Configuring Squid Agents with CentOS7

In fact, before a squid, just because too lazy, online random search a tutorial, with the default port and no user authentication added. One day, unfortunately, was swept by a reptile, and was used to send a half-month of junk mail. Until one day to log in to the mailbox, saw a large lump of warning messages, only to realize the serious problem. After a surprise stay, quickly re-match-.-

I am here with squid configured with a user authentication of the ordinary agent.

Installation

The installation process is very simple, just need to install squid, a command to fix. I have a squid3.3 here.

Yum Install Squid

grep squidsquid-3.3. 8-el7_0.x86_64.

Configuration

Modify the Squid configuration file/etc/squid/squid.conf

The main thing is to configure ports, caches, logs, and access rules.

3712 4-/var/log/ Squid/access.loghttp_access allow Allvisible_hostname Squid.chao

Initialization

The cache directory needs to be reinitialized before the first boot or after the cache path has been modified.

Squid-z

Start

Systemctl start Squid

Use

Modify the proxy configuration in the browser.

In Windows:

Proxy server, LAN connection, Internet Options

In the MACOSX:

Agent--Web proxy, Safari-

Then enter your proxy address and port to work properly.

Test

I see a very simple method from the Internet that can be used to quickly test whether your agent is working properly. First turn on Baidu and then search for IP. If it comes out of the IP of the machine you are acting for, then congratulations, a big wave of junk mail coming.

Add user authentication

In order to prevent our agents from being swept and used for illegal purposes, it is very necessary for us to add user authentication to our squid. As a matter of fact, the agent I just worked with was swept away before long.

I see it in my access.log. However, I did not add any authentication mechanism at this time, fortunately I did not use the port, or my mailbox will receive a large lump of warning mail.

1439106533.703      0 89.102.9.196tcp_denied/403 3739GET http://www2.praguerentacar.com/proxy/detectproxy.php-hier_none/-text/html1439106539.302      0 89.102.9.196tcp_denied/403 3724GET http://www2.intimnosti.cz/proxy/detectproxy.php-hier_none/-text/html1439106544.881      0 89.102.9.196tcp_denied/403 3706GET http://93.185.96.50/proxy/detectproxy.php-hier_none/-text/html1439106550.453      0 89.102.9.196tcp_denied/403 3712GET http://www2.nuabi.com/proxy/detectproxy.php-hier_none/-text/html

We use the NCSA Certification module to add certification to our squid. Why do I choose NCSA, because i have searched the internet most of the way.

First we have to configure our Access user's account information. The last parameter is the username, which can be replaced by any name you like ~

Htpasswd-c/etc/squid/passwd Chao

If you can't find htpasswd, just pack an Apache first. Yum install httpd. Then you can use the htpasswd.

After having the account file, we reconfigure our squid. Inside the squid.conf, put

Http_access Allow all

Change into

Auth_param Basic Program/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwd5auth_ Param Basic Realm Chao'S squid server2  hoursacl myacl proxy_auth requiredhttp_ Access Allow myaclhttp_access deny all

Finally, the squid will be restarted.

Systemctl Restart Squid

Now when you use the proxy to access the page, a prompt will pop up to let you enter the user name password. You will then be able to continue the visit.

Configuration Instructions

Some people may start on the principle and configuration of the detailed introduction is not a cold, just want to let the agent run up first. At least that's what I am. So, I put this piece in the end.

Now, let's start by introducing the specifics of the configuration above. Of course, the reference website will be more accurate.

Http_port 3712 This specifies the port of our agent.

Cache_mem MB of cache size in memory

Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256 the cache folder, which is cached only in memory by default. This specifies a cache size of 100M, a first-level subdirectory of 16, and a second layer of 256.

Maximum_object_size 4 MB Maximum cached file size, this is used with the above Cache_dir, only for caching to disk files.

Access_log/var/log/squid/access.log Access Log

Auth_param Basic PROGRAM/USR/LIB64/SQUID/BASIC_NCSA_AUTH/ETC/SQUID/PASSWD designated Certification program and account file

Auth_param Basic Children 5 Certification program number of simultaneous runs

Auth_param Basic Realm Chao ' s squid Server client when using a proxy, enter the description in the prompt box that appears when the password is entered.

Auth_param Basic CREDENTIALSTTL 2 hours certification duration

ACL Myacl Proxy_auth REQUIRED authentication with an external program for MYACL

Http_access allow Myacl to enable member access in MYACL

Http_access deny all denies all other accesses

Visible_hostname Squid.chao Agent Machine name

Configuring Squid Agents with CentOS7