Configuration of squid and setting of functions

Squid forward Agent
A forward proxy, which means a server located between the client and the original server (Origin server), in order to obtain content from the original server, the client sends a request to the agent and specifies the target (the original server), then the agent forwards the request to the original server and returns the obtained content to the client. The client can use a forward proxy. In a sense, "the client and the forward proxy server appear to be on the same LAN." The primary purpose of the forward proxy server is to cache the data in response to the client's HTTP requests, typically with user access control, which requires IP and port settings in the browser. A typical use of a forward proxy is to provide access to the Internet for LAN clients within the firewall. The forward proxy can also use the buffering feature (provided by Mod_cache) to reduce network usage.

Function:

1. Shared network
2. Speed up access and save communication bandwidth
3. Prevent internal hosts from being attacked
4. Restrict user access and improve network management

Service Name: Squid
Main program:/usr/sbin/squid
Configuration directory:/etc/squid
Master configuration file:/etc/squid/squid.conf
Listening TCP port number: 3128
Default Access log file:/var/log/squid/access.log

Squid Common configuration options

/etc/squid/squid.conf
Http_port 3128 (You can also listen to only one IP http_port 192.168.0.1:3128)
Cache_mem 64MB #缓存占内存大小
Maximum_object_size 4096KB #最大缓存块
Reply_body_max_size 1024000 Allow all #限定下载文件大小
Access_log/var/log/squid/access.log #访问日志存放的地方
Visible_hostname Proxy.test.xom #可见的主机名
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256
#ufs: Storage format for cached data
#/var/spool/squid Cache Directory
#100: Cache directory occupies disk space size (M)
#16: Number of cache space first-level subdirectories
#256: Number of cache space level two subdirectories
Cache_mgr [email protected] #定义管理员邮箱
Http_access deny all #访问控制

Squid installation
1. Installation can be installed using yum-y install squid or download source package.
Yum install-y Squid
The 2.squid master configuration file is/etc/squid/squid.conf, and the most basic configuration is as follows:
Http_port 3128 Setting the listening port and IP
Cache_mem to set the size of the memory buffer
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256 set hard disk buffer size
Cache_dffective_usersquid to set a valid user for caching
Cache_effective_groupsquid set up a valid user group for caching
Dns_nameservers 192.168.0.253 Set the DNS server address, you can generally not set
Cache_access_log/var/log/squid/access.log Setting Access log files
Cache_log/var/log/squid/cache.log setting the cache log file
Cache_store_log/var/log/squid/cache.log setting the cache log file
Visible_hostname Bob set Squid host name
Cache_mgr[email protected]Set up an administrator mailbox
ACL all src 0.0.0.0/24 set access control List
Http_access allow all to set access rights

The default set of Squid is to allow access to all sites, such as restrictions
ACL http Proto http
ACL good dstdomain. baidu.com. qq.com
Http_access deny Good

Types of Cached data
Refresh_pattern \. (jpg|png|fig|js|css|mp3|mp4) 1440 20% 2800 ignore-reload

Settings allow those IPs to use proxy
ACL inside SRC 192.168.1.0/24
Http_access Allow inside
Http_access Deny All

When defining multiple sites, you can define them in a document.
ACL allsite dstdomain "/etc/squid/allowsite.txt"
Http_access Allow Allsite
Http_access Deny!allsite
Enter the/etc/squid directory to create allsite text
Touch Allsite
Allow access to the Web site to write to this text can
Such as:
. baidu.com
. qq.com

It is also possible to restrict IP
ACL sdip src "/etc/squid/sdip.txt"
Vim/etc/squid/sdip.txt Add IP, write one IP per line
192.168.1.1
192.168.2.1
http_access Allow Sdip allsite #设置单独的ip允许访问单独的站点

Set up a separate IP to allow access to a site
ACL ashleycai src 192.168.1.14/32
ACL Ashleyip dstdomain. qq.com
Http_access Allow Ashleycai Ashleyip

Defining IP and defining sites
ACL aaip src 192.168.1.1
ACL QQ Dstdomain. qq.com

Define a time period
ACL accesstime time 8:00-11:45
ACL accesstime time 13:00-22:00

Define a specific file type
ACL mp3 Urlpath_regex-i \.mp3
ACL mp4 urlpath_regex-i \.mp4
ACL flv urlpath_regex-i \.flv

To define a specific file type file
ACL badfile urlpath_regex-i "/etc/squid/badfile.txt"

Squid Cancel the version information that appears on the error page
Vim/etc/squid/squid.conf
Enable the following options: Httpd_suppress_version_string on

Reload Squid Configuration
Service Squid Reload

Squid Common commands:
/usr/local/squid/sbin/squid-z Initializing Cache space
/usr/local/squid/sbin/squid start
/usr/local/squid/sbin/squid-k shutdown stop
/usr/local/squid/sbin/squid-k Reconfigure Reload configuration file
/usr/local/squid/sbin/squid-k rotate round-robin log

Reference:

Http://www.cnblogs.com/cherishry/p/5706736.html

Configuration of squid and setting of functions