In fact, before a squid, just because too lazy, online random search a tutorial, with the default port and no user authentication added. One day, unfortunately, was swept by a reptile, and was used to send a half-month of junk mail. Until one day to log in to the mailbox, saw a large lump of warning messages, only to realize the serious problem. After a surprise stay, quickly re-match-.-
I am here with squid configured with a user authentication of the ordinary agent.
Installation
The installation process is very simple, just need to install squid, a command to fix. I have a squid3.3 here.
Yum Install Squid
grep squidsquid-3.3. 8-el7_0.x86_64.
Configuration
Modify the Squid configuration file/etc/squid/squid.conf
The main thing is to configure ports, caches, logs, and access rules.
3712 4-/var/log/ Squid/access.loghttp_access allow Allvisible_hostname Squid.chao
Initialization
The cache directory needs to be reinitialized before the first boot or after the cache path has been modified.
Squid-z
Start
Systemctl start Squid
Use
Modify the proxy configuration in the browser.
In Windows:
Proxy server, LAN connection, Internet Options
In the MACOSX:
Agent--Web proxy, Safari-
Then enter your proxy address and port to work properly.
Test
I see a very simple method from the Internet that can be used to quickly test whether your agent is working properly. First turn on Baidu and then search for IP. If it comes out of the IP of the machine you are acting for, then congratulations, a big wave of junk mail coming.
Add user authentication
In order to prevent our agents from being swept and used for illegal purposes, it is very necessary for us to add user authentication to our squid. As a matter of fact, the agent I just worked with was swept away before long.
I see it in my access.log. However, I did not add any authentication mechanism at this time, fortunately I did not use the port, or my mailbox will receive a large lump of warning mail.
1439106533.703 0 89.102.9.196tcp_denied/403 3739GET http://www2.praguerentacar.com/proxy/detectproxy.php-hier_none/-text/html1439106539.302 0 89.102.9.196tcp_denied/403 3724GET http://www2.intimnosti.cz/proxy/detectproxy.php-hier_none/-text/html1439106544.881 0 89.102.9.196tcp_denied/403 3706GET http://93.185.96.50/proxy/detectproxy.php-hier_none/-text/html1439106550.453 0 89.102.9.196tcp_denied/403 3712GET http://www2.nuabi.com/proxy/detectproxy.php-hier_none/-text/html
We use the NCSA Certification module to add certification to our squid. Why do I choose NCSA, because i have searched the internet most of the way.
First we have to configure our Access user's account information. The last parameter is the username, which can be replaced by any name you like ~
Htpasswd-c/etc/squid/passwd Chao
If you can't find htpasswd, just pack an Apache first. Yum install httpd. Then you can use the htpasswd.
After having the account file, we reconfigure our squid. Inside the squid.conf, put
Http_access Allow all
Change into
Auth_param Basic Program/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwd5auth_ Param Basic Realm Chao'S squid server2 hoursacl myacl proxy_auth requiredhttp_ Access Allow myaclhttp_access deny all
Finally, the squid will be restarted.
Systemctl Restart Squid
Now when you use the proxy to access the page, a prompt will pop up to let you enter the user name password. You will then be able to continue the visit.
Configuration Instructions
Some people may start on the principle and configuration of the detailed introduction is not a cold, just want to let the agent run up first. At least that's what I am. So, I put this piece in the end.
Now, let's start by introducing the specifics of the configuration above. Of course, the reference website will be more accurate.
Http_port 3712 This specifies the port of our agent.
Cache_mem MB of cache size in memory
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256 the cache folder, which is cached only in memory by default. This specifies a cache size of 100M, a first-level subdirectory of 16, and a second layer of 256.
Maximum_object_size 4 MB Maximum cached file size, this is used with the above Cache_dir, only for caching to disk files.
Access_log/var/log/squid/access.log Access Log
Auth_param Basic PROGRAM/USR/LIB64/SQUID/BASIC_NCSA_AUTH/ETC/SQUID/PASSWD designated Certification program and account file
Auth_param Basic Children 5 Certification program number of simultaneous runs
Auth_param Basic Realm Chao ' s squid Server client when using a proxy, enter the description in the prompt box that appears when the password is entered.
Auth_param Basic CREDENTIALSTTL 2 hours certification duration
ACL Myacl Proxy_auth REQUIRED authentication with an external program for MYACL
Http_access allow Myacl to enable member access in MYACL
Http_access deny all denies all other accesses
Visible_hostname Squid.chao Agent Machine name
Configuring Squid Agents with CentOS7