26 Jan 2015
vim /etc/squid/squid.conf ************************************************* ##################################################### # acl <自定义 acl 名称> <要控制的 acl 类型> <设定的內容> ##################################################### # 定义acl对象manager为cache_object协议 acl manager proto cache_object # 定义acl对象localhost和to_localhost为本机的ip acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # 定义localnet为局域网地址 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines # 定义端口号的acl对象 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ##################### # http_access访问控制 ##################### # cache_object协议只允许在本机访问 http_access allow manager localhost http_access deny manager # 拒绝链接Safe_ports之外的端口 http_access deny !Safe_ports # 拒绝连接非SSL_ports的端口 http_access deny CONNECT !SSL_ports # 拒绝连接本地服务器提供的服务 http_access deny to_localhost # # 推荐在此处增加自定义的访问控制 # # 允许从本地连接 http_access allow localnet http_access allow localhost # 最后拒绝所有其他连接 http_access deny all # 定义监听端口号 http_port 3128 # 定义缓存目录和缓存容量,100m、16个子目录、256个次级子目录 cache_dir ufs /data/cache 100 16 256 cache_mem 100 MB # 将coredumps留在此目录中 coredump_dir /data/cache # 定义缓存的存在时间 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 *************************************************
mkdir /data/cache chown -R squid:squid /data/cache
squid -z 2016/12/21 07:57:19| WARNING cache_mem is larger than total disk cache space! 2016/12/21 07:57:19| Creating Swap Directories 2016/12/21 07:57:19| /data/cache exists 2016/12/21 07:57:19| Making directories in /data/cache/00 2016/12/21 07:57:19| Making directories in /data/cache/01 2016/12/21 07:57:19| Making directories in /data/cache/02 2016/12/21 07:57:19| Making directories in /data/cache/03 2016/12/21 07:57:19| Making directories in /data/cache/04 2016/12/21 07:57:19| Making directories in /data/cache/05 2016/12/21 07:57:19| Making directories in /data/cache/06 2016/12/21 07:57:19| Making directories in /data/cache/07 2016/12/21 07:57:19| Making directories in /data/cache/08 2016/12/21 07:57:19| Making directories in /data/cache/09 2016/12/21 07:57:19| Making directories in /data/cache/0A 2016/12/21 07:57:19| Making directories in /data/cache/0B 2016/12/21 07:57:19| Making directories in /data/cache/0C 2016/12/21 07:57:19| Making directories in /data/cache/0D 2016/12/21 07:57:19| Making directories in /data/cache/0E 2016/12/21 07:57:19| Making directories in /data/cache/0F
service squid start Starting squid: . [ OK ]
# 检查配置文件语法,若服务未启动,会提示 squid -k check # 重新加载配置文件 squid -k rec
curl -xlocalhost:3128 -I http://www.baidu.com/img/bdlogo.png HTTP/1.0 200 OK Date: Tue, 27 Jan 2015 13:26:43 GMT Server: Apache P3P: CP=" OTI DSP COR IVA OUR IND COM " Set-Cookie: BAIDUID=F3D04DFA7E13C6FF014F5A941A69A7D6:FG=1; expires=Wed, 27-Jan-16 13:26:43 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1 Last-Modified: Fri, 01 Aug 2014 11:57:57 GMT ETag: "14d3-4ff90199dfb40" Accept-Ranges: bytes Content-Length: 5331 Cache-Control: max-age=315360000 Expires: Fri, 24 Jan 2025 13:26:43 GMT Content-Type: image/png X-Cache: MISS from web03 X-Cache-Lookup: MISS from web03:3128 Via: 1.0 web03 (squid/3.1.10) Connection: keep-alive curl -xlocalhost:3128 -I http://www.baidu.com/img/bdlogo.png HTTP/1.0 200 OK Date: Tue, 27 Jan 2015 13:26:43 GMT Server: Apache P3P: CP=" OTI DSP COR IVA OUR IND COM " Last-Modified: Fri, 01 Aug 2014 11:57:57 GMT ETag: "14d3-4ff90199dfb40" Accept-Ranges: bytes Content-Length: 5331 Cache-Control: max-age=315360000 Expires: Fri, 24 Jan 2025 13:26:43 GMT Content-Type: image/png Age: 31 X-Cache: HIT from web03 X-Cache-Lookup: HIT from web03:3128 Via: 1.0 web03 (squid/3.1.10) Connection: keep-alive
# 限制域名,向配置文件中添加以下字段,推荐添加到上面标记的自定义控制区域 vi /etc/squid/squid.conf ************************************************* acl http proto HTTP acl good_domain dstdomain .example.com http_access allow http good_domain http_access deny http !good_domain ************************************************* squid -k check squid -k rec curl -xlocalhost:3128 -I www.baidu.com HTTP/1.0 403 Forbidden Server: squid/3.1.10 Mime-Version: 1.0 Date: Tue, 27 Jan 2015 13:40:34 GMT Content-Type: text/html Content-Length: 3235 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from web03 X-Cache-Lookup: NONE from web03:3128 #因为有限制,所以不能访问 Via: 1.0 web03 (squid/3.1.10) Connection: keep-alive curl -xlocalhost:3128 -I blog.example.com #因为这里访问的符合规则,则为200 HTTP/1.0 200 OK Server: nginx/1.4.4 Date: Tue, 27 Jan 2015 13:42:52 GMT Last-Modified: Wed, 24 Dec 2014 01:51:11 GMT Content-Type: text/html Content-Length: 62201 ETag: "549a1c0f-f2f9" Accept-Ranges: bytes X-Cache: MISS from web03 X-Cache-Lookup: MISS from web03:3128 Via: 1.0 web03 (squid/3.1.10) Connection: keep-alive