Squid Agent Service Deployment

Build Squid Proxy Server
1. Configure IP Address

2, compile and install squid software
[[email protected] ~]# tar-zxvf squid-3.4.6.tar.gz-c/usr/src/
[[email protected] ~]# cd/usr/src/squid-3.4.6/
[[email protected] squid-3.4.6]#./configure--prefix=/usr/local/squid-- Sysconfdir=/etc--enable-arp-acl--enable-linux-netfilter--enable-linuxtproxy
--enable-async-io=100-- Enable-err-language= "Simplify_chinese"--enable-underscore--enable-poll--enable-gnuregex
[[email  Protected] squid-3.4.6]#./configure
--prefix=/usr/local/squid//Specify installation directory
--SYSCONFDIR=/ETC//Specify Configuration file directory
-- ENABLE-ARP-ACL//Enable anti-ARP attack feature
--enable-linux-netfilter//enable kernel filtering
--enable-linux-tproxy//Enable transparent proxy
-- ENABLE-ASYNC-IO=100//Adjust io thread parameter
--enable-err-language= "Simplify_chinese"//Chinese
--enable-underscore
-- Enable-poll
--enable-gnuregex
[[email protected] squid-3.4.6]# make
[[email protected] squid-3.4.6]# make install

3. Create users and optimize paths
[Email protected] ~]# useradd-m-s/sbin/nologin Squid
[Email protected] ~]# ln-s/usr/local/squid/sbin/*/usr/local/sbin/
[Email protected] ~]# chown-r squid:squid/usr/local/squid/var/
[Email protected] ~]# chmod-r 757/usr/local/squid/var/

4. Check grammar and start
[Email protected] ~]# Squid-k Parse
[Email protected] ~]# squid-z
[email protected] ~]# Squid
[Email protected] ~]# NETSTAT-ANPT | grep squid
[Email protected] ~]# echo "/usr/local/squid/sbin/squid" >>/etc/rc.local
[[email protected] ~]# killall-9 squid//Stop squid Service

+++++++++++ Configuring Legacy Proxies +++++++++++
-----Web server------------Squid agent-------------clinet--------
192.168.1.1 192.168.1.10 192.168.1.100

Legacy Proxy: Requires manual configuration (specifies the IP and port of the proxy server for the client)

1. Modify the squid.conf configuration file
[[email protected] ~]# vim/etc/squid.conf add:
Http_port 3128
Reply_body_max_size MB//File size allowed to download 10M
Http_access allow all//this line to be placed before http_access deny all

2. Restart Squid Service
[Email protected] ~]# killall-9 squid
[email protected] ~]# Squid

3. The client settings agent opens IE Browser: Open the tools---Internet Options. Settings in connection---LAN settings:
IP Address: 192.168.1.10 Port: 3128

Validate syntax and display valid configuration items//Clear Cache
Start Squid Service

Linux Client settings:
[Email protected] ~]# Vim/etc/profile
http_proxy=http://192.168.56.200:3128
https_proxy=http://192.168.56.200:3128
ftp_proxy=http://192.168.56.200:3128
no_proxy=http://192.168.1.

4. Verification:
Client clients access the Web server http://192.168.1.1/

1) Squid Proxy server:
[Email protected] ~]# tail-f/usr/local/squid/var/logs/access.log

2) Web server:
[Email protected] ~]# tail-f/etc/httpd/logs/access_log

+++++++++++ Configuring transparent proxy +++++++++++
-----Web server------------Squid agent--------------clinet------
9.9.9.9 eth1:9.9.9.1
eth0:192.168.1.1

1. Configure IP Address
Note: Specify the Gateway

2. Turn on the route forwarding function
[[email protected] ~]# vim/etc/sysctl.conf modified:
Net.ipv4.ip_forward = 1
[[Email protected] ~] #sysctl-P

2. Modify the squid.conf configuration file
[[email protected] ~]# vim/etc/squid.conf add:
Http_port 192.168.1.1:3128 Transparent
The client accesses the Web service
Squid server visited the Web server

3. Restart Squid Service
[Email protected] ~]# killall-9 squid
[email protected] ~]# Squid

4. Set firewall rules
[[Email protected] ~] #iptables-t nat-i prerouting-i eth0-s 192.168.1.0/24-p tcp--dport 80-j REDIRECT--to-ports 312 8
[[Email protected] ~] #iptables-t nat-i prerouting-i eth0-s 192.168.1.0/24-p tcp--dport 443-j REDIRECT--to-ports 31 28

5. Verification:
Client clients access the Web server http://9.9.9.9/

1) Squid Proxy server:
[Email protected] ~]# tail-f/usr/local/squid/var/logs/access.log

2) Web server:
[Email protected] ~]# tail-f/etc/httpd/logs/access_log
Iptables-t nat-a prerouting-i eth0-p tcp--dport 80-j REDIRECT--to-ports 3128
Iptables-t nat-a postrouting-o eth1-j Masquerade Dynamic Conversion Open deny all comments in configuration file

+++++++++++ Configuration acl+++++++++++
1. Deny access to the list hehe
[[email protected] ~]# vim/etc/squid.conf add:
ACL hehe src All
Http_access deny hehe
2. Deny access to designated IP and domain names
[[email protected] ~]# vi/etc/squid/ip_list add:
192.168.1.0/24
1.1.1.1/8
[[email protected] ~]# vi/etc/squid/dns_list add:
. qq.com
. msn.com
[[email protected] ~]# vi/etc/squid.conf add:
ACL haha DST "/etc/squid/ip_list"
ACL Xixi dstdomain "/etc/squid/dns_list"
Http_access deny haha
Http_access Deny Xixi
[Email protected] ~]# killall-9 squid
[email protected] ~]# Squid
Client Authentication:
Client access, can be successful!
+++++++++++ Configuring the Squid Log Analysis system +++++++++++
[[Email protected] ~] #yum-y install GD Gd-devel
[[Email protected] ~] #tar-zxvf sarg-2.3.7.tar.gz-c/usr/src/
[[Email protected] ~] #cd/usr/src/sarg-2.3.7/
[Email protected] Sarg-2.3.7]#./configure
--prefix=/usr/local/sarg
--sysconfdir=/etc/sarg
--enable-extraprotection
[[email protected] sarg-2.3.7] #make && make install
[[email protected] ~]# vim/etc/sarg/sarg.conf add:
Access_log/usr/local/squid/var/logs/access.log
Title "Squid User Access Reports"
Output_dir/var/www/html/sarg
USER_IP No
Topuser_sort_field BYTES Reverse
User_sort_field BYTES Reverse
Exclude_hosts/usr/local/sarg/noreport
Overwrite_report No
Mail_utility Mail.postfix
CharSet UTF-8
Weekdays 0-6
Hours 7-12,14,16,18-20
Www_document_root/var/www/html
[Email protected] ~]# service httpd restart
Client:
[email protected] ~]# Firefox Http://192.168.1.1/sarg &

Squid Agent Service Deployment