Squid2.6 transparent proxy configuration
URL: http://linux.chinaunix.net/bbs/viewthread.php? Tid = 910723 & Highlight = luo118
Yum-y install squid # this way, you can install it,
Mkdir/home/Cache
Chown squid: Squid/home/Cache
Chown squid: Squid/var/log/squid
Modify: VI/etc/squid. conf
**************************************** **************************************** ****************************
# ACL all SRC 0.0.0.0/0.0.0.0 and http_access allow all # The option defines an access control list.
# For details, see the document carried by squid.
# The access control list here allows all access to the proxy service,
# This proxy is used to accelerate the web server.
ACL all SRC 0.0.0.0/0.0.0.0 # Allow access from all IP addresses
ACL manager proto HTTP # The manager URL protocol is HTTP
ACL localhost SRC 127.0.0.1/strongswan 255.255 # Allow local IP Address
ACL to_localhost DST 127.0.0.1 # The local IP Address
ACL safe_ports port 80 # port 80 that allows security updates
ACL connect method connect # The request method uses connect
Http_access allow all # allow everyone to use this proxy. This is because the proxy accelerates the web server.
Http_reply_access allow all # Allow all clients to use this proxy
ACL overconnlimit maxconn 16 # restrict each IP address to a maximum of 16 connections to prevent attacks
Http_access deny overconnlimit
Icp_access deny all # prohibit sending and receiving ICP requests from the buffer of the neighboring server.
Miss_access allow all # allow direct update requests
Ident_lookup_access deny all # disable lookup to check DNS
Http_port 8080 transparent # specify the port number that squid listens to browser client requests.
Hierarchy_stoplist cgi-bin? # It is used to force certain objects not to be cached, mainly for the purpose of security.
ACL query urlpath_regex cgi-bin /?
Cache deny Query
Cache_mem 1 GB # This is an optimization option. Adding this memory value is beneficial to cache. Note the following:
# In general, if the system has memory, set this value to (n/) 3 M. It's 3 GB now, so here 1 GB
Fqdncache_size 1024 # FQDN cache size
Maximum_object_size_in_memory 2 MB # maximum file loading memory
Memory_replacement_policy heap lfuda # Remove memory cache with the smallest dynamic usage
Cache_replacement_policy heap lfuda # Remove from hard disk cache
Cache_dir ufs/home/cache 5000 32 512 # cache directory the maximum buffer value used by UFS is MB,
#32 level-1 directories and 512 level-2 Directories
Max_open_disk_fds 0 # maximum number of opened files allowed, 0 Unlimited
Minimum_object_size 1 kb # minimum size of the file request body during the noon
Maximum_object_size 20 mb # maximum size of the file request body in Yunwu
Cache_swap_low 90 # minimum swap 90% allowed
Cache_swap_high 95 # swap 95% is allowed at most
Ipcache_size 2048 # IP address cache size 2 m
Ipcache_low 90 # minimum allowed IP cache to use swap 90%
Ipcache_high 95 # Up to allow IP cache to use swap 90%
Access_log/var/log/squid/access. Log squid # define log storage records
Cache_log/var/log/squid/cache. Log squid
Cache_store_log none # disable store logs
Emulate_httpd_log on # The squid will be used to create access records in the format of the Web server. If you want to use
# Set this parameter for the Web access record analysis program.
Refresh_pattern. 0 20% 4320 override-Expire override-lastmod reload-into-IMS ignore-Reload # update cache rules
ACL buggy_server url_regex ^ [url] http: //... [/url] http: // # Only HTTP requests are allowed
Broken_posts allow buggy_server
ACL Apache rep_header server ^ Apache # Apache encoding allowed
Broken_vary_encoding allow Apache
Request_entities off # forbid non-HTTP tag requests to prevent attacks
Header_access header allow all # Allow all HTTP headers
Relaxed_header_parser on # The HTTP header is not strictly analyzed.
Client_lifetime 120 minute # maximum client connection time 120 minutes
Cache_mgr [email] sky@test.com [/Email] # specifies the address information that sends alerts to the buffer manager when a buffer problem occurs.
Cache_inclutive_user squid # The squid server is represented by the user squid.
Cache_paitive_group squid
Icp_port 0 # specify the port number of the squid that sends and receives the ICP request from the buffer of the neighboring server.
# Set this parameter to 0 because squid is the internal web server accelerator,
# You do not need to use the buffer of the neighboring server. 0 is disabled
# Cache_peer: Set the host that allows updating the cache. Because it is a local host, 127.0.0.1
Cache_peer 127.0.0.1 parent 80 0 no-query default multicast-responder no-netdb-exchange
Cache_peer_domain 127.0.0.1
Hostname_aliases 127.0.0.1
Error_directory/usr/share/squid/errors/simplify_chinese # define the Error Path
Always_direct allow all # If the cache is lost or does not exist, all requests can be directly forwarded to the original server.
Ignore_unknown_nameservers on # enable anti-DNS query. Access is prohibited when the domain name address is different.
Coredump_dir/var/log/squid # define the dump directory
Max_filedesc 2048 # description of the maximum opened file
Half_closed_clients off # Enable Squid to immediately close the client connection when read does not return data.
# Sometimes, read does not return data because some customers disable TCP sending data.
# Keep receiving data. Squid cannot tell whether TCP is half closed or completely closed.
Buffered_logs on # If the option "buffered_logs" is enabled, it can slightly increase the speed of writing to log files. This option is mainly used to achieve optimization.
**************************************** **************************************** ****************************
Enter squid-Z # in the command prompt to create the cache file. If squid. conf is incorrect, an error is prompted.
Service squid restart
Iptables settings
Iptables-T Nat-A prerouting-I eth0-P TCP-M TCP -- dport 80-J redirect -- to-ports 8080
OK settings are complete. You can test the settings,
When you stop Apache, you can see the squid error message. When apache is enabled,
All Website access records are recorded in VI/var/log/squid/access. log. When you open the website, check whether the log is constantly refreshed. If there are any updates, click OK.