Squid ---- forward proxy

Introduction to the proxy server squid

Squid cache (squid for short) is a popular free software (GNU General Public License) proxy server and Web Cache Server. Squid has a wide range of uses, from cache-related requests as front cache servers of web servers to improving the speed of web servers, to cache the World Wide Web for a group of people to share network resources, domain Name System and other network search, to help network security by filtering traffic, to the LAN through the proxy to access the Internet. Squid is designed to run in UNIX systems.

Squid can be used as a proxy or cache.

Squid can be both a forward proxy and a reverse proxy.

Forward proxy, squid is followed by the client, and the client needs to go online through squid; reverse proxy, squid is followed by the server, and the server needs to go through squid to return data to the user.

Forward proxy is used in enterprise office environments. Employees need to use Squid proxy to access the Internet, which can save network bandwidth resources. Reverse Proxy is used to build a cache server for static website items (images, HTML, streaming media, JS, CSS, etc.). It is used in the website architecture.

 

Environment:

Client: 172.16.0.210/24

Proxy Server: 172.16.0.101/24,172.16 .1.101/24

Web server: 172.16.1.11/24

Status quo: the client can neither access the Internet nor access the Web server.

Objective: to allow clients to access the Internet and the Web server.

 

Install squid

On the Proxy Server

Yum-y install squid

 

Configure squid

Vim/etc/squid. conf

Find the following configuration

Http_access allow all # Allow requests from all network segments

Http_port 8888 # squid's HTTP Proxy Port

 

Open Firewall

Firewall-cmd -- add-Port = 8888/tcp -- Permanent

Firewall-cmd -- reload

 

Client

Linux

Set Global Proxy

Vim/etc/profile

Http_proxy = "http: // 172.16.0.101: 8888"
Export http_proxy

Read Configuration

Source/etc/profile

 

Firefox

Settings -- Advanced

 

 

Test

Proxy successful

 

Squid configuration details

# Vi/etc/squid. conf

# The http_port Command tells the port on which the squid listens for HTTP requests. The default port is 3128. In addition to the following format, it can also be http_port 192.168.63.50: 3128.
Http_port 3128
Icp_port 3130

# Set the cache directory. You can set multiple cache directories. The syntax is: <cache_dir> <aufs | UFS> <directory> <Mbytes size> <dir1> <dir2>
Cache_dir ufs/var/spool/squid 1000 64 1024

# The following is the Directory and file name for storing log files!
Cache_access_log/var/log/squid/access. Log
Cache_log/var/log/squid/cache. Log
Cache_store_log/var/log/squid/store. Log
Pid_filename/var/run/squid. PID

# Disable the authentication mechanism. In some versions, squid is automatically added to the proxy authentication mechanism, which is not required in general cases. Therefore, locate the lines including auth_param and add comments to them.
# Auth_param basic children 5
# Auth_param basic realm Squid proxy-caching Web Server
# Auth_param basic credentialsttl 2 hours

# Set squid users, user groups, and administrator accounts
Cache_inclutive_user squid
Cache_paitive_group squid
Cache_mgr [email protected]

# Memory-related configuration: Because my system memory is very small, I only give 8 MB! If your physical memory is large, such as 512 MB, you can increase it to 64 or 128 MB.
Cache_mem 128 MB

# Disk capacity-related configuration (Note: The following 90 and 95 are percentages). If your cache_dir disk is large, you can change 4096 to 32768 kb.
Cache_swap_low 90
Cache_swap_high 95
Maximum_object_size 4096 KB

# Configuration related to memory storage
Maximum_object_size_in_memory 8 KB

# Define the ACL (Access Control List). Syntax: ACL <ACL> <ACL Name> <ACL type> <configuration content>
# For user-defined part

ACL all SRC 0/0
ACL manager proto cache_object
ACL localhost SRC 127.0.0.1/32
ACL safe_ports port 80 21 443 563 70 210 280 488 591 777-1025
ACL ssl_ports 443 563
ACL connect method connect
ACL mynetwork SRC 192.168.0.0/16

# Use the previously defined ACL to define access control rules
Http_access allow manager localhost
Http_access deny Manager
Http_access deny! Safe_ports
Http_access deny connect! Ssl_ports
Http_access allow mynetwork
Http_access deny all

# Define the relationship with other proxy servers. Syntax: <cache_peer> <Host Name> <Category> Cache_peer 192.168.60.6 parent 4480 7 NO-query default

# Set the relationship with other proxy servers:
# <Cache_peer_access> <upper-layer proxy> <allow | deny> <ACL Name>
# Cache_peer_access 192.168.60.6 allow aclxxx
# Cache_peer_access 192.168.60.6 deny! Aclxxx

Coredump_dir/var/spool/squid

 

Squid ---- forward proxy