squid

配置

vim /etc/squid/squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?
# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

這里我主要改變了以下幾行

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?

將緩存的目錄改變到
/data/cache
所以我們要來創建/緩存目錄

mkdir -p /data/cache

chown -R squid:squid /data/cache

初始化緩存目錄

squid -z

檢測配置文件是否有語法錯誤

squid -k check

squid: ERROR: No running copy

這是說 squid 還未啟動,沒有關系

service squid start

我在啟動的時候一直出錯無法啟動,查看日志后發現

/data/cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.23): Terminated abnormally.

但是我明明已經給squid授權了呀!
后來才發現自己的selinux沒有關閉

setenforce=0

vim /etc/selinux/config

selinux=disabled

再次啟動服務,成功啟動

測試

curl -x 127.0.0.1:3128 http://www.baidu.com -I

成功返回網頁,成功!

設置白名單

如果我們只想代理某幾個域名
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl good_domain dstdomain .hpe.com .hpelinux.com
http_access allow http good_domain
http_access deny http !good_domain

重啟squid
service squid restart

再次代理訪問百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

不能成功返回,應該是403禁止訪問

設置黑名單

道理和設置白名單相同
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl bad_domain dstdomain .sina.com .sohu.com
http_access allow http !bad_domain
http_access deny http bad_domain

重啟squid

service squid restart

再次代理訪問百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

可以訪問,成功返回200

代理訪問新浪

curl -x 127.0.0.1:3128 http://www.sina.com -I

訪問出錯,403禁止訪問

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容

  • Spring Cloud為開發人員提供了快速構建分布式系統中一些常見模式的工具(例如配置管理,服務發現,斷路器,智...
    卡卡羅2017閱讀 134,923評論 18 139
  • 國家電網公司企業標準(Q/GDW)- 面向對象的用電信息數據交換協議 - 報批稿:20170802 前言: 排版 ...
    庭說閱讀 11,149評論 6 13
  • 一、概念(載錄于:http://www.cnblogs.com/EricaMIN1987_IT/p/3837436...
    yuantao123434閱讀 8,440評論 6 152
  • 由于最近要對公司網絡進行優化,經過研究使用squid對網絡進行正向代理來增加速度. squid下載地址 一、squ...
    骨感冰人閱讀 4,101評論 0 1
  • 我們站在時代的路口 望著那滾滾而去的洪流 上天給予每個人同樣的青春與年華 已經足夠 此時此刻就讓我們 啟程.遠走 ...
    仁者之心閱讀 427評論 2 2