最近在公司搭建了squid代理服务器,由于时间原因只将配置文件写出来,自己研究下,很实用的。有需要的朋友可以研究下。
# NETWORK OPTIONS #Default: http_port 192.168.1.222:8080 transparent //开启透明代理 在客户端把网关改成这个就可以了 #httpd_accel_host virtual #httpd_accel_port 80 #httpd_accel_with_proxy on #httpd_accel_uses_host_header on #Default: icp_port 3130 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 60 MB cache_swap_low 70 cache_swap_high 85 maximum_object_size 32768 KB maximum_object_size_in_memory 512 KB cache_dir ufs /var/spool/squid 1000 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 dns_nameservers 202.106.0.20 # ACCESS CONTROLS acl all src 0.0.0.0/0.0.0.0 //允许使用代理的网段 #acl mycents src 192.168.1.20-192.168.1.254/24 #####baddomain###### #acl sex_domain dst "/etc/squid/acl/sex_domain" #acl Government_domain dst "/etc/squid/acl/Government_domain" #acl game_domain dst "/etc/squid/acl/game_domain" #acl money_domain dst "/etc/squid/acl/money_domain" #acl webmail_domain dst "/etc/squid/acl/webmail_domain" #acl chat_domain dst "/etc/squid/acl/chat_domain" #acl badmailIP dst "/etc/squid/acl/mailIP" acl badqqip dst "/etc/squid/acl/qqip" //拒绝qqip的acl规则 被拒绝的qq ip放在/etc/squid/acl/qqip中
acl qq_domains dst "/etc/squid/acl/qq_dom" //拒绝访问qq 域 被拒绝的qq域放在/etc/squid/acl/qq_dom中 ##################################### # #acl sex_r url_regex -i \sex #acl stock url_regex -i stock #acl chat url_regex -i chat acl qq url_regex -i qq acl qq url_regex -i tencent #acl game url_regex -i game # #acl badurl urlpath_regex -i \.mp3 $\.avi $\.mp4 ###acl manager proto cache_object ###acl localhost src 127.0.0.1/255.255.255.255 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 #acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 22 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #########bad web--------- #http_access deny sex_domain #http_access deny Government_domain #http_access deny game_domain #http_access deny money_domain #http_access deny webmail_domain #http_access deny chat_domain #http_access deny badmailIP http_access deny badqqip //执行拒绝acl http_access deny qq_domains ###### #http_access deny sex_r #http_access deny stock #http_access deny badurl #http_access deny chat http_access deny qq #http_access deny game #### icp_access allow all #http_access allow mycents #http_access allow all http_access allow all
http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports #http_access allow localhost #http_access deny manager # Deny requests to unknown ports #http_access allow Safe_ports #http_access allow SSL_ports # Deny CONNECT to other than SSL ports #http_access deny CONNECT !SSL_ports
附件有配置文件
二、反向代理 1、配置 http_port 80 vhost vport 访问端口,启用加速模式,支持虚拟主机,端口 http_access allow all 权限控制 #cache_peer hostname type http-port icp-port [options] cache_peer 127.0.0.1 parent 8080 0 originserver no-query 原站服务器 缓存协议 指定原站,真正的web服务器 不接受icp协议 如果访问的是www的就从到10.0.0.190的80读取数据 cache_peer 10.0.0.190 parent 80 0 no-query originserver name=www cache_peer 10.0.0.247 parent 80 0 no-query originserver name=bbs cache_peer 10.0.0.233 parent 80 0 no-query originserver name=blog cache_peer_domain www www.sina.com.cn cache_peer_domain bbs bbs.sina.com.cn cache_peer_domain blog blog.sina.com.cn cache_peer_access www allow all cache_peer_access bbs allow all cache_peer_access blog allow all