Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you an example analysis of the nature and forward agency of squid. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

A brief introduction to squid

Squid Cache (Squid for short) is HTTP proxy server software. Squid has a wide range of uses, can be used as a cache server, proxy users request data from the web server and cache, can filter traffic to help network security, can also be used as a link in the proxy server chain to forward data to superior agents or directly connect to the Internet. It can also be used in the local area network to enable local area network users to surf the Internet through agents.

Squid caches data elements in memory and caches the results of DNS lookups, in addition to supporting non-modular DNS queries and negative caching of failed requests. Squid supports SSL and access control. Due to the use of ICP,Squid, overlapping proxy arrays can be realized, thus maximizing bandwidth savings.

Squid consists of a main service program Squid, a DNS query program dnsserver, several programs that rewrite requests and perform authentication, and several management tools. When Squid starts, it can derive a specified number of dnsserver processes, and each dnsserver process can execute a separate DNS query, which greatly reduces the time that the server waits for DNS queries.

Another advantage of Squid is that it uses access control lists (ACL) and access rights lists (ARL). Access control lists and access lists reduce potential illegal Internet connections by blocking specific network connections, and can be used to ensure that hosts on the intranet cannot access threatened or inappropriate sites.

II. Squid application

Squid can be used as either a forward proxy server or a reverse proxy server. For more information about the classification of proxy servers, please refer to the blog post: system principle Analysis Architecture-3-introduction and classification of proxy servers (2014-10-15 19:54)

Note: originally this article is to explain the page caching function of squid as a reverse proxy, but because squid is also commonly used as a forward proxy function, it will also be explained in subsequent articles, which can deepen the understanding of the whole squid by comparison.

1. Squid forward proxy server

To take a simple example, if the company's intranet machines are normally not allowed to access the extranet. However, due to the needs of work, R & D colleagues are equipped with a machine that can access the external network to view data. In this way, every time you need to get on the external network, you need to compete for the only external network host. This situation exists in most companies. Smart programmers certainly won't give up, and they have to put their machines on the external network anyway. At this time, squid can come in handy to the agent.

Note: forward agents also include transparent agents for this topic.

2. Use the squid forward proxy to access the public network:

(1) Environment:

Suppose the windows machine cannot access the external network, but can access the internal network. (windows7)

There is a linux server that can access the external network, and the windows machine can access each other with the machine. (centos 6.5mini, ip:192.168.10.36)

(2) install squid on node36:

# yum install squid # install squid

# vim / etc/sysctl.conf# enable routing forwarding

Net.ipv4.ip_forward is set to 1

# vi / etc/sysconfig/network

# sysctl-p # routing is mandatory

# service network restart

Configure squid:

# vim / etc/squid/squid.conf

The # http_port directive tells squid on which port to listen for HTTP requests. The default port is 3128

# set cache directories. You can set multiple cache directories. The syntax is as follows:

# set acl access control table

Take, for example, allowing all clients in the 192.168.10.0amp 24 network segment to access the proxy server:

Add acl my_allow_net src 192.168.10.0Comp24 to the configuration file

Add acl my_allow_net src 192.168.10.0Comp24 to the configuration file

(note: the record must be added before the deny all. If the configuration file is read to deny all, the later configuration file will not take effect)

# squid-k parse

If you can't see the output and the configuration file is valid, you can continue with the following steps. However, if the configuration file contains errors, squid will tell you

# squid-z # initialize cache space

# / etc/init.d/squid restart# restart squid takes effect. It takes a long time to start and send squid. Wait patiently.

(3) Test proxy server under windows:

Browsers access baidu.com

Background log:

Tailf / var/log/squid/access.log

The normal forward agent succeeded.

3. Advanced feature configuration items

# stop squid

The safest way to stop squid is to use the squid-k shutdown command:

# squid-k shutdown

# reconfigure the running squid process. The best way to reconfigure the running squid is to use the squid-k reconfigure command:

# squid-k reconfigure

# disable access from certain IP addresses, add the following acl name and access rules to the squid configuration file, and reload the configuration file

Acl deny_net src 192.168.20.6/32

Http_access deny deny_net

# access is prohibited during certain periods of time

Acl Working_times MTWHF 08:00-17:00

Http_access allow Working_times

Http_access deny! Working_times

# prohibit a proxy client from establishing too many connections

Acl MaxConnLimit maxconn 4

Http_access deny MaxConnLimit

4. Transparent proxy for squid

Transparent proxy industry is a kind of forward proxy, the difference is that ordinary agents need to set up proxy IP and PORT in the client (browser LAN proxy server), while transparent proxy uses NAT function to map specific data requests to proxy servers.

Ex:#iptables-t nat-A PREROUTING-I eth0-p tcp-s 192.168.62.0 dport 24-- dport 80-j REDIRECT-- to-ports 3128

The above is the example analysis of the essence of squid and forward agent shared by Xiaobian. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.