Shulou(Shulou.com)06/03 Report--

A brief introduction to Squid

Squid is a kind of software used to buffer Internet data. This is how it works, accepting requests from the object that people need to download and handling them appropriately. That is, if a person wants to download a web page, he asks Squid to get the page for him. Squid then connects to a remote server (such as http://squid.nlanr.net/) and makes a request to the page. Squid then explicitly aggregates the data to the client machine and makes a copy at the same time. The next time someone needs the same page, Squid can simply read it from disk so that the data is immediately transferred to the client. The current Squid can handle protocols such as HTTP,FTP,GOPHER,SSL and WAIS. But it can't handle things like POP,NNTP,RealAudio and other types of things.

Basic types of agents

Traditional agent: for Internet, the server needs to be specified clearly

Transparent proxy: the client does not need to specify the address and port of the proxy server, but through the default route, the firewall redirects the web to the proxy

Benefits of agency

Improve web access speed

Hide the real IP address of the client

Experimental environment

Squid server: 192.168.149.125

Web server: 192.168.149.135

Client server: 192.168.149.188

Install the squid proxy server on the squid server

[root@squid ~] # mkdir / abc

[root@squid ~] # mount.cifs / / 192.168.100.3/LNMP-C7 / abc/ # # Mount

[root@squid ~] # cd / abc/

[root@squid abc] # tar zxvf squid-3.4.6.tar.gz-C / opt # # decompress

[root@squid abc] # yum install gcc gcc-c++ make-y # # install environment components

[root@squid abc] # cd / opt/squid-3.4.6

[root@squid squid-3.4.6] #. / configure\

-- prefix=/usr/local/squid\ # # installation path

-- sysconfdir=/etc\ # # configuration file directory

-- enable-arp-acl\ # # support acl access control lists

-- enable-linux-netfilter\ # # supports network filtering

-- enable-linux-tproxy\ # # supports transparency

-enable-async-io=100\ # # io optimization

-- enable-err-language= "Simplify_Chinese"\ # # error display in simplified Chinese

-- enable-underscore\

-- enable-poll\

-- enable-gnuregex # # supports regular expression

[root@squid squid-3.4.6] # make & & make install # # compile and install

[root@squid squid-3.4.6] # ln-s / usr/local/squid/sbin/* / usr/local/sbin/ # # easy for system identification

[root@squid squid-3.4.6] # useradd-M-s / sbin/nologin squid # # create a system user

[root@squid squid-3.4.6] # chown-R squid.squid / usr/local/squid/var/ # # give all files in the directory master group permissions

Modify the squid configuration file and optimize startup items

[root@squid squid-3.4.6] # vim / etc/squid.conf # # modify squid configuration file

Http_access allow all # # add this item

# http_access deny all # # Notes to allow terminal access

Http_port 3128

Cache_effective_user squid # # specify user squid

Cache_effective_group squid # # specify a group

[root@squid squid-3.4.6] # squid- k parse # # check configuration file syntax

[root@squid squid-3.4.6] # squid- z # # initialize cache directory

[root@squid squid-3.4.6] # squid # # enable the service

[root@squid squid-3.4.6] # netstat-ntap | grep 3128 # # View squid port

[root@squid squid-3.4.6] # cd / etc/init.d/

[root@squid init.d] # vim squid # # Edit the script for service to start squid

#! / bin/bash

# chkconfig: 2345 90 25

PID= "/ usr/local/squid/var/run/squid.pid" # # PID file process number

CONF= "/ etc/squid.conf" # # main configuration file

CMD= "/ usr/local/squid/sbin/squid" # # start command

Case "$1" in

Start)

Netstat-ntap | grep squid & > / dev/null

If [$?-eq 0]

Then

Echo "squid is running"

Else

Echo "starting squid...."

$CMD

Fi

Stop)

$CMD-k kill & > / dev/null # # close squid

Rm-rf $PID & > / dev/null # # Delete the PID file

Status)

[- f $PID] & > / dev/null

If [$?-eq 0]

Then

Netstat-ntap | grep squid

Else

Echo "squid is not running"

Fi

Restart)

$0 stop & > / dev/null

Echo "shutting down squid..."

$0 start & > / dev/null

Echo "starting squid..."

