Experiences of squid on multi-port proxy

Source: Internet
Author: User

Experiences of squid on multi-port proxy

It is very convenient to use squid to open a second-level proxy, that is, to write an article on the configuration file, which makes the default configuration file look big. Generally, a new one is written.
A proxy is provided to the brothers at campus. It uses the dynamic IP address of B campus as the parent proxy.
However, there is enough e in the dynamics. Don't talk about it outside of China, and you often have cramps.
Because another dedicated proxy A can be used abroad, the idea of opening two second-level proxies emerged.
Only one computer, of course, can only open two ports on its own (in fact, it was later thought that the authentication method can be used for different users who come in with a port to use different parent-level proxies, in this way, the squid Configuration
It will be a little troublesome to set the file). First, you can't get the necessary information, and there is no real example. When someone opens it like this, you can only know that it is easy to use Wingate in windows.

WinGate can think of it. I think Squid should be able to do the same. Let's figure it out.
The basic idea is:

Service port 3128 ----- squid ----- Dynamic IP connection ---- domestic access
Service port 6666 ----- squid ----- proxy a ---- foreign access

The first thought is to start squid twice and manually specify another configuration file for it (-f). The first attempt is to get the information squid is already running! Process ID ****. Think about this method as well as brutal, inefficient and stable, so abandon it.

So I started to figure out the idea of setting up the configuration file. on Google, I found that the two ports used different Authentication configuration methods on the Forum. OK, there is a way to open the two ports, the key is to access the two ports.
Traffic Distribution. Squid is generally used to distribute the domain where different connection destination addresses are located. For example, it is used to send a series of requests to. com to the parent proxy X and the request proxy to the parent of .edu.cn.
Proxy y,

In this case, the cache_peer_domain selection rule is used.

Cache_peer_domain y .edu.cn
Cache_peer_domain X !. Edu.cn

Since there are selection rules for the target domain, are there any selection rules for other situations?
Still find the powerful access control rule cache_peer_access in Squid. conf. Default (in fact, everything in this big and messy squid. conf. Default is taught to us.
Should be well read at the beginning)

For example, select an access control list:
For requests from 192.168.1.0, we use the local.proxy.com parent proxy service.
And other requests are directly processed by the local sub-proxy server,
In this case, we can use the cache_peer_access option to implement:

ACL localnet SRC 192.168.1.0/2525250
ACL all SRC 0.0.0.0/0.0.0.0
Cache_peer local.proxy.com parent 3128 3130
Cache_peer_access local.proxy.com allow localnet
Cache_peer_access local.proxy.com deny all

The following configuration code is completed by combining the powerful functions of cache_peer_access.
Http_port 3128
Http_port 6666
# Declare two ports
ACL x myport 3128
ACL y myport 6666
Http_access allow x
Http_access allow y
# Accept HTTP requests from two ports
ACL all SRC 0.0.0.0/0.0.0.0
Cache_peer 10.10.4.52 parent 6666 3130 login = ***: *** default no-Query
Cache_peer 10. ****. **. ** parent 3128 3130
Cache_peer_access 10.10.4.52 allow! Y
# Let the parent proxy of the Dynamic IP address respond to port 3128 access and do not respond to port 6666
Cache_peer_access 10. *****. ** allow y
# Request proxy A to respond to access through port 6666

In this way, access from different ports is diverted. It works well.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.