CentOS5 Squid3 企业应用

小风儿

                           架设 Squid3.0 代理服务器

   

一、设置本机网络

在/etc/sysconfig/sysconfig-scirpt/中设置icf-eth0,icf-eth1静态Ip为eth0:192.168.254.254,eth1:192.168.1.254。

在/etc/resolve.conf中设置nameserver 192.168.1.254 Nameserver 202.96.134.133

在/etc/sysctl.conf中设置net.ipv4.ip_forward = 1 并开启本机路由转发 sysctl -p

二、安装squid

在Centos5.4使用yum install squid安装rpm包。

主要配置文件如下：/etc/squid/squid.conf

http_port 192.168.1.254:3128 transparent     #启用本机1.254透明代理服务端口为3128

cache_mem 2048 MB                            #设置本机的缓存为2G 一般是本地的1/3

cache_swap_high 90                           

cache_swap_low  85

cache_log /dev/null

cache_store_log /dev/null

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

cache_dir aufs /var/squid 30000 16 256

cache_effective_user squid

cache_effective_group squid

cache_mgr IT

dns_nameservers 202.96.134.133,192.168.1.254,202.96.128.68

#urequest_body_max_size 0 KB

#refresh_prettern ^ftp:     1440    20% 10080

#refresh_pattern ^gopher:   1440    0%  1440

#refresh_pattern (cgi-bin|\?)   0   0%  0

#refresh_pattern .      0   20% 4320

icp_port 3130

hierarchy_stoplist cgi-bin ?

hierarchy_stoplist -i ^https:\\ ?

acl QUERY urlpath_regex -i cgi-bin \? \.asp \.php \.jsp \.cgi

acl denyssl urlpath_regex -i ^https:\\

no_cache deny QUERY

no_cache deny denyssl

acl CONNECT method CONNECT

#定义访问控制端口

acl SSL_ports port 443

acl Safe_ports port 80

acl Safe_ports port 21

acl Safe_ports port 563

acl Safe_ports port 70

acl Safe_ports port 210

acl Safe_ports port 1025-65535

acl Safe_ports port 280

acl Safe_ports port 488

acl Safe_ports port 591

acl Safe_ports port 777

#定义访问控制事件

#acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl LanSrc src 192.168.1.0/24

acl LanDst dst 192.168.1.0/24

acl to_localhost dst 127.0.0.0/8

acl BigPostUsers src "/etc/squid/BigPostUsers.txt"

acl QQUsers src "/etc/squid/QQUsers.txt"

acl InternetUsers src "/etc/squid/InternetUsers.txt"

acl denydomains dstdom_regex -i "/etc/squid/denydomains.txt"

acl LimitedSites dstdom_regex -i "/etc/squid/LimitedSites.txt"

acl denyurls url_regex -i "/etc/squid/denyurls.txt"

#acl QQ dstdomain -i .tencent.com .qq.com

acl 360Safe dstdomain -i .360safe.com 360safe.qihoo.com 360.qihoo.com files.ju.qihoo.com

#acl Microsoft dstdomain -i .microsoft.com .microsoft.com.cn

#直接定义允许与拒绝访问功能

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports              

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny denydomains

http_access deny denyurls

http_access allow QQUsers

http_access deny QQ

http_access allow LanSrc

http_access allow LanDst

http_access deny all   #拒绝所有用户访问

http_reply_access allow all

icp_access allow all

visible_hostname  192.168.1.254

coredump_dir /var/spool/squid

squid常用命令集：

squid –k parse        检查/etc/squid/squid.conf配置文件的正确性

squid –k reconfigure  重新加载配置文件

squid –z              初始化缓存目录

squid –k rorate       设置代理轮询日志

使用chkconfig --level 235 squid on

使用chkconfig squid on 或ntsysv勾选squid设置开机自启。