Realize the agent online and billing with Squid

xiaoxiao2021-03-06  105

Author: percent100

First, get SQUID and related software

---- Get the Squid software from http://squid-cache.org/, get htpasswd_plus and sqmgrlog from http://web.onda.com.br/orso /, save them in / tmp .

Second, compile and install Squid under Linux

---- We assume that the software environment is Redhat Linux 7.x, compiled, and installs the steps of Squid as follows.

---- 1. Download the latest version of the source file Squid-2.3.stable4.src.tar.gz, and place it in the / TMP directory.

---- 2. Create User SquidAdmin # adduser Squidadmin with root

---- In the default, the same name group SquidAdmin has been established. Squid cannot be run as root because of the security problem, so you can use the newly built user to install management from the beginning.

---- 3. Log in with SquidAdmin, unpack and install the Squid source file.

$ CD / TMP $ TAR -ZXVF SQUID * $ CD Squid * $. / configure --prefix = / usr / local / square Enter the Squid directory to compile, consider the installation path --prefix = / usr / local / Squid . $ Make $ make Install

---- 4. Enter the / usr / local / squid / bin directory, execute $. / Square, create a Cache exchange directory. At this point, Squid has been installed on the user's system. However, let Squid run normally, users need to do some basic settings. Squid is only related to /usr/local/squid/etc/squid.conf, all settings are completed in this file.

Third, Squid basic settings

#Defaults: ACL All SRC 0.0.0.0.0.0.0 The rule sets here. HTTP_ACCESS DENY ALL

---- Without the default, there are 2 rules. When a request is not possible to match any of the rules defined, the HTTP_Access Deny All rule will be applied, so that the HTTP request will be rejected.

---- So how do you set up SQUID in Linux? Squid uses Access Control List to manage rules. E.g:

ACL ACLNAME ACLTYPE STRING1 ... ACL ACLNAME ACLTYPE "File"

---- aclName is the name of the user, ACLTYPE is a category that can be identified by Squid (mainly SRC, DST, PROXY_AUTH, PORT and TIME ...), String is the setting of the user, can be used from outside File transfer settings.

---- 1. If the user likes to pop up the username and password, you first need to install the authentication program. Squid's source file package has several authentication programs, all in /tmp/squid-2.3.stable4/Auth_Modules directory.

(1) $ cd/tmp/squid-2.3.Stable4/AUTH_MODULES/NCSA $ make NCSA_AUTH (2) Copy the generated execution file NCSA_AUTH to the Squid execution file directory. $ CP NCSA_AUTH / USR / LOCAL / SQUID / BIN (3) Generate usernames and password authentication data files for Squid utilization with htpasswd_plus. The format of $ htpasswd_plus -c / usr / local / squid / etc / passwd passwd is as follows. Userkvibt46c.: 977867617: * Username2: TV.8xcr8tgiqw: *: 192.168.1.0 username3: Password: Failure time: If you can log in to *, you can match any items. You can also add additional more users. $ htpasswd_plus / usr / local / squid / etc / passwd newusername (4) Modify Squid.conf Set Authenticate Program / USR / local / Squid / bin / ncsa_auth / usr / local / squid / etc / passwd specifies internal programs for authentication identity. Add rules as follows. ACL ALLOWEDUER Proxy_Auth UserName1 UserName2 or ACL ALLOWEDUSER Proxy_Auth Required Http Access ALLOWEDUSER ---- Keyword Required means that any legal users can authenticate identity, and the same role in other aclTypes.

---- 2. Use IP to limit the use of Squid Proxy, set the contents as follows.

acl manager proto HTTP FTP ... acl safeports port 80 21 443 563 70 210 1025-65535 ... acl connect method CONNECT acl allowedIP src 202.120.xx / 255.255.255.224 acl denyIP src 202.96.xx / 255.255.255.224 acl allowedusers proxy_auth REQUIRED http_access deny! Safeports # disables HTTP requests from! Safeports. HTTP_ACCESS DENY DENYIP HTTP_ACCESS ALLOWEDIP HTTP_ACCESS ALLOWEDUSERS

--- This, other requests will be authenticated by entering the username and password in addition to rejection and allowed IP. If the user does not want internal computers to access certain websites (such as violence or porn sites), you can block these sites by setting up the following.

---- ACL BADIP DST "/ USR / local / Squid / etc / somebadip"

---- HTTP_ACCESS DENY BADIP

---- The IP address of the source SRC is rejected here, but the IP address of the destination DST. Store a batch of IP addresses in the following format in the file Somebadip:

---- 24.244.192.0/255.255.240.0

---- 61.128.0.0/255.252.0.0

---- Please pay special attention to the order of the HTTP statement, which is through different order, so that we can make a flexible configuration to get the appropriate services.

---- 3. Some of the other settings are as follows, most of which can be modified, only the default value can be used.

The default proxy port of the HTTP Port 3128 #http protocol. Cache MEM 42MB # uses a piece of memory as a buffer. Cache Dir UFS / Home / Squid / Cache 1024 16 256 ---- The size of the hard disk buffer is 1GB, the size of 16, and 256 secondary directories.

---- Cache Access Log /var/log/squid/access.log

---- # This log file is used to describe projects that are cache hits or not when the customer requests HTTP content, and also describes the host identity of the request and what they need, it is SQMGRLOG. The basis of the bill.

---- Cache log /var/log/squid/cache.log

---- # is used to describe the memory capacity, the size of the switching space, the location of the cache directory, the accepted connection type, and the port accepted.

---- Cache_Store_log /Var/log/squid/store.log

---- # for describing the page from the cache to be transferred from the cache.

The PID filename /var/run/squid.pid #squid process process number. DNS Nameservers 192.x.x.1 # Defines the address of the domain resolution server. Cache_mgr squidadmin@your.domain #cache administrator's mailbox address. Reference Age 1 Week # Sets the update cycle of the buffer. Maximum Object Size 4096 KB # Set the one-time maximum request to be cached. Cache_effective_user squidadmin Squidadmin # is running the user SquidAdmin.

Fourth, use SQMGRLOG to charge billing

$ CD / TMP $ TAR -ZXVF SQMLOG * $ CD SQM * $. / configure --enable-config = / usr / local / Squid / Options Mainly below.

---- 1. Language

---- This language does not contain Chinese. In fact, its language part is controlled by eNGLISH.H, which can be compiled and installed after Chinese.

---- --enable-language = English, Bulgarian_windows1251, Czech, Dutch, French, German, Hungarian, Indonesian, talian, apanese, Portuguese, Russian_Koi8, Russian_windows1251, Serbian, Spanish, Turkish default: English

---- 2. installation manual

---- --Nable-config = / usr / local / Squid / ETC

---- # author puts the SQMgrLog profile sqmgrlog.conf in the same directory as the SQUID.

--enable-prefix = / usr / local / squid / bin # Final compiles the generated run files SQMGRLOG placement directory. $ Make $ make INSTALL Finally, we have to configure sqmgrlog.conf. Access log /usr/local/squid/logs/access.log # Sets the use of Squid's use record file Access.log's location. Output Dir / Home / SquidAdmin / Public_html / Squid-Reports # Generates the Output Directory of the Report. Password / usr / local / squid / etc / passwd # only the user Report indicated in this Passwd file. $. / SQMGRLOG

转载请注明原文地址:https://www.9cbs.com/read-126765.html

New Post(0)