Day 40th: Squid agent some configuration

Small Q: The most successful CEOs I know just started out not just for money – they all dreamed of using their own products or

Services change the world, and money comes with it. ---Obama at the Georgia State College graduation ceremony said

----------------Squid log does not record the specified type of file----------------------

Add in squid.conf:

ACL nolog urlpath_regex-i \.css \.js \.swf \.jpg \.gif \.png \.jpeg

Access_log/var/log/squid/access.log Common!nolog

#其中common for log format

----------------------Squid Agent user authentication-------------------------

Add Authentication with authentication helpers

There are several authentication methods:

= = Ncsa:uses an ncsa-style username and password file.

= ldap:uses The lightweight Directory Access Protocol

= = Msnt:uses a Windows NT authentication domain.

= = Pam:uses The Linux pluggable authentication Modules scheme.

= = smb:uses a SMB server like Windows NT or Samba.

= = getpwam:uses the old-fashioned Unix password file.

= = Sasl:uses SALS libraries.

= = NTLM, Negotiate and Digest authentication

Configuring NCSA Authentication

Create authentication username/password, use HTPASSWD, need Apache:

#htpasswd/etc/squid/passwd User1

Enter password

Determine if squid supports authentication helper

Yum-Installed

#rpm-QL Squid | grep Ncsa_auth

Output:

/usr/lib64/squid/ncsa_auth

Configuring SQUID Certification

Vi/etc/squid/squid.conf

Add Validation section:

Auth_param Basic PROGRAM/USR/LIB64/SQUID/NCSA_AUTH/ETC/SQUID/PASSWD

Define squid password file with Ncsa_auth file location

Auth_param Basic Children 15//number of authentication processes

Auth_param Basic Realm Squid proxy-caching Web server

Auth_param Basic Credentialsttl 2 hours//certification validity period

Auth_param basic casesensitive off//user name is case-insensitive and can be

Change to on case-sensitive

To add an ACL authentication User:

ACL ncsa_users Proxy_auth REQUIRED

Http_access Allow Ncsa_users

Restart:/etc/init.d/squid restart

----------------------Configure the anti-theft chain-----------------------

Add the following configuration to the ACL segment in squid.conf:

ACL Has_referer Referer_regex

ACL Allow_referer referer_regex-i baidu\.com

ACL Allow_referer referer_regex-i google\.com

ACL Allow_referer referer_regex-i yahoo\.cn

Http_access Allow!has_referer

Http_access Deny!allow_referer

Deny_info http://img1.test.com/images/noposter.jpg Allow_referer

Has_referer matching referer exist, and then use!has_referer to match the request without referer that is directly accessed, this part of the request does not do anti-theft chain processing, allow.

Allow_referer is the site that allows the use of source station resources, and then uses!allow_referer to match sites that are not in the Allow list, and these disallowed referer requests return deny_info content.

---------------------View Squid Cache-------------------

Command: squidclient-h host-p Port Mgr:info

For example:/usr/local/squid/bin/squidclient-h 127.0.0.1-p 8080 Mgr:info

The premise of using this command is that you have configured the relevant options in your squid.conf

ACL manager Proto Cache_object

Http_access Allow Manager

---------------------Delete Squid cache---------------------

First add the ACL list to the squid's master profile and allow trusted hosts to clear the cache

ACL managercache src 192.168.1.145 127.0.0.1

ACL Purge Method Purge

Http_access Allow Managercache Purge

Http_access Deny Purge

Clears a cache from squid

/usr/local/squid/bi/squidclient-h 192.168.1.145-p80-m PURGE

Http://www.linuxidc.com/404.html

Batch purge files in squid cache

#脚本 the following #!/bin/sh squidcache_path= "/usr/local/squid/var/cache/" squidclient_path= "/usr/local/squid/bin/squidclient" GREP-A-R $ $squidcache _path/* | Strings | grep "http:" | Awk-f ' http: ' {print ' http: ' $ $ ';} ' > Cache_list.txt for URL in ' Cat cache_list.txt '; Do $squidclient _path-m purge-p80 $url Done

Note: Squidcache_path is the squid cache path Squidclient_path is the path to the squidclient command

-P is the port that specifies squid listening and gives clearcache.sh Execute permissions

chmod +x clearcache.sh

How to use

1. Clear all flash caches (extension. swf):

./clear_squid_cache.sh SWF

2. Clear all caches that contain sina.com.cn in the URL:

./clear_squid_cache.sh sina.com.cn

3. Clear all caches with file name zhangyan.jpg:

./clear_squid_cache.sh zhangyan.jpg

Connecting Address: http://beibing.blog.51cto.com/10693373/1700901

Day 40th: Squid agent some configuration