Installation and configuration of SQUID Proxy server under CentOS 6.7

Source: Internet
Author: User
Tags rfc squid proxy

GFW blocked the HTTP/SOCKS5 agent, HTTP Proxy is the keyword filtering, SOCKS5 agent is the blockade protocol. However, some special low-end ports do not have such treatment, known to have 21, 25.

20 port has been blocked, 21 ports will now be limited speed 400Kbps, after conversion of about 50KB/S, we recommend the use of 25 ports, unlimited speed.

First, the system environment

Operating system: CentOS release 6.7 (Final)

Squid version: squid-3.1.10-20.el6_5.3.x86_64

Selinux=disabled

HTTP service:stoped

Second, the installation of Squid service

2.1 Check if squid software is installed

# rpm-qa| grep Squid

2.2 If it is not installed, install it using the Yum method

Yum Install Squid

2.3 Setting up boot from

# chkconfig squid on  // Auto-run squid service

2.4 Configure Squid, modify or add red parts

# # Recommended Minimum configuration: #acl manager proto cache_objectacl localhost src127.0.0.1/ +::1ACL to_localhost DST127.0.0.0/8 0.0.0.0/ +::1# Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where Browsin g# should be allowedacl localnet src10.0.0.0/8# RFC1918 Possible internal networkacl localnet src172.16.0.0/ A# RFC1918 Possible internal networkacl localnet src192.168.0.0/ -# RFC1918 Possible internal networkacl localnet src fc00::/7# RFC4193Local private network Rangeacl localnet src FE80::/Ten# RFC4291link-local (directly plugged) Machinesacl Ssl_ports Port443ACL safe_ports Port the# Httpacl Safe_ports Port +#FTPACL safe_ports Port443# Httpsacl Safe_ports Port -# Gopheracl Safe_ports Port About# Waisacl Safe_ports Port1025-65535# unregistered Portsacl safe_ports Port280# http-Mgmtacl safe_ports Port488# gss-Httpacl safe_ports Port591# Filemakeracl Safe_ports Port777# multiling Httpacl CONNECT method connect## Recommended minimum Access Permission configuration:## only allow Cachemgr access from localhosthttp_access Allow manager Localhosthttp_access deny manager# deny requests to certain UNSAF E portshttp_access deny!safe_ports# deny connect to other than secure SSL portshttp_access Deny connect!ssl_ports# We strongly recommend the following is uncommented to protect innocent# Web applications running on the pro XY ServerW.H.O.think the only# oneW.H.O.can access services on"localhost"Is a local user#http_access deny to_localhost## INSERT YOUR OWN RULE (S) This is the access from YOUR clients## Exam PLE rule allowing access from your local networks.# Adapt localnetinchThe ACL section to list your (internal) IP networks# from where browsing should is allowedhttp_access allow localnethttp_a ccess allow localhost# and finally deny all other access to this proxy
#http_access deny allhttp_accessallow all # Squid normally listens to port3128Http_port 191.101.9.188:25 Transparent# Uncomment and adjust the following to add a disk cache directory. Cache_dir ufs /var/spool/squid# Leave CoredumpsinchThe first cachedirCoredump_dir/var/spool/squid# Add Any of your own Refresh_pattern entries above These.refresh_pattern^FTP:1440 -%10080Refresh_pattern^gopher:1440 0%1440Refresh_pattern-I. (/cgi-bin/|\?)0 0%0Refresh_pattern. 0 -%4320strip_query_terms offvisible_hostname 191.101.9.188cache_mgr [email protected]cache_store_log nonecache_access_ Log nonecache_mem mbcache_swap_low 90cache_swap_high 95maximum_object_size 128 Mbmaximum_object_size_in_memory Mbdns_nameservers 8.8.8.8 8.8.4.4client_lifetime 1 minuteshalf_closed_clients offfqdncache_size 65535ipcache_size 65535ipcache_low 90ipcache_high

Third, configure the firewall

Open 25 ports

 -J accept# Service Iptables Save

or edit Vi/etc/sysconfig/iptables

# completed on Thu A  -: -: the  .# Generated by Iptables-save v1.4.7On Thu A  -: -: the  .*filter:input ACCEPT [0:0]:forward ACCEPT [0:0]:output ACCEPT [ About:9756]-A input-p tcp-m state--state new-m TCP--dport A-J ACCEPT-A input-p tcp-m State--state new-m TCP--dport- J ACCEPT commit# completed on Thu A  -: -: the  .

Restart Service iptables Restart

Ps:

Http://bbs.itzmx.com/thread-8815-1-1.html

Http://www.cnblogs.com/mchina/p/3812190.html

http://blog.163.com/na_llong/blog/static/1135416092013714104354316/

Installation and configuration of SQUID Proxy server under CentOS 6.7

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.