Use Squid to implement proxy Internet access and billing

Source: Internet
Author: User
Tags dns nameservers squid proxy
Article title: use Squid to implement proxy Internet access and billing. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
---- The shortage of IP addresses is a real problem facing the rapidly developing network. how can we solve this problem? Connecting a computer with only an internal IP address to the Internet using a computer with a standard IP address as a proxy server is a great way to solve this problem. The proxy service is a data transfer station. it can record the data on the proxy server to provide services and help for subsequent data analysis and billing. In addition, the proxy server software (such as Squid) can be used to create a cache for accessing the site, so that users who access the site again can directly call data from the cache to speed up access, reduce repeated network data streams.
  
---- Squid is widely used because of its flexible permission management, high performance, and high efficiency, we will discuss the authentication of the proxy server software Squid in Linux, FreeBSD and Unix applications, as well as the specific methods for using the Squid auxiliary software to implement proxy Internet access and billing.
  
   1. obtain Squid and related software 
---- Get the squidsoftware from http://squid-cache.org/and get htpasswd_plusand sqmgrlogfrom http://web.onda.com.br/orso/and save them in the/tmp directory.
  
   2. Compile and install Squid in Linux
---- Assume that the software environment is Redhat Linux 7.x. the procedure for compiling and installing Squid is as follows.
  
---- 1.download the latest source file squid-2.3.stable4.src.tar.gz and place it in the/tmp directory.
  
---- 2. create user squidadmin # adduser squidadmin as root
  
---- By default, the squidadmin group with the same name has been created. Squid cannot run as root because of security concerns. Therefore, you can use the new user for installation and management from the very beginning.
  
---- 3. log on to squidadmin to unpack and install the Squid source file.
  
$ Cd/tmp
$ Tar-zxvf squid *
$ Cd squid *
$./Configure -- prefix =/usr/local/squid
Go to the Squid directory for compilation. the installation path is considered.
-- Prefix =/usr/local/squid.
$ Make
$ Make install
  
---- 4. enter the/usr/local/squid/bin directory, execute $./squid-z, and create the cache swap directory. So far, Squid has been installed on your system. However, to make Squid run properly, you still need to make some basic settings. Squid is only related to/usr/local/squid/etc/squid. conf. all settings are completed in this file.
  
   III. basic Squid settings 
# Defaults:
Acl all src 0.0.0.0/0.0.0.0
The rules are added here.
Http_access deny all
  
---- By default, there are two rules above. When a request fails to match any user-defined rule, the http_access deny all rule will be applied, and the http request will be rejected.
  
---- In Linux, how does one set Squid's user authentication access control? Squid uses access control list (acl) to manage rules. For example:
  
Acl aclname acltype string1...
Acl aclname acltype "file"
  
---- Aclname is the name of a user-defined rule. acltype is a class that can be identified by Squid (mainly src, dst, proxy_auth, port, and time ...), string indicates the user's settings. you can use "file" to call the settings from an external file.
  
---- 1. if you prefer to enter your username and password, you must first install the authentication program. The Squid source file package comes with several authentication programs, all under the/tmp/squid-2.3.STABLE4/auth_modules directory.
  
(1) $ cd/tmp/squid-2.3.STABLE4/auth_modules/NCSA
$ Make ncsa_auth
(2) copy the generated execution file ncsa_auth to the squid execution file directory.
$ Cp ncsa_auth/usr/local/squid/bin
(3) use htpasswd_plus to generate a user name and password for Squid authentication.
$ Htpasswd_plus-c/usr/local/squid/etc/passwd
The format of passwd is as follows.
Username1: SilykvIBT46C.: 977867617 :*
Username2: TV .8XcR8tgIqw: *: 192.168.1.0
Username3: Password: Expiration Time: IP address that can be logged on
If it is *, it means that any item can match it. In addition, more users can be added.
$ Htpasswd_plus/usr/local/squid/etc/passwd newusername
(4) modify squid. conf settings
Authenticate program/usr/local/squid/bin/ncsa_auth
/Usr/local/squid/etc/passwd specifies the internal program of the authentication identity. The rules are as follows.
Acl alloweduer proxy_auth username1 username2 or
Acl alloweduser proxy_auth REQUIRED http access allow alloweduser
  
---- The keyword REQUIRED means that any valid user can authenticate his/her identity and play the same role in his/her acltype.
  
