Squid2.6 transparent proxy configuration

Squid2.6 transparent proxy configuration

URL: http://linux.chinaunix.net/bbs/viewthread.php? Tid = 910723 & Highlight = luo118

Yum-y install squid # this way, you can install it,
Mkdir/home/Cache
Chown squid: Squid/home/Cache
Chown squid: Squid/var/log/squid

Modify: VI/etc/squid. conf
**************************************** **************************************** ****************************

# ACL all SRC 0.0.0.0/0.0.0.0 and http_access allow all # The option defines an access control list.
# For details, see the document carried by squid.
# The access control list here allows all access to the proxy service,
# This proxy is used to accelerate the web server.

ACL all SRC 0.0.0.0/0.0.0.0 # Allow access from all IP addresses

ACL manager proto HTTP # The manager URL protocol is HTTP

ACL localhost SRC 127.0.0.1/strongswan 255.255 # Allow local IP Address

ACL to_localhost DST 127.0.0.1 # The local IP Address

ACL safe_ports port 80 # port 80 that allows security updates

ACL connect method connect # The request method uses connect

Http_access allow all # allow everyone to use this proxy. This is because the proxy accelerates the web server.

Http_reply_access allow all # Allow all clients to use this proxy

ACL overconnlimit maxconn 16 # restrict each IP address to a maximum of 16 connections to prevent attacks

Http_access deny overconnlimit

Icp_access deny all # prohibit sending and receiving ICP requests from the buffer of the neighboring server.
Miss_access allow all # allow direct update requests
Ident_lookup_access deny all # disable lookup to check DNS
Http_port 8080 transparent # specify the port number that squid listens to browser client requests.

Hierarchy_stoplist cgi-bin? # It is used to force certain objects not to be cached, mainly for the purpose of security.
ACL query urlpath_regex cgi-bin /?
Cache deny Query

Cache_mem 1 GB # This is an optimization option. Adding this memory value is beneficial to cache. Note the following:
# In general, if the system has memory, set this value to (n/) 3 M. It's 3 GB now, so here 1 GB

Fqdncache_size 1024 # FQDN cache size

Maximum_object_size_in_memory 2 MB # maximum file loading memory

Memory_replacement_policy heap lfuda # Remove memory cache with the smallest dynamic usage
Cache_replacement_policy heap lfuda # Remove from hard disk cache

Cache_dir ufs/home/cache 5000 32 512 # cache directory the maximum buffer value used by UFS is MB,
#32 level-1 directories and 512 level-2 Directories

Max_open_disk_fds 0 # maximum number of opened files allowed, 0 Unlimited
Minimum_object_size 1 kb # minimum size of the file request body during the noon
Maximum_object_size 20 mb # maximum size of the file request body in Yunwu

Cache_swap_low 90 # minimum swap 90% allowed
Cache_swap_high 95 # swap 95% is allowed at most

Ipcache_size 2048 # IP address cache size 2 m
Ipcache_low 90 # minimum allowed IP cache to use swap 90%
Ipcache_high 95 # Up to allow IP cache to use swap 90%

Access_log/var/log/squid/access. Log squid # define log storage records
Cache_log/var/log/squid/cache. Log squid

Cache_store_log none # disable store logs

Emulate_httpd_log on # The squid will be used to create access records in the format of the Web server. If you want to use
# Set this parameter for the Web access record analysis program.

Refresh_pattern. 0 20% 4320 override-Expire override-lastmod reload-into-IMS ignore-Reload # update cache rules

ACL buggy_server url_regex ^ [url] http: //... [/url] http: // # Only HTTP requests are allowed
Broken_posts allow buggy_server

ACL Apache rep_header server ^ Apache # Apache encoding allowed
Broken_vary_encoding allow Apache

Request_entities off # forbid non-HTTP tag requests to prevent attacks
Header_access header allow all # Allow all HTTP headers
Relaxed_header_parser on # The HTTP header is not strictly analyzed.
Client_lifetime 120 minute # maximum client connection time 120 minutes

Cache_mgr [email] sky@test.com [/Email] # specifies the address information that sends alerts to the buffer manager when a buffer problem occurs.

Cache_inclutive_user squid # The squid server is represented by the user squid.
Cache_paitive_group squid

Icp_port 0 # specify the port number of the squid that sends and receives the ICP request from the buffer of the neighboring server.
# Set this parameter to 0 because squid is the internal web server accelerator,
# You do not need to use the buffer of the neighboring server. 0 is disabled

# Cache_peer: Set the host that allows updating the cache. Because it is a local host, 127.0.0.1
Cache_peer 127.0.0.1 parent 80 0 no-query default multicast-responder no-netdb-exchange
Cache_peer_domain 127.0.0.1

Hostname_aliases 127.0.0.1

Error_directory/usr/share/squid/errors/simplify_chinese # define the Error Path

Always_direct allow all # If the cache is lost or does not exist, all requests can be directly forwarded to the original server.
Ignore_unknown_nameservers on # enable anti-DNS query. Access is prohibited when the domain name address is different.
Coredump_dir/var/log/squid # define the dump directory

Max_filedesc 2048 # description of the maximum opened file

Half_closed_clients off # Enable Squid to immediately close the client connection when read does not return data.
# Sometimes, read does not return data because some customers disable TCP sending data.
# Keep receiving data. Squid cannot tell whether TCP is half closed or completely closed.

Buffered_logs on # If the option "buffered_logs" is enabled, it can slightly increase the speed of writing to log files. This option is mainly used to achieve optimization.

**************************************** **************************************** ****************************

Enter squid-Z # in the command prompt to create the cache file. If squid. conf is incorrect, an error is prompted.
Service squid restart

Iptables settings
Iptables-T Nat-A prerouting-I eth0-P TCP-M TCP -- dport 80-J redirect -- to-ports 8080

OK settings are complete. You can test the settings,
When you stop Apache, you can see the squid error message. When apache is enabled,
All Website access records are recorded in VI/var/log/squid/access. log. When you open the website, check whether the log is constantly refreshed. If there are any updates, click OK.