This session explains the common types of proxy servers
Learn to build a traditional agent, transparent proxy service
Learn to configure the access control policy for squid.
First, squid service base
working mechanism of the agent
When a client requests a Web page through a proxy, the specified proxy server checks its own cache and, if there is already a page in the cache that the client needs, is responsible for directly feeding the page content in the cache to the client, but if there are no pages in the cache that the client wants to access, The proxy server sends an access request to the Internet, and when the returned Web page is obtained, the Web page data is saved to the cache and sent to the client. HTTP Proxy Cache Acceleration objects are mainly static web elements such as text, images, and so on.
Basic types of agents:
Traditional proxy: General Agent service. You must manually set the address and port of the proxy server in the browser of the client, and so on, before using the proxy to access the network.
Transparent proxy: Provides the same functions and services as traditional proxies, the difference is that the client does not need to specify the address and port of the proxy server, but rather through the default route, the firewall policy redirects the Web Access, and still actually gives the proxy server to handle
1. Installation and Operation Control
compile and install squid:
When configuring the compilation options for squid, set the installation directory to/usr/local/squid, and the other specific options are based on actual needs.
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8B/46/wKioL1hI8_3S9gEHAAAkB-R0iTw824.png-wh_500x0-wm_3 -wmp_4-s_1427995347.png "title=" 18.PNG "alt=" Wkiol1hi8_3s9gehaaakb-r0itw824.png-wh_50 "/>
Prefix=/usr/local/squid//installation directory
SYSCONFDIR=/ETC//Modify configuration files to a different directory separately
--enable-arp-cal//Can be set in rules to be managed directly from the client Mac to prevent clients from using IP spoofing
--enable-linux-netfilter//using kernel filtering
--enable-async-io//Support transparent mode
--enable-err-language= "Simplify_chinese"//Incorrect display language
--enable-underscore//Allow underline in URL
--enable-poll//Using poll () mode for improved performance
--enable-gnuregex//using the GNU regular expression
After installation, create a linked file, create users and groups
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8B/4A/wKiom1hI92_QO1eAAAAVmBxtU1E683.png-wh_500x0-wm_3 -wmp_4-s_2227878583.png "title=" 19.PNG "alt=" Wkiom1hi92_qo1eaaaavmbxtu1e683.png-wh_50 "/>
Squid configuration file:
The configuration file is located in/etc/squid.conf
Operation Control of Squid
Check that the configuration file syntax is correct
Squid-k Parse
Start, stop squid
Squid-z//Used to initialize the cache directory
Squid//Start squid service
Determine if the Squdi service is in a normal listening state
NETSTAT-ANPT | grep "Squid"
Because traditional agents are now seldom used in enterprises, the implementation is the simplest. You don't do too much explaining.
2. Transparent proxy
Configure squid support transparent proxy 650) this.width=650; "Src=" http://s1.51cto.com/wyfs02/M01/8B/4B/wKiom1hI_ Fhcgllyaaa4alxst54946.png-wh_500x0-wm_3-wmp_4-s_4262131649.png "title=" 20.PNG "alt=" Wkiom1hi_ Fhcgllyaaa4alxst54946.png-wh_50 "/>
To set the redirection policy for iptables
The Squid service in the transparent proxy is actually built on the Linux gateway host, so it is only necessary to set the firewall policy correctly, so that the LAN host access to the Internet is the packet to the squid for processing. This requires the use of Iptables's redirect strategy, which is to enable the local port redirection, the access to the site protocol Http,https outgoing packets to the local Squid service
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8B/48/wKioL1hJAdbS-OppAAALYEtkeuw620.png-wh_500x0-wm_3 -wmp_4-s_2626023553.png "title=" 21.PNG "alt=" Wkiol1hjadbs-oppaaalyetkeuw620.png-wh_50 "/>
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8B/48/wKioL1hJCKqTOZAuAAAuvT4_JfQ031.png-wh_500x0-wm_3 -wmp_4-s_1516013768.png "title=" 22.PNG "alt=" Wkiol1hjckqtozauaaauvt4_jfq031.png-wh_50 "/>
This article from the "11853028" blog, reproduced please contact the author!
Squid Proxy Server