Squid traditional proxy and transparent proxy 01/16 Update SLTechnology News&Howtos

Squid traditional proxy and transparent proxy

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Cache proxy Overview of how web agents work: caching web objects and reducing duplicate requests

Basic types of proxy traditional proxy: suitable for Internet, need to specify server transparent proxy: client does not need to specify the address and port of proxy server, it is through default route, firewall redirects web to proxy the advantage of using proxy to improve web access speed hide the real IP address of client Traditional proxy Experimental Environment squid Server 192.168.13.179web Server 192.168.13.151client Test Machine 192.168.13.1351 Install the squid proxy server on the squid server [root@squid ~] # mkdir / abc [root@squid ~] # mount.cifs / / 192.168.100.3/LNMP-C7 / abc/ # # Mount [root@squid ~] # cd / abc/ [root@squid abc] # tar zxvf squid-3.4.6.tar.gz-C / opt # # decompress [root@squid abc] # yum install gcc gcc-c++ make-y # # installation environment group Piece [root@squid abc] # cd / opt/squid-3.4.6 [root@squid squid-3.4.6] #. / configure\-- prefix=/usr/local/squid\ # installation path-- sysconfdir=/etc\ # # configuration file directory-- enable-arp-acl\ # # support acl access control lists-- enable-linux-netfilter\ # # support network filtering-- enable-linux-tproxy\ # # support transparency-- enable-async-io=100\ # # io optimization-- enable-err-language= "Simplify_Chinese"\ # error display simplified Chinese-- enable-underscore\-- enable-poll\-- enable-gnuregex # # support regular expression [root@squid squid-3.4.6] # make & & make install # # compile and install [root@squid squid-3.4.6] # ln-s / usr/local/squid/ Sbin/* / usr/local/sbin/ # # makes it easy for the system to identify [root@squid squid-3.4.6] # useradd-M-s / sbin/nologin squid # # create a system user [root@squid squid-3.4.6] # chown-R squid.squid / usr/local/squid/var/ # # give all files in the directory master group permissions 2 Modify squid configuration file and optimize startup item [root@squid squid-3.4.6] # vim / etc/squid.conf # # modify squid configuration file # And finally deny all other access to this proxyhttp_access allow all # # add this # http_access deny all # # comment Allow terminal access to # Squid normally listens to port 3128http_port 3128cache_effective_user squid # # specify user squidcache_effective_group squid # # specify group [root@squid squid-3.4.6] # squid- k parse # # check configuration file syntax [root@squid squid-3.4.6] # squid- z # # initialize cache directory [root@squid squid-3.4.6] # squid # # enable service [root@squid squid-3] .4.6] # netstat-ntap | grep 3128 # # View squid port [root@squid squid-3.4.6] # cd / etc/init.d/ [root@squid init.d] # vim squid # # Edit the script for service to launch squid #! / bin/bash#chkconfig: 2345 90 25PID = "/ usr/local/squid/var/run/squid.pid" # # PID file process number CONF= "/ etc/squid.conf" # # main configuration text CMD= "/ usr/local/squid/sbin/squid" # # launch command case "$1" instart) netstat-ntap | grep squid & > / dev/null if [$?-eq 0] then echo "squid is running" else echo "starting squid...." $CMD fi ; stop) $CMD-k kill & > / dev/null # # close squid rm-rf $PID & > / dev/null # # Delete the PID file Status) [- f $PID] & > / dev/null if [$?-eq 0] then netstat-ntap | grep squid else echo "squid is not running" Fi ; restart) $0 stop & > / dev/null echo "shutting down squid..." $0 start & > / dev/null echo "starting squid...";; reload) $CMD-k reconfigure # # reload configuration file Check) $CMD-k parse # # check syntax; *) echo "usage: $0 {start | stop | reload | status | check | restart}" Esac [root@squid init.d] # chmod + x squid # # add [root@squid init.d] # chkconfig-- add squid # # to service Management [root@squid init.d] # chkconfig-- level 35 squid on # # Boot 3 Set traditional proxy configuration [root@squid init.d] # vim / etc/squid.conf # # modify the main configuration file # Squid normally listens to port 3128http_port 3128cache_mem 64 MB # # memory space reply_body_max_size 10 MB # # allow download maximum file size maximum_object_size 4096 KB # # allow maximum cache space object size [root@squid init.d] # service squid restart [root@squid init .d] # iptables-L # # View table contents [root@squid init.d] # iptables-F # # clear the table cache [root@squid init.d] # setenforce 0 [root@squid init.d] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # # allow port 3128 [root@squid init.d] # service squid reload # # to reload profile 4 Install the http service on the web server [root@web ~] # systemctl stop firewalld.service # # turn off the firewall [root@web ~] # setenforce 0 [root@web ~] # yum install httpd-y # # install the web service [root@web ~] # systemctl start httpd.service access the web page using client

[root@web ~] # cd / etc/httpd/logs/ # # View the log file [root@web logs] # vim access_log # # at this time, modify the client browser proxy settings

# # re-use the client to access the web server [root@web] # cd / etc/httpd/logs/ # # View the log file [root@web logs] # vim access_log # # at this time, the transparent proxy experimental topology

Lab environment squid server ens33:192.168.13.184 ens36:192.168.10.1 (host mode only) web server 192.168.13.151client 192.168.10.10 (host mode only) 1, add a network card on the squid service and set the ip address

[root@squid ~] # cd / etc/sysconfig/network-scripts/ [root@squid network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 [root@squid network-scripts] # vim ifcfg-ens36 # # modify ens36ip information BOOTPROTO=static## delete uuid modify 33 as 36IPADDR=192.168.10.1NETMASK=255.255.255.0 [root@squid network-scripts] # service network restart # # restart network service [root@squid network-scripts] # vim / etc/sysctl.conf # # Enable route forwarding net.ipv4.ip_forward= 1 [root @ squid network-scripts] # sysctl-p # # load 2 Specify a static route on the web server [root@web ~] # route add-net 192.168.10.0According to 24 gw 192.168.13.184 # # add static route 3 Set transparent proxy on squid server [root@squid network-scripts] # vim / etc/squid.conf # # setting profile http_port 192.168.10.1 vim 3128 transparent # # set transparent proxy cache_effective_user squidcache_effective_group squid [root@squid network-scripts] # service squid stop # # turn off the squid service [root@squid network-scripts] # service squid start [root@squid network-scripts] # iptables-F # # clear Empty table cache [root@squid network-scripts] # iptables-t nat-F [root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens36-s 192.168.10.0 tcp 24-p tcp-- dport 80-j REDIRECT-- to 3128 entries # define rule entry ens36 Redirect port 80 to 3128 [root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens36-s 192.168.10.0 REDIRECT 24-p tcp-- dport 443-j REDIRECT-- to 3128##https443 port [root@squid network-scripts] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT## allows port 3128 to access port 4 and test with a tester

5. View the access log file [root@web ~] # cd / var/log/httpd/ [root@web httpd] # vim access_log # # on the web server to view the access log information

# # at this time, it is accessed by 184, not the address of the test machine. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.