美文网首页
linux搭建squid代理服务器

linux搭建squid代理服务器

作者: 吞风咽雪 | 来源:发表于2020-05-25 15:10 被阅读0次

    简介

    正向代理语义上更侧重于,让代理服务器去帮忙请求某个网址。让代理服务器去帮忙访问qq,baidu这些网站等。
    在这里有两个特征。
    1、被访问的服务器(qq、baidu)只知道是代理服务器请求的,而不知道是你请求的;
    2、你可以明确知道你要请求的真实服务器(qq、baidu)
    3、客户端必须在浏览器设置代理服务器的地址和端口。(设置之后,意思就是说只要在这个浏览器上输入的网址,统统都丢给代理服务器去帮忙访问)

    安装

    yum install -y squid
    

    配置

    vim /etc/squid/squid.conf
    
    #
    # Recommended minimum configuration:
    #
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    
    acl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT
    
    #
    # Recommended minimum Access Permission configuration:
    #
    # Only allow cachemgr access from localhost
    #
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager
    
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports
    
    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost
    
    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #
    
    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost
    
    # And finally deny all other access to this proxy
    #http_access deny all
    
    http_access allow all
    cache_dir aufs /data/cache  1024 16 256
    cache_mem 512 MB
    hierarchy_stoplist cgi-bin ?
    # Squid normally listens to port 3128
    http_port 3128
    
    # Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256
    
    # Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid
    
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
    refresh_pattern .               0       20%     4320
    

    这里我主要改变了以下几行

    http_access allow all
    cache_dir aufs /data/cache  1024 16 256
    cache_mem 512 MB
    hierarchy_stoplist cgi-bin ?
    

    将缓存的目录改变到
    /data/cache
    所以我们要来创建/缓存目录

    mkdir -p /data/cache
    
    chown -R squid:squid /data/cache
    

    初始化缓存目录

    squid -z
    

    检测配置文件是否有语法错误

    squid -k check
    
    squid: ERROR: No running copy
    

    这是说 squid 还未启动,没有关系

    service squid start
    

    我在启动的时候一直出错无法启动,查看日志后发现

    /data/cache/swap.state: (13) Permission denied
    FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
    Squid Cache (Version 3.1.23): Terminated abnormally.
    

    但是我明明已经给squid授权了呀!
    后来才发现自己的selinux没有关闭

    setenforce=0
    
    vim /etc/selinux/config
    
    selinux=disabled
    

    再次启动服务,成功启动

    测试

    curl -x 127.0.0.1:3128 http://www.baidu.com -I
    成功返回网页,成功!

    设置白名单

    如果我们只想代理某几个域名
    vim /etc/squid/squid.conf
    在acl CONNECT method CONNECT下面加入

    acl http proto HTTP
    acl good_domain dstdomain .hpe.com .hpelinux.com
    http_access allow http good_domain
    http_access deny http !good_domain
    

    重启squid
    service squid restart
    再次代理访问百度
    curl -x 127.0.0.1:3128 http://www.baidu.com -I
    不能成功返回,应该是403禁止访问

    设置黑名单

    道理和设置白名单相同
    vim /etc/squid/squid.conf
    在acl CONNECT method CONNECT下面加入

    acl http proto HTTP
    acl bad_domain dstdomain .sina.com .sohu.com
    http_access allow http !bad_domain
    http_access deny http bad_domain
    

    重启squid

    service squid restart
    

    再次代理访问百度

    curl -x 127.0.0.1:3128 http://www.baidu.com -I
    

    可以访问,成功返回200

    代理访问新浪

    curl -x 127.0.0.1:3128 http://www.sina.com -I
    

    访问出错,403禁止访问

    相关文章

      网友评论

          本文标题:linux搭建squid代理服务器

          本文链接:https://www.haomeiwen.com/subject/taeyahtx.html