RedHatLinux9 installation configuration Squid

Software Environment: RedHatLinux9 on the Squid homepage www.squid-cache.org download the latest Squid2.5-STABLE5 for compilation. Step: 1.download the latest source file squid-2.5.stable5.src.tar.gz and place it in the/usr/local directory. 2. log on as the root and run the following command: cd/software environment: RedHat Linux 9
On the Squid home page www.squid-cache.org download the latest Squid 2.5-STABLE5 for compilation.

Steps:
1. download the latest version of the source file Squid-2.5.STABLE5.src.tar.gz placed in the/usr/local directory

2. log on as the root user and run the following command:
Cd/usr/local


Tar-zxvf Squid-2.5.STABLE5.src.tar.gz
Generate extract file Squid-2.5.STABLE5
Go to the Squid-2.5.STABLE5 directory for compilation
# Cd/usr/local/squid *
#./Configure -- prefix =/usr/local/squid
# Make
# Make install


3. after the above two steps are completed, the entire Squid program should be installed in the/usr/local/squid directory, but other actions are still required.

4. enter the directory/usr/local, run the following command as root, and change the owner of the entire Squid directory to school: school.
# Cd/usr/local
# Chown-R school: school squid

5. modify the configuration information of squid. conf.
# Su school
$ Cd/usr/local/squid
$ Vi etc/squid. conf
Http_port 8080
Cache_peer 10.10.2.53 parent 6666 7 login = username: password default no-query
Cache_mem 60 MB
Cache_mgr zdysgs@zju.edu.cn
Dns_nameservers 10.10.0.21
Visible_hostname zdysgs.zju.edu.cn
Cache_dir ufs/usr/local/squid/var/cache 500 16 256
Http_access allow all
Never_direct allow all
Error_directory/usr/local/squid/share/errors/Simplify_Chinese
Cache_swap_low 80
Cache_swap_high 97 is the threshold value for cache replacement. When 97% of the cache is occupied, the content in the cache is cleared by 20%.

6. run su as the school and enter the/usr/local/squid/bin directory. run # squid-z to create the cache swap directory.
# Su school
$ Cd/usr/local/squid/sbin
$./Squid-z
$./Squid
Command to check whether squid is running normally
$ Netstat-ntl
Tcp 0 0 0.0.0.0: 8080 0.0.0.0: * LISTEN
The above information indicates that squid has started properly.
Command to stop squid running:
$ Usr/local/squid/sbin-k shutdown
So far, this proxy server can be used normally, but does not have the user authentication function. The following describes how to use the ncsa user authentication function 7. how to implement ncsa user authentication
Ncsa is one of the built-in authentication procedures of squid source code package, we take the squid-2.5.STABLE5 version as an example to describe the installation and configuration of ncsa.
1) enter the/usr/local/squid-2.5.STABLE5/helpers/basic_auth/NCSA directory as school. // Modify the folder squid-2.5.STABLE5's owner to school, chown-R school: school squid-2.5.STABLE5


% Make
% Make install
After compilation is successful, an executable ncsa_auth file is generated.
2) copy the generated execution file ncsa_auth to the/usr/local/squid/bin directory.
Cp ncsa_auth/usr/local/squid/bin
3) modify related options in squid. conf as follows:
Auth_param basic program/usr/local/squid/bin/ncsa_auth/usr/local/squid/etc/passwd
4) define related user classes
Acl auth_user proxy_auth username1 username2 or acl auth_user proxy_auth REQUIRED
Note that the REQUIRED keyword indicates receiving access from all valid users.
5) set http_access
Http_access allow auth_user
Http_access deny all
6) use the tool software htpasswd carried by apache to generate a password file under/usr/local/squid/etc and add the corresponding user information. Generally, each line of the password file contains
The user information of a user, that is, the user name and password.
Use htpasswd to generate the password file passwd and add the user bye.
Htpasswd-c/usr/local/squid/etc/passwd bye
Then restart squid. if the password authentication has taken effect // then add a user, run the following command htpasswd/usr/local/squid/etc/passwd user (add the user parameter-c)


8. client settings: ie> Tools> internet Options> connection> LAN settings> proxy server address: 10.71.65.110 Port: 8080

9. remarks
· Http _ port: Set the port of the Squid listener. you 'd better set a memorable port number for client configuration.
Easy to remember. The port number on my machine is 8080. The default value is 3128.
· Cache _ mem: set the physical memory occupied by Squid. Based on my experience, the size of cache_mem should not exceed your service.
1/3 of the physical memory of the machine. Otherwise, the overall performance of the machine will be affected.
· Maximum _ object_size: set the maximum object size that Squid can receive. The default value of Squid is 4 M.
If you think it is too big, you can set it based on your own needs.
· Cache _ dir: Set the cache location and size. The general format is as follows:
Cache_dir/usr/local/squid/cache 100 16 256
/Usr/local/squid/cache indicates the cache location;
100 represents the maximum cache size of 100 MB; 16 and 256 represent the number of level-1 and level-2 directories.
· Cache _ effective_user: Set the valid users who use the cache. The default value is user nobody.
If there is a user nobody, it is best to create one or run Squid as a non-root user.
· Error _ directory: sets the webpage directory information for displaying error information. The default value is English/usr/local/squid/share/errors/English.
To display Chinese characters, change it to/usr/local/squid/share/errors/Simplify_Chinese.
· Restrict the use of the same user on the same IP address at the same time
Acl FOO max_user_ip 1
Http_access deny FOO
Authenticate_ip_ttl 2 hours // you can use other ip addresses to access the Internet after the connection time is exceeded.
· Display the intranet IP address of your client
Forwarded_for on | off
If you disable this option, the IP address displayed when you access some forums is unknown.
If it is enabled, the intranet IP address of your client is displayed.
Forwarded_for off
· How to limit the number of connections from the same ip address using squid
Q: How do I limit the number of connections using the same ip address of squid?
A: modify squid. conf to limit the number of connections per ip address to 10:
Acl BadUser maxconn 10
Http_access deny BadUser
Client_db = on
// The maxconn ACL feature relies on Squids client database. this database keeps a small data structure in memory for each client IP address. if you have a lot of clients, this database may consume a significant amount of memory. you can disable the client database in the configuration file with the client_db ctictive. however, if you disable the client database, the maxconn ACL will no longer work