Reload)

$CMD-k reconfigure # # reload configuration file

Check)

$CMD-k parse # # check syntax

*)

Echo "usage: $0 {start | stop | reload | status | check | restart}"

Esac

[root@squid init.d] # chmod + x squid # # give execution permission

[root@squid init.d] # chkconfig-- add squid # # add to service management

[root@squid init.d] # chkconfig-- level 35 squid on # # Boot

Set up traditional proxy configuration

[root@squid init.d] # vim / etc/squid.conf # # modify the main configuration file

Http_port 3128

Cache_mem 64 MB # # memory space size

Reply_body_max_size 10 MB # # allows maximum file size to be downloaded

Maximum_object_size 4096 KB # # allows you to save the maximum cache space object size

[root@squid init.d] # service squid restart

[root@squid init.d] # iptables-L # # View table contents

[root@squid init.d] # iptables-F # # clear the table cache

[root@squid init.d] # setenforce 0

[root@squid init.d] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # # allow port 3128

[root@squid init.d] # service squid reload # # reload configuration file

Install the http service on the web server

[root@web ~] # systemctl stop firewalld.service # # turn off the firewall

[root@web ~] # setenforce 0

[root@web ~] # yum install httpd-y # # install the web service

[root@web ~] # systemctl start httpd.service

Test the proxy service and clear the cache

View the httpd service log file of the web host

[root@localhost logs] # head-1 access_log

192.168.52.138-[04/Dec/2019:17:09:15 + 0800] "GET / HTTP/1.1" 403 4897 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "

# you can see that it is accessed by the IP address of the client host

[root@localhost logs] #

[root@localhost logs] # tail-1 access_log

192.168.52.134-[04/Dec/2019:17:26:55 + 0800] "GET / browserconfig.xml HTTP/1.1" 404 215 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "

# you can see that it is accessed by the IP address of the squid server

[root@localhost logs] #

Transparent proxy

Squid:192.168.100.1 private network: ens33

12.0.0.1 Public Network: ens36

Web:12.0.0.12

Client:192.168.100.50

Add a network card and set up a transparent proxy

Ens33 Nic profile:

[root@squid ~] # cd / etc/sysconfig/network-scripts/

[root@squid network-scripts] # vim ifcfg-ens33

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens33

UUID=8ecd53ce-afdb-46f8-b7ff-b2f428a3bc8f

DEVICE=ens33

ONBOOT=yes

IPADDR=192.168.100.1

NETMASK=255.255.255.0

Ens36 Nic profile:

[root@squid network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36

[root@squid network-scripts] # vim ifcfg-ens36

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens36

DEVICE=ens36

ONBOOT=yes

IPADDR=12.0.0.1

NETMASK=255.255.255.0

[root@squid network-scripts] # systemctl restart network

[root@squid network-scripts] # ifconfig

Ens33: flags=4163 mtu 1500

Inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255

Inet6 fe80::c776:9d00:618:88f2 prefixlen 64 scopeid 0x20

Ether 00:0c:29:eb:34:07 txqueuelen 1000 (Ethernet)

RX packets 226 bytes 31111 (30.3 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 84 bytes 10776 (10.5 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Ens36: flags=4163 mtu 1500

Inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255

Inet6 fe80::55bc:65c1:7046:e2d6 prefixlen 64 scopeid 0x20

Ether 00:0c:29:eb:34:11 txqueuelen 1000 (Ethernet)

RX packets 216bytes 30613 (29.8KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 76 bytes 9847 (9.6 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@squid network-scripts] # service network restart # # restart the network service

[root@squid network-scripts] # vim / etc/sysctl.conf # # enable routing forwarding

Net.ipv4.ip_forward=1

[root@squid network-scripts] # sysctl-p # # load

Set up a transparent proxy on the squid server

[root@squid network-scripts] # vim / etc/squid.conf # Settings profile

Http_port 192.168.100.1 3128 transparent # set transparent proxy

[root@squid ~] # iptables-F # clear the table cache

[root@squid ~] # iptables-t nat-F # clear the NAT table cache

Root@squid ~] # setenforce 0 # turn off enhanced security features

[root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 tcp 24-p tcp-- dport 80-j REDIRECT-- to 3128

# define rule entry ens33,80 port redirect to 3128

[root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 tcp 24-p tcp-- dport 443-j REDIRECT-- to 3128

# https443 Port

[root@squid network-scripts] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # allow access to port 3128

[root@squid network-scripts] # service squid stop # disable the service

[root@squid network-scripts] # service squid start # enable the service

Starting squid...

[root@squid network-scripts] #

Change the web host and client test host network mode to host only, configure a fixed IP address, and shut down the proxy server

Test the server, view the log

[root@localhost] # tail-1 / etc/httpd/logs/access_log

12.0.0.1-[04/Dec/2019:19:57:53 + 0800] "GET / favicon.ico HTTP/1.1" 404 209 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "

# you can see that it is accessed by the IP address of the proxy server

[root@localhost ~] #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.