This article comes from: Unknown Author: Chen Zheng Zhou Chunqi (2002-01-31 09:17:57)
---- (Author Address: Shanghai University Information Center, 200000) ---- IP is a real problem facing high-speed development network, how do we solve this problem? It is a wonderful means to solve this problem by connecting only the internal IP computer through a standard IP as a proxy server. The proxy server is the transfer station of the data, which can record the data of the proxy server, providing service and help for the subsequent data analysis and billing. In addition, the cache of the access site can be established by means of proxy server software (such as Squid), so that the user re-accessed can call data directly from the cache, speed up the access speed, reduce the duplicate network data flow. ---- Since Squid has the characteristics of permission management, high performance and efficiency, the application is more extensive, so we will discuss the proxy server Squid in Linux, FreeBSD, and Unix applications, will also This section describes how to use Squid assistance software to achieve a specific method of appointment and billing. First, get Squid and related software ---- get Squid software from http://squid-cache.org/, get htpasswd_plus and sqmgrlog from http: // web.onda.com.br/orso /, and Save them in the / tmp directory. Second, compiling and install Squid under Linux - we assume that the software environment is Redhat Linux 7.x, compiling and install Squid operations steps below. ---- 1. Download the latest version of the source file Squid-2.3.stable4.src.tar.gz, and place it in the / TMP directory. ---- 2. Create User SquidAdmin # adduser Squidadmin # adduid as root ---- In the default, SquidAdmin has been established. Squid cannot be run as root because of the security problem, so you can use the newly built user using the new user with a new user. ---- 3. Log in with SquidAdmin, unpack and install the Squid source file. $ CD / TMP $ TAR -ZXVF SQUID * $ CD Squid * $. / configure --prefix = / usr / local / square Enter the Squid directory to compile, consider the installation path --prefix = / usr / local / Squid . $ Make $ make install ---- 4. Enter the / usr / local / squid / bin directory, execute $. / Square, create a Cache exchange directory. At this point, Squid has been installed on the user's system. However, let Squid run normally, users need to do some basic settings. Squid is only related to / usr / local / square / etc / square, all settings are completed in this file. Third, Squid Basic Settings #defaults: ACL ALL SRC 0.0.0.0.0.0.0 Settings The rules set here. HTTP_ACCESS DENY ALL ---- Without the default, there are 2 rules. When there is a request that does not match any user-defined rules, the HTTP_Access Deny All rule will be applied, so, the HTTP request will be rejected. ---- So how do you set up SQUID in Linux? Squid uses Access Control List to manage rules.
For example: ACL ACLNAME ACLTYPE STRING1 ... ACL ACLNAME ACLTYPE "file" ---- aclName is the name of the user-defined rule, and aclType is a category that can be identified by Squid (mainly SRC, DST, Proxy_Auth, Port, and Time .. .), String is the user's setting, you can use "file" to transfer from external files to the settings. ---- 1. If the user likes to pop up the username and password, you first need to install the authentication program. Squid's source file package has several authentication programs, all in / tmp / squid- 2.3.stable4 / auth_modules directory. (1) $ cd/tmp/squid-2.3.Stable4/AUTH_MODULES/NCSA $ make NCSA_AUTH (2) Copy the generated execution file NCSA_AUTH to the Squid execution file directory. $ CP NCSA_AUTH / USR / LOCAL / SQUID / BIN (3) Generate usernames and password authentication data files for Squid utilization with htpasswd_plus. The format of $ htpasswd_plus -c / usr / local / squid / etc / passwd passwd is as follows. Userkvibt46c.: 977867617: * Username2: TV.8xcr8tgiqw: *: 192.168.1.0 username3: Password: Failure time: If you can log in to *, you can match any items. Also add additional more users. $ Htpasswd_plus / usr / local / squid / etc / passwd newusername (4) Modify Squid.conf Set Authenticate Program / USR / local / Squid / bin / ncsa_auth / usr / local / squid / etc / passwd specifies internal programs for authentication identity. Add rules as follows. ACL ALLOWEDUER Proxy_Auth UserName1 UserName2 or ACL ALLOWEDUSER Proxy_Auth Required HTTP Access Alloweduser ---- Keyword Required means that any legal user can authenticate identity, and the same role in his ACLTYPE. ---- 2. Use IP to limit the use of Squid Proxy, set the contents as follows. acl manager proto HTTP FTP ... acl safeports port 80 21 443 563 70 210 1025-65535 ... acl connect method CONNECT acl allowedIP src 202.120.xx / 255.255.255.224 acl denyIP src 202.96.xx / 255.255.255.224 acl allowedusers proxy_auth REQUIRED http_access deny! Safeports # disables HTTP requests from! Safeports. HTTP_ACCESS DENY DENYIP HTTP_ACCESS ALLOWEDIP HTTP_ACCESS ALLOWEDUSERS - - thus, in addition to rejection and allowed IP, other requests will be authenticated by entering the username and password. If the user does not want internal computers to access certain websites (such as violence or porn sites), you can block these sites by setting up the following.
---- ACL BADIP DST "/ USR / local / Squid / etc / somebadip" ---- http_access de Ney Badip ---- The rejected IP address of the source src is not the source SRC, but the IP address of the destination DST. In the file Somebadip, a batch of IP addresses are stored in the following format: ---- 24.244.192.0 ---- 61.128.0.0/255.252.0.0 ---- Please pay special attention to the order of HTTP statements, Through different order, we can make flexible configurations to get the appropriate services. ---- 3. Some of the other settings are as follows, most of which can be modified, only the default value can be used. The default proxy port of the HTTP Port 3128 #http protocol. Cache MEM 42MB # uses a piece of memory as a buffer. Cache Dir UFS / Home / Squid / Cache 1024 16 256 ---- The size of the hard disk buffer is 1GB, the size of 16, and 256 secondary directories. ---- Cache Access Log /var/log/squid/access.log ---- # This log file is used to describe the cache hits or not in the time of each customer request HTTP content, and also describes the request The host identity and the content they need, it is the basis for analyzing the measures such as SQMGRLOG. ---- Cache log /var/log/squid/cache.log ---- # is used to describe the memory capacity, the size of the switch space, the location of the cache directory, the location of the cache directory, The connection type and the port that is accepted. ---- cache_store_log /var/log/squid/store.log ---- # is used to describe the page from the cache to be transferred. The PID filename /var/run/squid.pid #squid process process number. DNS Nameservers 192.x.x.1 # Defines the address of the domain resolution server. Cache_mgr squidadmin@your.domain #cache administrator's mailbox address. Reference Age 1 Week # Sets the update cycle of the buffer. Maximum Object Size 4096 KB # Set the one-time maximum request to be cached. Cache_effective_user squidadmin Squidadmin # is running the user SquidAdmin. Fourth, use SQMGRLOG to implement the billing $ CD / TMP $ TAR -ZXVF SQMLOG * $ CD SQM * $. / Configure --enable-config = / usr / local / squid / option Mainly below. ---- 1. Language ---- This language does not contain Chinese. In fact, its language part is controlled by eNGLISH.H, which can be compiled and installed after Chinese.
