In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Main points of content:
I. the use of ACL in Squid
Second, log analysis
III. Reverse agency
I. the use of ACL in Squid
(1) ACL access control method:
1. Define the list based on source address, destination URL, file type, etc.
Acl list name list type list content...
2. Restrict the defined acl list
Http_access allow or deny list name …
(2) ACL rule priority:
When a user accesses the proxy server, Squid sequentially matches all the rule lists defined in Squid, and stops matching as soon as the match succeeds. When none of the rules match, Squid uses the opposite rule from the last one.
(3) commonly used ACL list types:
Src-> Source address dst-> destination address port-> destination address dstdomain-> destination Domain time-> access time maxconn-> maximum concurrent connection ur_ regex-> destination URL address Urlpath_regex-> entire destination URL path
(4) Operation demonstration:
Note: the proxy function must be done first, and the Squid proxy server needs to open port 3128. Every time the configuration file is changed, the service needs to be restarted.
Role IP address Web server 192.168.220.136Squid proxy server 192.168.220.131 client 192.168.220.128
Modify / etc/squid.conf file
Add the following code:
1. Based on IP address restrictions:
Acl hostlocal src 192.168.220.128ax 32 / / hostlocal indicates the name http_access deny hostlocal / / access denied
2. Based on time limit:
Acl work time WTHMFAS 11:00-12:00 / / time set at 11:00-12:00http_access deny work / / access denied
3. Based on the destination address (that is, web server address)
You can add a rejected destination address to a file
1. Mkdir / etc/squid/ / first create a directory vim dest.list to add the rejected ip address to the file 192.168.220.111192.168.220.123192.168.220.1362, do the rule vim / etc/squid.conf acl destion dst "/ etc/squid/dest.list" http_access deny destion
Second, log analysis
Step 1: install the sarg tool
Sarg (Squid Analysis Report Generator), is a Squid log analysis tool, using HTML format, a detailed list of each user to visit Internet site information, time occupation information, ranking, connection times, visits and so on.
(1) install image processing tools:
Yum install-y gd gd-devel pcre
(2) create a file:
Mkdir / usr/local/sarg
Extract tar zxvf sarg-2.3.7.tar.gz-C / opt/ to the / opt/ directory
(3) compilation
. / configure-- prefix=/usr/local/sarg\-- sysconfdir=/etc/sarg\-- enable-extraprotection / / additional security protection
(4) installation
Make & & make install
(5) modify the main configuration file / etc/sarg/sarg.conf
Vim / etc/sarg/sarg.conf enables the following functions (with minor modifications): access_log / usr/local/squid/var/logs/access.log / / specify access log file title "Squid User Access Reports" / / web page title output_dir / var/www/html/squid-reports / / report output directory user_ip no / / use the user name to display the number of connections in the exclude_hosts / usr/local/sarg/noreport / / site list file topuser_sort_field connect reverse / / top that does not count for sorting, Access bytes, user_sort_field reverse / / user access records in descending order, number of connections, Access bytes sorted in descending order overwrite_report no / / whether the log of the same name overrides mail_utility mail.postfix / / send mail report command charset UTF-8 / / use character set weekdays 0-6 / / week cycle www ranked by top _ document_root / varwww/html / / Web page root directory
(6) adding will not be counted in the site file, and the added domain name will not be displayed in the sort.
Touch / usr/local/sarg/noreport
Ln-s / usr/local/sarg/bin/sarg / usr/local/bin/// is easy to manage and can create a soft connection
Enable:
Step 2: install Apache
Yum install httpd-y
Step 3: test on the client
Visit on the browser: http://192.168.220.131/squid-reports
Through this tool, we can see the details of the visit.
At the same time, you can also use periodically scheduled tasks to perform daily reports:
Sarg-1 / usr/local/squid/var/logs/access.log-o / var/www/html/squid-reports/-z-d $(date-d "1 day ago" +% d/%m/%Y)-$(date +% d/%m/%Y)
III. Reverse agency
How reverse proxy works:
The reverse proxy server is located between the local WEB server and the Internet.
When a user browser issues a HTTP request, the request is directed to the reverse proxy server through domain name resolution (if you want to implement a reverse proxy for multiple WEB servers, you need to point the domain names of multiple WEB servers to the reverse proxy server). Requested by the reverse proxy server processor. Reverse proxies generally cache only bufferable data (such as html pages and images), while some CGI scripts or programs such as ASP do not. It buffers static pages based on the HTTP header tags returned from the WEB server.
Role IP address Web server 1192.168.220.136Squid proxy server 192.168.220.131 client 192.168.220.128Web server 2192.168.220.137
1. Configure the Squid proxy server:
Modify / etc/squidconf file
Vim / etc/squid.confhttp_port 192.168.220.131:80 accel vhost vportcache_peer 192.168.220.136 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1cache_peer 192.168.220.137 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web2cache_peer_domain web1 web2 www.yun.com
Service squid restart / / restart squidsystemctl stop httpd.service / / shut down the Apache service
2. Make a test web page on two Web servers:
3. The client does domain name resolution:
Modify the proxy server port:
4. Browsers access http://www.yun.com/
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 214
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.