Configuration of Squid Proxy server

Squid agent is divided into "forward proxy" and "reverse proxy".

The "Forward proxy" is mainly used for proxy users to access the external network, to manage the user's access behavior and to save the bandwidth (the/data/cache directory holds the cache of user access, and when other users access the same resource again, it is read from/data/cache).

The reverse proxy is primarily applied to requests that are requested by the Proxy service. For example, user a accesses server C, which is slow, but the communication between server C and Server B is fast, and communication between User A and Server B is fast. Therefore, Server B can be set as a reverse proxy server, and proxy Server B is used to proxy server C requests.

One: Install Squid

Yum-y Install Squid

Two: Configure Squid service

Vim/etc/squid/squid.conf

A: Forward proxy (proxy user's request)

http_port 2480 #squid的代理端口
ACL manager Proto Cache_object #定义的acl访问控制
ACL localhost src 127.0.0.1/32:: 1 #lo的回环
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1
ACL localnet src 10.0.0.0/8 # RFC1918 possible Internal network
ACL localnet src 172.16.0.0/12 # RFC1918 possible Internal network
ACL localnet src 192.168.0.0/16 # RFC1918 possible Internal network
ACL ssl_ports port 443
ACL safe_ports Port 8080 # http Ports
ACL safe_ports Port # FTP ports
ACLS safe_ports Port 443 # HTTPS Ports
ACL Connect method Connect
Http_access allow manager localhost
Http_access Deny Manager
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
Http_access Allow LocalNet
http_access allow localhost
Http_access Allow all
Cache_dir Aufs/data/cache #squid缓存的目录 1024 for the cache

total space. 16 is the number of one-tier catalogs, and 256 is the number of two-tier catalogs
Cache_mem MB #内存大小
Hierarchy_stoplist Cgi-bin?
Coredump_dir/var/spool/squid
Refresh_pattern ^ftp:1440 20% 10080
Refresh_pattern ^gopher:1440 0% 1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0
Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
Refresh_pattern. 0 20% 4320

"ACL access Control Example"

Set HTTP access Whitelist (only allow access to Baidu and Zol Dstdomain followed by domain

Name) The same idea can set HTTP access to the blacklist.

ACL http Proto http
ACL pass_domain dstdomain. baidu.com. zol.com
http_access allow HTTP pass_domain
http_access deny HTTP!pass_domain

Three: Start squid

/etc/init.d/squid start

SQUID-KCH: Check the configuration of squid.conf for errors (need to start squid first);

Squid-kre: Reload Squid

Four: Set up agent in IE browser

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5D/0E/wKioL1UgnrmQVhVXAAEsm2IOCcE765.jpg "title=" 1.png " alt= "Wkiol1ugnrmqvhvxaaesm2iocce765.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5D/13/wKiom1Ugnbfj4BcpAAG2h-kiXvE570.jpg "title=" 1.png " alt= "Wkiom1ugnbfj4bcpaag2h-kixve570.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5D/0E/wKioL1UgnzeTJUNLAAE19sgOh_g137.jpg "title=" 1.png " alt= "Wkiol1ugnzetjunlaae19sgoh_g137.jpg"/>

Tick "Use proxy server for LAN" address: Squid IP port: The port set in squid.conf.

B: Reverse proxy (proxy service request)

Vim/etc/squid/squid.conf

http_port Accel Vhost vport
Cache_peer 58.215.191.3 Parent 0 originserver name=a
Cache_peer 180.97.33.107 Parent 0 originserver name=b
Cache_peer_domain a nba.hupu.com
Cache_peer_domain bWww.baidu.com

the other steps are consistent with the forward proxy.

This article is from the "night Reading Wit Hope female Ghost" blog, please be sure to keep this source http://more3.blog.51cto.com/9929586/1629044

Configuration of Squid Proxy server