---- 2. use an IP address to restrict the use of Squid proxy. The settings are as follows.
  
Acl manager proto http ftp...
Acl safeports port 80 21 443 563 70 210 1025-65535...
Acl connect method CONNECT
Acl allowedIP src 202.120.x.x/255.255.255.224
Acl denyIP src 202.96.x.x/255.255.255.224
Acl allowedusers proxy_auth REQUIRED
Http_access deny! Safeports
# Forbidden from! The HTTP request of safeports.
Http_access deny denyIP
Http_access allow allowedIP
Http_access allow allowedusers
  
---- In this way, all requests except the rejected and permitted IP addresses are authenticated by entering the user name and password.
If you do not want your internal computer to access certain websites (such as violent or pornographic websites), you can use the following settings to block these websites.
  
---- Acl badip dst "/usr/local/squid/etc/somebadip"
  
---- Http_access deny badip
  
---- What is rejected here is not the IP address of the source src, but the IP address of the destination dst. Store a batch of IP addresses in the following format in the file somebadip:
  
---- 24.244.192.0/255.255.240.0
  
---- 61.128.0.0/255.252.0.0
  
---- Please pay special attention to the order of http statements. it is precisely through different order that we can flexibly configure and get the corresponding service.
  
---- 3. some other settings are as follows. most of them can be modified without the default value.
  
Http port 3128
# The default proxy port of the HTTP protocol.
Cache mem 42 MB
# Use a piece of memory as the buffer.
Cache dir ufs/home/squid/cache 1024 16 256
  
---- # Size of the hard disk buffer, 1 GB, 16 first-level directories, and 256 second-level directories.
  
---- Cache access log/var/log/squid/access. log
  
---- # This log file is used to describe items that are hit or missed in the cache each time the customer requests HTTP content. It also describes the host identity of the request and the content they need, it is the basis for analyzing charges using SQMGRLOG and other software.
  
---- Cache log/var/log/squid/cache. log
  
---- # Describes the memory capacity, swap space size, cache directory location, accepted connection type, and port used to receive connections when the Squid daemon starts.
  
---- Cache_store_log/var/log/squid/store. log
  
---- # Describe how a page is transferred from the cache.
  
Pid filename/var/run/squid. pid
# The process ID of the Squid process.
Dns nameservers 192. x. x.1
# Define the address of the DNS server.
Cache_mgr squidadmin@your.domain
# The Mail address of the cache administrator.
Reference age 1 week
# Set the buffer update period.
Maximum object size 4096 KB
# Set the maximum one-time request that can be cached.
Cache_effective_user squidadmin
# Run as squidadmin.
  
   4. use SQMGRLOG for billing 
$ Cd/tmp
$ Tar-zxvf sqmlog *
$ Cd sqm *
$./Configure -- enable-config =/usr/local/squid/
The options mainly include the following two items.
  
---- 1. language
  
---- This language does not contain Chinese characters. In fact, its language is controlled by English. h. It can be compiled and installed after being compiled in Chinese.
  
---- -- Enable-language = English, Bulgarian_windows1251, Czech, Dutch, French, German, Hungarian, Indonesian, talian, apanese, Portuguese, example, example, Serbian, Spanish, Turkish default: English
  
---- 2. installation directory
  
---- -- Enable-config =/usr/local/squid/etc
  
---- # Put SQMGRLOG configuration file sqmgrlog. conf in the same directory as the configuration file of Squid.
  
-- Enable-prefix =/usr/local/squid/bin
# Directory of the final compiled running file sqmgrlog.
$ Make
$ Make install
Finally, we need to configure sqmgrlog. conf.
Access log/usr/local/squid/logs/access. log
# Set the location of the access. log file used by Squid.
Output dir/home/squidadmin/public_html/squid-reports
# Generate the output Directory of the report.
Password/usr/local/squid/etc/passwd
# Generate only the user report specified in this passwd file.
$./Sqmgrlog

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.