Use squid to build a proxy server

Squid Introduction:

Squid is a proxy server software, also known as squid cache. It is a popular free software (GNU General Public License) proxy Server and Web caching server. Squid has a wide range of uses, from the Web server as a front cache server caching related requests to improve the speed of the Web server, to a group of people sharing network resources and caching the World Wide Web, domain Name System and other network search, to filter traffic to help network security, to the LAN through the proxy Internet. Squid is mainly designed to run on Unix-type systems.

Squid's Access principle:

When a user wants to download a home page, it sends a request to squid to download it for it, then squid connects to the requested Web site and requests the home page, and then passes the home page to the user while retaining a backup, when another user applies for the same page, Squid passes the saved backup to the user immediately, making the user feel very fast. This also uses the content distribution network mechanism.

Squid classification:

1. Forward agent, can show the internal network security access to the extranet

2. The reverse proxy, realizes the server release in the intranet.

CDN (Content distribution network):

Content distribution Network (CDN) is a strategic deployment of the overall system, including distributed storage, load balancing, network request redirection and Content Management 4 elements, while content management and global network traffic Management (traffic Management) is the core of the CDN. Based on user proximity and server load judgments, CDN ensures that content is serviced in a very efficient manner for the user's request.

Squid's control function:

Squid can also control access based on different aspects and edit/etc/squid/squid.conf to realize control function.

Summary of commonly used methods of using squid in the ACL: (There is demand q:395061796:)

1 control of a single IP cannot be accessed

ACL aclname (name) type

ACL Badip SRC (source based) 192.168.145.10/32 (mask length)

Http_access (policy) Deny Badip

Http_access Allow all

2 control of continuous subnets cannot be accessed

ACL Badip SRC (source based) 192.168.145.10-192.168.145.19/32 (mask length)

3 allows only 145.10 access to 192.168.101.254

ACL WEBIP DST 192.168.101.254/32

ACL managerip src 192.168.145.10/32

Http_access deny!managerip Webip

4 "Based on the target domain name control (based on the source domain name control srcdomain)

(principle: Control based on application layer)

ACL badweb dstdomain. sina.com.cn

Http_access Deny Badweb

5 Control of time parameters (Application layer)

Example: Monday to Wednesday no internet access

ACL aclname time [Day of the week] [period]

ACL worktime time MTWHF (Monday to Friday) 08:00-18:00

Http_access Deny Worktime

Modify System Time

Date month-day hours

082918092012 August 29, 2012 18:09