//Initialize cache directory(4) Gateway configuration firewallTo enable the intranet test host to use a proxy server, you must open port 3128 in the firewall rules of the gateway:3128 -j ACCEPT(5) Setting up a proxy server in the browser of the intranet hostOpen Firefox Brow
Many people are constantly asking iptables + squid to do transparent proxy. I am afraid to give a unified answer here. If you have any questions, I hope you will give me some comments. Related Resources: man.chinaunix.net, with iptables man in the lower left corner. many people keep asking
Iptables+ Squid is used as a transparent
'.Squid: ERROR: No running copy
Test in another linux: curl-x192.168.22.30: 3128 www.qq.comSpecify port 3128 of proxy server 192.168.22.30 to access the website;The role of the proxy server is to allow users in the LAN to access
. initalise the cache: %/usr/local/squid/sbin/squid-z 3. start the cache: %/usr/local/squid/sbin/squid If you want to use the WWW interface to the Cache Manager, copythe cachemgr. cgi program into your httpd server's cgi-bindirectory. installation steps :. /configure -- prefix =/usr/local/squidmake allsudo make install
(images, HTML, streaming media, JS, CSS, etc.). It is used in the website architecture.
Environment:
Client: 172.16.0.210/24
Proxy Server: 172.16.0.101/24,172.16 .1.101/24
Web server: 172.16.1.11/24
Status quo: the client can neither access the Internet nor access the Web server.
Objective: to allow clients to access the Internet and the Web server.
Install squid
On the
certain websites (such as violent or pornographic websites), you can use the following settings to block these websites.
---- Acl badip dst "/usr/local/squid/etc/somebadip"
---- Http_access deny badip
---- What is rejected here is not the IP address of the source src, but the IP address of the destination dst. Store a batch of IP addresses in the following format in the file somebadip:
---- 24.244.192.0/255.255.240.0
---- 61.128.0.0/25
know ip,port and other information, automatically through the agent to complete, the client does not know that they are online through proxy form.Use Squid to modify configuration filesVi/etc/squid/squid.confThe default profile is bloated, there is a squid.conf.bak in/etc/squid
The squid RPM file has been bundled with RedHat 7.1. When installing the system, if you select
It is automatically installed on the system. You can run the following command to check whether squid has been installed in your system:
rpm -q squid
The latest version of squid can be obtained on the
Squid cache (Squid for short) is a popular free software that complies with the GNU General Public License. As the front cache server of the web server, Squid can request data from the web server and cache data. It can also be used in the LAN to allow LAN users to access the Internet through proxy.
hosts
Http_access allow all
Add cache directory and advanced cache directory
Cache_dir ufs/var/spool/squid 100 16 256
Cache_mem 64 MB
[[Email protected] SQUID] # service squid restart
Test web server access
[[Email protected] SQUID] # elinks -- dump 1.1.1.2
4. Set the client browser
Taking Firefox as an Example
Prefer
group permissions
Cache_inclutive_user squidCache_paitive_group squid
# Setting management information
Visible_hostname proxy.yxtc.edu.cnCache_mgr bye2000@yxtc.edu.cn
# Set the listening address and port
Http_port 3128Tcp_incoming_address x. xUdp_incoming_address x. x
# See the following supplementary description.
Cache_mem 32 MBCache_dir/cache 6000 14 256
# Set the cache object timeout time
option is used for the port listened by the Squid proxy. To implement the HTTP acceleration proxy, the listener port 80Tcp_outgoing_address 255.255.255.255This syntax specifies the IP address of the remote server. In this example, we use 255.255.255.255 to specify all IP ad
. Transparent proxy
650) This. width = 650; "alt =" Squid overview and proxy-dactylogram "src =" http://img0.ph.126.net/5iCB6HUcp8H11wszWJSPgg==/1174032127877660454.png "style =" border: 0px; Height: auto; margin: 0px 10px 0px 0px; "/>
1) The internal user requests to access Sina without setting a proxy in the browser
. The default value is 3128. Use proxy
Function. The port value must be used with the IP address of the machine running Squid. You can modify it as follows:
Http_port 192.168.0.1: 8080
The preceding statement indicates that Squid is bound to the IP address 192.168.0.1 and
Server Pages return "cache-control: Private." Therefore, no Active Server Pages will be cached on a reverse proxy server.
Grouping squid as reverse proxy (HTTP accelerator)
To set up squid as an httpd accelerator, you simply configure the squid. CONF file. usually it is fou
you are willing to configure the default route is not called.
2, the configuration squid and transparent mode
The code is as follows:
[Root@slyar ~]# Cp/etc/squid/squid.conf/etc/squid/squid.conf.bak
[Root@slyar ~]# vim/etc/squid/squid.conf
For the sake of convenience, I directly change the following line to http_
Article title: Squid implements reverse proxy and has intranet proxy. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
All files on my site are static html. to further speed up the webpage,
/logs
Squid's config file directory defaults to/usr/local/etc/squid
This installation is preferable to a package installation that uses a binary system directly. Because binary package is not guaranteed to work stably on a custom system. Download source code before compiling locally, first check the source code MD5 checksum, so that I can get the source is unmodified version. and then compile locally. Finally, install to the appropriate directory.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.