I. Common ACL list types
ACL definition Instance
ACL LAN1 src 192.168.1.0/24
ACL PC1 src 192.168.1.66/32
ACL Blk_domain dstdomain. qq.com. kaixin001.com
ACL work_hours time MTWHF 08:30-17:30
ACL Max20_conn maxconn 20
ACL Blk_url url_regex-i ^rstp://^mms://
ACL blk_words urlpath_regex-i sex Adult
ACL realfile urlpath_regex-i \.rmvb$ \.rm$
ACL Settings access Control List
Http_access deny LAN1 Blk_url
Http_access deny LAN1 blk_words
Http_access deny PC1 Realfile
Http_access deny PC1 Max20_conn
Http_access Allow LAN1 work_hours
ACL Rule Matching Order
1. When no rules are set, access requests are rejected by all clients
2, there are rules, but the rule is not found, will take the last rule to perform the opposite operation.
More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/proxy/
II. Basic conditions for the realization of transparent agents
Premise:
1, the client's Web Access data to go through the firewall
2, agent services built in the gateway host
Configuration requirements:
1, Agent service program can support transparent agent
2. Configure Iptables to forward the client's Web request to the Squid proxy port.
Third, the configuration transparent proxy
1, modify the squid.conf configuration file
Http_port 192.168.10.1:3128 Transparent
2. Reload the configuration file
Squid-k Reconfig
3, add iptables rules, the internal HTTP request without changing the data message to redirect to 3128 Port
Iptables-t nat-i prerouting-i eth0-s 192.168.10.0/24-p tcp--dport 80-j REDIRECT--to 3128
This article comes from "phper-every day a little ~" blog, please be sure to keep this source http://janephp.blog.51cto.com/4439680/1304446