本节中将简要的介绍下代理服务器squid的配置,之前有记录过反向代理的配置,但在生产环境中正向代理和正向透明代理的使用更广泛些,同时这也是Linux基础知识的重点
[root@localhost ~]# yum -y install squid
[root@localhost ~]# grep -v '^#' /etc/squid/squid.conf |uniq //查看去掉注释行后的squid配置文件
acl all src 0.0.0.0/0.0.0.0 //定义acl的范围
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost //定义允许或拒绝访问的acl,注意策略顺序,先匹配则先允许
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all //在策略末尾拒绝所有
icp_access allow all
http_port 3128 //定义开启的端口
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid //访问日志保存位置
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid