Squid正向代理

簡介

正向代理語義上更側(cè)重于,讓代理服務(wù)器去幫忙請求某個網(wǎng)址。讓代理服務(wù)器去幫忙訪問qq,baidu這些網(wǎng)站等。
在這里有兩個特征。
1、被訪問的服務(wù)器(qq、baidu)只知道是代理服務(wù)器請求的,而不知道是你請求的;
2、你可以明確知道你要請求的真實服務(wù)器(qq、baidu)
3、客戶端必須在瀏覽器設(shè)置代理服務(wù)器的地址和端口。(設(shè)置之后,意思就是說只要在這個瀏覽器上輸入的網(wǎng)址,統(tǒng)統(tǒng)都丟給代理服務(wù)器去幫忙訪問)

安裝

yum install -y squid

配置

vim /etc/squid/squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?
# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

這里我主要改變了以下幾行

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?

將緩存的目錄改變到
/data/cache
所以我們要來創(chuàng)建/緩存目錄

mkdir -p /data/cache

chown -R squid:squid /data/cache

初始化緩存目錄

squid -z

檢測配置文件是否有語法錯誤

squid -k check

squid: ERROR: No running copy

這是說 squid 還未啟動,沒有關(guān)系

service squid start

我在啟動的時候一直出錯無法啟動,查看日志后發(fā)現(xiàn)

/data/cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.23): Terminated abnormally.

但是我明明已經(jīng)給squid授權(quán)了呀!
后來才發(fā)現(xiàn)自己的selinux沒有關(guān)閉

setenforce=0

vim /etc/selinux/config

selinux=disabled

再次啟動服務(wù),成功啟動

測試

curl -x 127.0.0.1:3128 http://www.baidu.com -I

成功返回網(wǎng)頁,成功!

設(shè)置白名單

如果我們只想代理某幾個域名
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl good_domain dstdomain .hpe.com .hpelinux.com
http_access allow http good_domain
http_access deny http !good_domain

重啟squid
service squid restart

再次代理訪問百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

不能成功返回,應(yīng)該是403禁止訪問

設(shè)置黑名單

道理和設(shè)置白名單相同
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl bad_domain dstdomain .sina.com .sohu.com
http_access allow http !bad_domain
http_access deny http bad_domain

重啟squid

service squid restart

再次代理訪問百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

可以訪問,成功返回200

代理訪問新浪

curl -x 127.0.0.1:3128 http://www.sina.com -I

訪問出錯,403禁止訪問

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,506評論 19 139
  • 國家電網(wǎng)公司企業(yè)標準(Q/GDW)- 面向?qū)ο蟮挠秒娦畔?shù)據(jù)交換協(xié)議 - 報批稿:20170802 前言: 排版 ...
    庭說閱讀 12,306評論 6 13
  • 一、概念(載錄于:http://www.cnblogs.com/EricaMIN1987_IT/p/3837436...
    yuantao123434閱讀 8,726評論 6 152
  • 由于最近要對公司網(wǎng)絡(luò)進行優(yōu)化,經(jīng)過研究使用squid對網(wǎng)絡(luò)進行正向代理來增加速度. squid下載地址 一、squ...
    骨感冰人閱讀 4,279評論 0 1
  • 我們站在時代的路口 望著那滾滾而去的洪流 上天給予每個人同樣的青春與年華 已經(jīng)足夠 此時此刻就讓我們 啟程.遠走 ...
    仁者之心閱讀 496評論 2 2

友情鏈接更多精彩內(nèi)容