Squid Traditional agent (zipped package file)

Description:
When a client requests a Web page through a proxy, the specified proxy server checks its own cache and, if there is already a page in the cache that the client needs to access (Red 1 2 3 4), directly feeds the page content in the cache to the client, or if there are no pages in the cache that the client needs to access (Blue 1 2 3 4), The proxy server sends an access request to the Internet, and when the returned Web page is obtained, the Web page data is saved to the cache and sent to the client. The use of traditional proxy is characterized in that the client's related program must specify the proxy server address, port and other basic information. The following is the construction of a traditional proxy server.
.
.
Compress a file package
Link: Https://pan.baidu.com/s/1GmD1SCoYeWYFi9W1BG_Z-Q Extract code: KKCN
.
.
The topology diagram is as follows:

.
.
Lab Environment:

.
.
first, compile and install squid
.
1. Mount the compressed package, unzip it to the server, install the compilation environment

mkdir /ooo/      #创建挂载目录mount.cifs //192.168.201.1/gx /ooo/    #挂载压缩包cd /ooo/tar zxvf squid-3.5.23.tar.gz -C /opt/      #解压到/opt/yum install gcc gcc-c++ make -y   #安装编译环境

.
.
2. Manually compile the installation

./configure --prefix=/usr/local/squid \      #指定安装路径--sysconfdir=/etc \      #配置文件路径--enable-arp-acl \      #mack地址--enable-linux-netfilter \      #内核过滤--enable-linux-tproxy \      #透明模式--enable-async-io=100 \      #io优化--enable-err-language="Simplify_Chinese" \      #报错显示--enable-underscore \      #允许有下划键--enable-poll \      #提升--enable-gnuregex       #支持正则表达式make && make install

.
.
3. After installation, create linked files, users and groups

ln -s /usr/local/squid/sbin/* /usr/local/sbin/   #将命令放入系统识别路径下useradd -M -s /sbin/nologin squid   #创建一个用户chown -R squid.squid /usr/local/squid/var/  #更改目录权限

.
.
4. Modify Squid configuration file, initialize cache directory, start service, complete installation

vim /etc/squid.conf# And finally deny all other access to this proxyhttp_access allow all   #允许所有http_access deny all# Squid normally listens to port 3128http_port 3128cache_effective_user squid   #添加 指定程序用户cache_effective_group squid  #添加 指定账号基本组squid -z   #缓存目录初始化squid   #启动服务

.
.
5. Writing a startup script

cd /etc/init.dvim squid#!/bin/bash#chkconfig: 2345 90 25PID="/usr/local/squid/var/run/squid.pid"CONF="/etc/squid.conf"CMD="/usr/local/squid/sbin/squid"case "$1" in     start)    netstat -natp | grep squid &> /dev/null    if [ $? -eq 0 ]    then      echo "squid is running"      else      echo "正在启动 squid..."      $CMD    fi      ;;      stop)    $CMD -k kill &> /dev/null    rm -rf $PID &> /dev/null      ;;      status)    [ -f $PID ] &> /dev/null      if [ $? -eq 0 ]        then          netstat -natp | grep squid        else          echo "squid is not running"      fi      ;;      restart)    $0 stop &> /dev/null    echo "正在关闭 squid..."      $0 start &> /dev/null    echo "正在启动squid..."      ;;      reload)    $CMD -k reconfigure      ;;      check)    $CMD -k parse      ;;      *)    echo "用法：$0{start|stop|status|reload|check|restart}"      ;;esac

.
.
6. Add permissions, name, check syntax

chmod +x squid      #添加执行权限chkconfig --add squid     #添加名称，便于识别service squid check      #检查语法

.
.
Second, set up a traditional proxy server
.
1. Configuration of Squid Server

vim /etc/squid.conf.......http_port 3128cache_mem 64 MB   #指定缓存功能所使用的内存空间大小，便于保持访问较频繁的WEB对象，容量最好为4的倍数，单位为MB，建议设为物理内存的1/4reply_body_max_size 10 MB   #允许用户下载的最大文件大小，以字节为单位。默认设置0表示不进行限制maximum_object_size 4096 KB   #允许保存到缓存空间的最大对象大小，以KB为单位，超过大小限制的文件将不被缓存，而是直接转发给用户

.
.
2. Restart the service, empty the firewall

service squid restart   #重启服务iptables -F   #清空防火墙setenforce 0   #关闭增强功能iptables -I INPUT -p tcp --dport 3128 -j ACCEPT    #在input链中，针对tcp协议，目标端口3128，允许转发

Traditional agent Completion
.
.
Third, testing the traditional agent
.
1. Open the Test side Web page

systemctl stop firewalld.servicesetenforce 0     #关闭防火墙yum install httpd -y     #安装http

.
.
2. Win7-side network is set to NAT mode with browser access to 192.168.201.130

.
.
3. Web-side View access log

cd /etc/httpd/logs/vim access_log  #查看访问日志

You can see the IP address of the visiting client
.
.
4. The proxy access is set at this
Open Browser--Tools-->intenet options

.
.
Connect-LAN Settings

.
.
Set IP address and port

.
.
Then visit 192.168.201.130 in your browser to view the visiting log

As you can see, the IP address of the proxy server is the access IP, the traditional proxy server test succeeds

Squid Traditional agent (zipped package file)