Squid Proxy Server

This session explains the common types of proxy servers

Learn to build a traditional agent, transparent proxy service

Learn to configure the access control policy for squid.

First, squid service base

working mechanism of the agent

When a client requests a Web page through a proxy, the specified proxy server checks its own cache and, if there is already a page in the cache that the client needs, is responsible for directly feeding the page content in the cache to the client, but if there are no pages in the cache that the client wants to access, The proxy server sends an access request to the Internet, and when the returned Web page is obtained, the Web page data is saved to the cache and sent to the client. HTTP Proxy Cache Acceleration objects are mainly static web elements such as text, images, and so on.

Basic types of agents:

Traditional proxy: General Agent service. You must manually set the address and port of the proxy server in the browser of the client, and so on, before using the proxy to access the network.

Transparent proxy: Provides the same functions and services as traditional proxies, the difference is that the client does not need to specify the address and port of the proxy server, but rather through the default route, the firewall policy redirects the Web Access, and still actually gives the proxy server to handle

1. Installation and Operation Control

compile and install squid:

When configuring the compilation options for squid, set the installation directory to/usr/local/squid, and the other specific options are based on actual needs.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8B/46/wKioL1hI8_3S9gEHAAAkB-R0iTw824.png-wh_500x0-wm_3 -wmp_4-s_1427995347.png "title=" 18.PNG "alt=" Wkiol1hi8_3s9gehaaakb-r0itw824.png-wh_50 "/>

Prefix=/usr/local/squid//installation directory

SYSCONFDIR=/ETC//Modify configuration files to a different directory separately

--enable-arp-cal//Can be set in rules to be managed directly from the client Mac to prevent clients from using IP spoofing

--enable-linux-netfilter//using kernel filtering

--enable-async-io//Support transparent mode

--enable-err-language= "Simplify_chinese"//Incorrect display language

--enable-underscore//Allow underline in URL

--enable-poll//Using poll () mode for improved performance

--enable-gnuregex//using the GNU regular expression

After installation, create a linked file, create users and groups

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8B/4A/wKiom1hI92_QO1eAAAAVmBxtU1E683.png-wh_500x0-wm_3 -wmp_4-s_2227878583.png "title=" 19.PNG "alt=" Wkiom1hi92_qo1eaaaavmbxtu1e683.png-wh_50 "/>

Squid configuration file:

The configuration file is located in/etc/squid.conf

Operation Control of Squid

Check that the configuration file syntax is correct

Squid-k Parse

Start, stop squid

Squid-z//Used to initialize the cache directory

Squid//Start squid service

Determine if the Squdi service is in a normal listening state

NETSTAT-ANPT | grep "Squid"

Because traditional agents are now seldom used in enterprises, the implementation is the simplest. You don't do too much explaining.

2. Transparent proxy

Configure squid support transparent proxy 650) this.width=650; "Src=" http://s1.51cto.com/wyfs02/M01/8B/4B/wKiom1hI_ Fhcgllyaaa4alxst54946.png-wh_500x0-wm_3-wmp_4-s_4262131649.png "title=" 20.PNG "alt=" Wkiom1hi_ Fhcgllyaaa4alxst54946.png-wh_50 "/>

To set the redirection policy for iptables

The Squid service in the transparent proxy is actually built on the Linux gateway host, so it is only necessary to set the firewall policy correctly, so that the LAN host access to the Internet is the packet to the squid for processing. This requires the use of Iptables's redirect strategy, which is to enable the local port redirection, the access to the site protocol Http,https outgoing packets to the local Squid service

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8B/48/wKioL1hJAdbS-OppAAALYEtkeuw620.png-wh_500x0-wm_3 -wmp_4-s_2626023553.png "title=" 21.PNG "alt=" Wkiol1hjadbs-oppaaalyetkeuw620.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8B/48/wKioL1hJCKqTOZAuAAAuvT4_JfQ031.png-wh_500x0-wm_3 -wmp_4-s_1516013768.png "title=" 22.PNG "alt=" Wkiol1hjckqtozauaaauvt4_jfq031.png-wh_50 "/>

This article from the "11853028" blog, reproduced please contact the author!

Squid Proxy Server