美文网首页
Squid正向代理

Squid正向代理

作者: 石乐志的LK | 来源:发表于2017-10-03 19:02 被阅读0次

    简介

    正向代理语义上更侧重于,让代理服务器去帮忙请求某个网址。让代理服务器去帮忙访问qq,baidu这些网站等。
    在这里有两个特征。
    1、被访问的服务器(qq、baidu)只知道是代理服务器请求的,而不知道是你请求的;
    2、你可以明确知道你要请求的真实服务器(qq、baidu)
    3、客户端必须在浏览器设置代理服务器的地址和端口。(设置之后,意思就是说只要在这个浏览器上输入的网址,统统都丢给代理服务器去帮忙访问)

    安装

    yum install -y squid

    配置

    vim /etc/squid/squid.conf

    #
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?
# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

    这里我主要改变了以下几行

    http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?

    将缓存的目录改变到
    /data/cache
    所以我们要来创建/缓存目录

    mkdir -p /data/cache

chown -R squid:squid /data/cache

    初始化缓存目录

    squid -z

    检测配置文件是否有语法错误

    squid -k check

    squid: ERROR: No running copy

    这是说 squid 还未启动,没有关系

    service squid start

    我在启动的时候一直出错无法启动,查看日志后发现

    /data/cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.23): Terminated abnormally.

    但是我明明已经给squid授权了呀!
    后来才发现自己的selinux没有关闭

    setenforce=0

vim /etc/selinux/config

selinux=disabled

    再次启动服务,成功启动

    测试

    curl -x 127.0.0.1:3128 http://www.baidu.com -I

    成功返回网页,成功!

    设置白名单

    如果我们只想代理某几个域名
    vim /etc/squid/squid.conf
    在acl CONNECT method CONNECT下面加入

    acl http proto HTTP
acl good_domain dstdomain .hpe.com .hpelinux.com
http_access allow http good_domain
http_access deny http !good_domain

    重启squid
    service squid restart

    再次代理访问百度

    curl -x 127.0.0.1:3128 http://www.baidu.com -I

    不能成功返回,应该是403禁止访问

    设置黑名单

    道理和设置白名单相同
    vim /etc/squid/squid.conf
    在acl CONNECT method CONNECT下面加入

    acl http proto HTTP
acl bad_domain dstdomain .sina.com .sohu.com
http_access allow http !bad_domain
http_access deny http bad_domain

    重启squid

    service squid restart

    再次代理访问百度

    curl -x 127.0.0.1:3128 http://www.baidu.com -I

    可以访问,成功返回200

    代理访问新浪

    curl -x 127.0.0.1:3128 http://www.sina.com -I

    访问出错,403禁止访问

    相关文章

      网友评论

          本文标题:Squid正向代理

          本文链接:https://www.haomeiwen.com/subject/ehyfyxtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|Squid正向代理|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!