SME server configuration solution (Squid proxy server)
2001-06-05 12:39
Publisher: NetBull Readings: 111 Tanghaijing (submission) Section 5 Squid Agent Server & 5.1 Introduction As a free network operating system, Linux is getting more and more popular with network enthusiasts, currently running on the Internet The host has a considerable part of the Linux operating system, and China has put the Linux operating system as a designated network operating system of the government online, indicating that the Linux operating system is gradually maturing. In this chapter I will introduce you to the configuration method of the relatively excellent proxy server software that can be used under the Linux system. As we all know, today's internet development is extremely rapid, and IP address resources are very nervous. And if you want to access the Internet, share the rich resources of the Internet, your machine must have a standard IP address. On the Internet, the IP address is the unique sign that identifies your machine. Currently, there are two ways to make your machine have standard IP addresses: a local area network access to the Internet via a line, your machine can have a static IP address. The so-called static IP address is that the user is fixed, the IP address is fixed. After this IP address is used, others can no longer be used. One is to access the Internet via telephone line dial or ISDN dial, etc. Your machine can get a temporary standard IP address from the IP address pool of the ISP access server during your dial-up Internet, this IP address is Not you use it after the next line, and you will double your next time, it is likely to assign it to your machine is another temporary IP address. This temporary allocated IP address is called a dynamic IP address. Whether it is a static address or a dynamic address, when your machine access the Internet, there is no difference in use. Now the Internet is so fast, and the IP address resources are so nervous, this can't be said to be a sharp contradiction. Although IPv6 is being developed, the far water does not understand the thirst, a lot of companies, the intranet inside the company now wants to access the vast resources of the Internet, but it is hard to have no sufficient IP address resources. What should I do? Fortunately, there is a proxy service this good thing. Agent service refers to this machine that has a single machine and other hosts that have a standard IP address (hereinafter referred to as internal address), which provides proxy servers. The machine with internal address Thinking to find information on the Internet, first send this request to a proxy server with a standard IP address, and send this request through its standard IP address to the requested target address. The server of the target address is then sent back to the proxy server back the result, and the proxy server is neitched to send the information to the original machine that has internal IP addresses. This completes a process of accessing the internal machine to access the Internet. Several machines with internal addresses have formed an internal network, the role of the proxy server is to embark on the internal network and the Internet, solve the problem of accessing the Internet accessing the Internet. And this agent is irreversible, the host on the Internet cannot access any machine with internal addresses, which can also protect the security of internal data. There are many server software capable of completing this proxy function. I recommend a relatively excellent proxy server software Squid that can be used under Linux. The reason why it is more excellent because it can make a big cache on the proxy server, you can store a lot of us-going website content to the cache, so that the internal network is accessible to those websites, you can get from the cache I am calling.
On the one hand, it can speed up the speed of the Internet to browse the Internet. This is the so-called improving client's access hit rate. On the other hand, Squid not only supports the HTTP protocol, but also supports FTP, GOPHER, SSL, and WAIS and other protocols. Practical principles, our this chapter will only introduce you how to set up an HTTP agent, while other agents are similar, all of which understand how HTTP is configured to configure other agents. (LinuxByte Download Squid) & 5.2 Requirements Resources & 5.2.1 Required Packages Squid-2.3.Stable1-5.rpm & 5.2.2 Required Profile / Etc/squid/squid.conf System Bring, Admin Configuration & 5.2.3 Related Tools Nothing & 5.3 Configuration Scheme 1. (Squid): Squid Main Profile Source File: ACL DENY_IP_01 DST 1.1.1.1 HTTP_ACCESS DENY DENY_IP_01 # above two lines are IP-based access control ACL DENY_URL_01 URL_REGEX HTTP: //www.www.www http_access Deny Deny_URL_01 # above two lines is a URL-based access control http_port 3128 # http protocol agent default proxy port Cache_MEM 32 MB # Open a memory area as buffer cache_dir ufs / home / Squid / Cache 1024 16 256 # Open a hard disk space, as a hard disk buffer, the distribution of this area is continuous, logical relationship is set by administrators cache_access_log /var/log/squid/access.log # This log file is used to describe each time Customer requests HTTP content, cache hits or missed projects. Also describe the host identity of the request and what they need. Cache_log /var/log/squid/cache.log # is used to describe how much memory, interrupt space, cache directory location, the accepted port is accepted, and the connected port is accepted when the SQUID daemon is started. Cache_store_log /var/log/squid/store.log # is used to describe the page from the cache to be transferred. PID_FILENAME /VAR/Run/Squid.pid # administrators can learn about the current executed Squid process by viewing this file. DNS_NAMESERVERS 192.168.0.1 # Defines the address of the domain name resolution server ACL ALL SRC 0.0.0.0.0.0.0.0 Cache_Mgr Root@weboa.com.cn # Setup Cache Administrator's Mailbox Address Reference_AGE 3 Days # Set the Update Cycle Maximum_Object_Size 4096 KB # Set the one-time maximum request & 5.4 test and management method to be cached & 5.4.1 Test Method 1. Open the browser under the client, set the proxy server, the port is 3128, see if you can access the Internet is pull. & 5.4.2 Management Method 1. Modify the configuration file to be executed /etc/rc.d/init.d/squid restart makes the configuration take effect.