访问图片,测试缓存,缓存的时间,X-Cache为HIT击中,说明squid缓存起作用;第一次为MISS;
[root@localhost ~]# curl -x192.168.22.30:3128 'http://www.linuxidc.com/images/home/images/logo.jpg' -I
HTTP/1.0 200 OK
Server: Tengine
Date: Sun, 24 May 2015 13:42:43 GMT
Content-Type: image/jpeg
Content-Length: 5309
Last-Modified: Wed, 22 Jan 2014 07:55:12 GMT
Expires: Sun, 31 May 2015 13:42:43 GMT
Cache-Control: max-age=604800
Load-Balancing: web39
Accept-Ranges: bytes
Age: 29661
X-Cache: HIT from yonglinux
X-Cache-Lookup: HIT from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
设置squid代理服务器只代理某几个域名
设置域名白名单,允许baidu sohu可以访问,其他都拒绝;
vim /etc/squid/squid.conf 下面的内容加入到squid配置文件acl下面;
acl http proto HTTP
acl good_domain dstdomain .baidu.com .sohu.com
http_access allow http good_domain
http_access deny http !good_domain
使用curl测试白名单,baidu、sohu返回状态码为200 OK,qq不在白名单则返回403;
[root@localhost ~]# curl -x192.168.22.30:3128 -I
HTTP/1.0 200 OK
Content-Type: text/html
Date: Sun, 24 May 2015 13:57:32 GMT
Server: SWS
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=120
Expires: Sun, 24 May 2015 13:59:32 GMT
Last-Modified: Sun, 24 May 2015 13:57:21 GMT
X-RS: 11172604.20347654.12509576
FSS-Cache: HIT from 9861864.17726194.11198816
X-Cache: MISS from yonglinux
X-Cache-Lookup: MISS from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
[root@localhost ~]# curl -x192.168.22.30:3128 -I
HTTP/1.0 403 Forbidden
Server: squid/3.1.10
Mime-Version: 1.0
Date: Sun, 24 May 2015 22:04:30 GMT
Content-Type: text/html
Content-Length: 3254
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from yonglinux
X-Cache-Lookup: NONE from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
限制某些域名不能通过代理访问
设置域名黑名单,不允许访问taobao.com jd.com;其他的都允许;
vim /etc/squid/squid.conf 下面的内容加入到squid配置文件acl下面
acl http proto HTTP
acl bad_domain dstdomain .taobao.com .jd.com
http_access deny http bad_domain
使用curl测试黑名单,taobao、jd返回状态码为403,linuxidc不在黑名单返回200 OK;
[root@localhost ~]# curl -x192.168.22.30:3128 -I
HTTP/1.0 403 Forbidden
Server: squid/3.1.10
Mime-Version: 1.0
Date: Sun, 24 May 2015 21:35:22 GMT
Content-Type: text/html
Content-Length: 3266
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from yonglinux
X-Cache-Lookup: NONE from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
[root@localhost ~]# curl -x192.168.22.30:3128 -I
HTTP/1.0 403 Forbidden
Server: squid/3.1.10
Mime-Version: 1.0
Date: Sun, 24 May 2015 21:35:32 GMT
Content-Type: text/html
Content-Length: 3254
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from yonglinux
X-Cache-Lookup: NONE from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
[root@localhost ~]# curl -x192.168.22.30:3128 -I
HTTP/1.0 200 OK
Server: Tengine
Date: Sun, 24 May 2015 13:31:21 GMT
Content-Type: text/html
Vary: Accept-Encoding
Load-Balancing: web39
X-Cache: MISS from yonglinux
X-Cache-Lookup: MISS from yonglinux:3128
Via: 1.0 yonglinux (squid/3.1.10)
Connection: keep-alive
使用IE浏览器测试,需要设置代理服务器,菜单栏——工具——Internet选项——连接——局域网设置,勾选代理服务器——高级,填写squid代理服务器地址和端口号;
访问jd.com taobao.com,提示错误,访问被拒绝,由之前定义的可视化主机名发出的;访问其他网站正常;
3、搭建squid反向代理
vim /etc/squid/squid.conf #如下变更
之前增加的域名白/黑名单相关配置去掉;
http_port 3128 改为 http_port 80 accel vhost vport
增加如下内容:
cache_peer 14.17.42.40 parent 80 0 originserver name=a
cache_peer 180.97.33.107 parent 80 0 originserver name=b
cache_peer_domain a
cache_peer_domain b