Linux Squid Installation Configuration Guide

First, what is squid?

Squid is a software used to buffer Internet data. It does so in such a way that it accepts requests from people who need to download the objects (object) and handles those requests appropriately. In other words, if a person wants to download a Web page, he requests squid to get this page for him. Squid then connects to the remote server (for example: http://squid.nlanr.net/) and makes a request to this page. Squid then explicitly aggregates the data to the client machine and copies one copy at a time. The next time someone needs the same page, squid can simply read it from disk and the data will be transferred to the client immediately. Current squid can handle protocols such as HTTP,FTP,GOPHER,SSL and WAIS. But it can't deal with things like Pop,nntp,realaudio and other types.

Second, the role of squid agent

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/74/wKioL1XkFaTgwO85AAGpYpI_koM880.jpg "title=" 185003961.jpg "alt=" Wkiol1xkfatgwo85aagpypi_kom880.jpg "/>

Three, squid the definition of various agents

Forward Proxy

A, the standard proxy buffer server

A standard proxy buffering service is used to cache static Web pages (for example, HTML files and picture files) to a host on the local network (that is, the proxy server). When the cached page is accessed for a second time, the browser will fetch the request data directly from the local proxy server and no longer request data from the original web site. This saves valuable network bandwidth and improves access speed. However, to do this, you must explicitly indicate the IP address and port number of the proxy server on each of the internal hosts ' browsers . When the client is surfing the Internet, each time the request is sent to the proxy server, the proxy server determines whether to connect to the remote Web server to obtain the data. If there is a destination file in the local buffer, pass the file directly to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.

b, transparent proxy buffer server

The transparent proxy buffering service and the standard Proxy server function exactly the same. However, the agent operation is transparent to the client's browser (that is, the IP and port of the proxy server is not required) and is usually built in the network exit. The transparent proxy server blocks network traffic and filters out HTTP (80 port) traffic that is accessed externally. If the client's request is buffered locally, the buffered data is sent directly to the user, and if there is no buffering locally, the request is made to the remote Web server, and the remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or IPChains. Transparent proxies are especially useful for ISPs (Internet server providers) because there is no need to make any settings for the browser.

Reverse Proxy

A, reverse proxy buffer server

A reverse proxy is a proxy service that is completely different from the first two agents. Use it to reduce the load on the original Web server. The reverse proxy server takes on a static page request from the original Web server to prevent the original server from overloading. It is located between the local Web server and the Internet, handles all requests to the Web server, and organizes direct communication between the Web server and the Internet. If the page requested by the Internet user has buffering on the proxy server, the proxy server sends the buffered content directly to the user. If there is no buffering, a request is made to the Web server, the data is retrieved, and the local cache is sent to the user. This approach reduces the load on the Web server by reducing the number of requests to the Web server.

Third, the installation of Squid

If there is no special requirement, I recommend Yum to install, because the RPM package has compiled most of the functions we need, because it is simple and convenient.

# yum Install Squid-y

# SQUID-V//view version and compile parameters

# RPM-QL Squid//view installed files

Iv. Configuration of Squid

1, SQUID Configuration Introduction

# RPM-QD Squid//view Help documentation

............

/usr/share/doc/squid-3.1.23/squid.conf.documented

............

We can download the Help document for this configuration file and we will refer to this document frequently

2, Squid Common configuration options

http_port 3128  (You can also listen to only one ip  http_port 192.168.0.1:3128) cache_mem 64mb           #缓存占内存大小maximum_object_size  4096KB              #最大缓存块reply_body_max_size   1024000 allow  all   #限定下载文件大小access_log  /var/log/squid/access.log    #访问日志存放的文件cache_log  /var/log/squid/cache.log    #行为的信息visible_hostname   proxy.test.xom  # Visible host name CACHE_DIR UFS /VAR/SPOOL/SQUID 100 16 256USF: storage format for cached data        /var/spool/squid  Cache directory       100 :  cache directory for disk space (M)        16&NBSP: Cache space First-level subdirectory number       256  : Cache space Two levels of subdirectories cache_mgr  [email protected]    #定义管理员邮箱http_access  deny  all    #访问控制

all of the above parameters can be found in our download Help documentation

3, squid in the access control

Using the Access control feature, you can control caching at specific intervals during access, access to a specific site, or a set of sites, and so on. Squid access control has two elements: an ACL element and an access list. Access lists can allow or deny access to this service by some users.

Some important ACL element types are listed below

* SRC: Source address (i.e. client IP address)

* DST: Destination address (that is, server IP address)

* Srcdomain: Source name (i.e. client name)

* Dstdomain: Target name (that is, server name)

* Time: The moment of day and the day of the week

* Url_regex:url Regular expression matching

* Urlpath_regex:url-path Regular expression matching, omitting protocol and hostname

* Proxy_auth: User authentication via external program

* Maxconn: Maximum number of connections for a single IP

In order to use the control function, you must first set up the ACL rules and apply. The format of the ACL declaration is as follows:

ACL Acl_element_name type_of_acl_element Values_to_acl

Note:

1. Acl_element_name can be any name that is defined in the ACL.

2. Any two ACL elements cannot use the same name.

3. Each ACL is made up of list values. When a match is detected, multiple values are connected by a logical OR operation, in other words, if the value of any ACL bbs.bitsCN.com element is matched, the ACL element is matched.

4. Not all ACL elements can use all of the types in the access list.

5. Different ACL elements are written in a non-peer, Squid will combine them in a list.

We can use many different access entries. Here are a few of the examples we will use:

* http_access: Allow HTTP access. This is the main access control entry.

* No_cache: Defines the response to the cache request.

The rules for accessing a list are made up of some keywords like ' allow ' or ' deny ' to permit or deny service to a specific or set of ACL elements.

Note:

1. These rules are matched in the order in which they are arranged, and once a matching rule is detected, the matching test ends immediately.

2. An access list can consist of multiple rules.

3. If no rule matches the access request, the default action will correspond to the last rule in the list.

4. All elements in an access entry will be connected by logic and operation:

Http_access Action declares 1 and declares 2 and declares OR.

Http_access Action Statement 3

Multiple http_access declarations are connected with or between operations, but each access element is connected by an operation.

5. Keep in mind that the rules in the list always follow the upper and lower order.

Iv. Application of Squid

This article is from the "Small Drops Linux" blog, make sure to keep this source http://wangzan18.blog.51cto.com/8021085/1690187

Linux Squid Installation Configuration Guide