Shulou(Shulou.com)06/02 Report--

Main points of content:

1. Introduction of Squid

Second, cache proxy

Manual compilation, installation and optimization of Squid

Fourth, set up traditional agents

Fifth, set up transparent proxy

1. Introduction of Squid

(1) Squid is a high-performance proxy cache server. Squid supports FTP, gopher, HTTPS and HTTP protocols. Unlike normal proxy caching software, Squid uses a separate, non-modular, Imax O-driven process to handle all client requests.

(2) on what system does Squid run?

Squid runs on most Unix and OS/2 versions of systems, and Windows,AIX,Digital Unix,FreeBSD,HP-UX,Irix,Linux,NetBSD,Nextstep,SCO,Solaris is known to work

(3) download and obtain Squid:

Squid provides software libraries on many unix like systems. For example, you can install it using apt install squid on ubuntu, or you can download binary compiled software packages directly from squid's official website.

Second, cache proxy

The working mechanism of the web agent is to cache web objects and reduce repeated requests.

1. When our client accesses the web page through the squid proxy, the designated proxy server will first check its own cache. If there is a page needed by our client in the cache, the squid server will directly return the page content in the cache to the client. If there is no page requested by the client in the cache, the squid proxy server will send an access request to internet and get the returned web page. Save the data of the web page to the cache and send it to the client.

2. Because the client's web access request is actually completed by the squid proxy server, the real IP address of the user is hidden, thus playing a certain role of protection.

On the other hand, squid can also filter and control the target to be accessed, the address of the client, and the time period of access.

(1) basic types of agents:

1. Traditional proxy: that is, ordinary proxy service, which requires our client to set the address and port of the proxy server in some programs such as browsers, chat tools, and so on, before we can use the proxy to access the network. this way is more troublesome, because the client also needs to specify the proxy server manually, so it is generally used in the Internet environment.

2. Transparent proxy: the function is the same as that of the traditional proxy, except that the client does not need to specify the address and port of the proxy server manually, but redirects web access through default route and firewall policy, which is actually still handled by the proxy server. The process of redirection is entirely carried out by the squid server, so the client does not even know that he is using the squid proxy service. Therefore, we call it transparent mode.

Transparent proxy is mostly used in LAN environment, for example, after enabling transparent proxy in Linux gateway, LAN hosts can enjoy better Internet speed without additional settings.

(2) benefits of using agents:

1. Improve the speed of web access

2. Hide the real IP address of the client

Manual compilation, installation and optimization of Squid

(1) decompress the package:

Tar zxvf squid-3.4.6.tar.gz-C / opt/

(2) install the compilation tool:

Yum install gcc gcc-c++ make-y

(3) compile:

. / configure-- prefix=/usr/local/squid\-- sysconfdir=/etc\-- enable-arp-acl\-- enable-linux-netfilter\-- enable-linux-tproxy\-- enable-async-io=100\-- enable-err-language= "Simplify_Chinese"\-- enable-underscore\-- enable-poll\-- enable-gnuregex

(4) installation

Install & & make install

(5) it is easy to manage and can create soft connections.

Ln-s / usr/local/squid/sbin/* / usr/local/sbin/

(6) create user squid and configure permissions

Useradd-M-s / sbin/nologin squid

Chown-R squid.squid / usr/local/squid/var/// authorization

(7) modify the configuration file

Vim / etc/squid.conf add the following code: http_access allow allcache_effective_user squid / / add specified program user cache_effective_group squid / / add specified account basic group

(8) check

Squid-k parse / / check configuration file syntax squid-z / / initialize cache directory squid / / start the service

Check the port to see if the service is enabled properly:

(9) write a startup script:

1. Write the script directory: / etc/init.d/

Vim squiddance netstat natp: 2345 90 25PID = "/ usr/local/squid/var/run/squid.pid" CONF= "/ etc/squid.conf" CMD= "/ usr/local/squid/sbin/squid" case "$1" instart) netstat-natp | grep squid & > / dev/null if [$?-eq 0] then echo "squid is running" else echo is starting squid.... "$CMD fi" ; stop) $CMD-k kill & > / dev/null rm-rf $PID & > / dev/null;; status) [- f $PID] & > / dev/null if [$?-eq 0] then netstat-natp | grep squid else echo "squid is not running" fi Restart) $0 stop & > / dev/null echo "closing squid..." $0 start & > / dev/null echo "starting squid...";; reload) $CMD-k reconfigure;; check) $CMD-k parse;; *) echo "usage: $0 {start | stop | status | reload | check | restart}";; esac

2. Add execution permissions

Chmod + x squid / / add execution permission chkconfig-- add squid / / make it easier for service to recognize chkconfig-- level 35 squid on / / set boot self-startup

3. Turn off and enable the service

Service squid stop service squid start

Fourth, set up traditional agents

Role IP address Web server 192.168.220.136 proxy server 192.168.220.131 client 192.168.220.129

Step 1: edit the configuration file / etc/squid.conf

Cache_mem 64 MB / / specify the memory space used by the caching function reply_body_max_size 10 MB / / maximum file size allowed for users to download maximum_object_size 4096 KB / / maximum object size allowed to be saved to cache space

Step 2: make firewall rules

Iptables-F / / clear all rules to temporarily stop firewall setenforce 0iptables-I INPUT-p tcp-- dport 3128-j ACCEPT / / allow destination port 3128 to forward

Step 3: the client browser sets up the proxy service

(1) Open the browser → tool → Internet option → connection → LAN Settings

(2) the browser accesses the IP address of the web server and refreshes it several times, because we have set up a proxy service, in fact, the request to visit the website is completed by the proxy server for us. In order to verify, you can check the log file of the web server to know whether the visited ip address is the client or the proxy server.

Check the log file in / etc/httpd/logs, access_log. The following is a partial screenshot:

You can see that it is the proxy server that visits the web page, not the client, which also serves the purpose of hiding the real IP address of the client.

Fifth, set up transparent proxy

Role IP address squid proxy server intranet: 192.168.100.1; extranet: 12.0.0.1web server 12.0.0.12 client 192.168.100.50

Step 1: the user's browser cancels the LAN setting

Step 2: configure the proxy server squid

(1) enable route forwarding:

Echo "1" > / proc/sys/net/ipv4/ip_forward

(2) Edit configuration file / etc/squid.conf

Modify the listening address:

Http_port 192.168.100.1:3128 transparent

(3) add firewall policy:

Iptables-Fiptables-t nat-F / / reset firewall iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 3128iptables 24-p tcp-- dport 80-j REDIRECT-- to 3128 ACCEPT / port redirect to 3128iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 3128iptables-- dport 443-j REDIRECT-- to 3128iptables-I INPUT-p tcp-dport 3128-j ACCEPT / / develop port 3128

(4) restart the service:

Service squid restart

Step 3: verify

1. Visit the web server website on the client browser

2. In the log file of the web server, check which IP address is visited:

Vim / etc/httpd/logs/access_log

You can see that it is the ip address of the foreign network card of the squid proxy server.

Transparent proxy set successfully.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.