Shulou(Shulou.com)06/03 Report--

ACL access control ACL access control defines list acl list name list type list content according to source address, destination URL, file type, etc. Restrict http_access allow or deny list names for defined acl lists... ACL rule priority when a user accesses the proxy server, Squid sequentially matches all rule lists defined in Squid, and stops matching as soon as the match succeeds. When all the rules don't match Squid will use the ACL list type commonly used in the last rule, src → source address dst → destination address port → destination address dstdomain → destination domain time → access time maxconn → maximum concurrent connection url_regex → destination URL address Urlpath_regex → entire destination URL path experiment to build an experimental environment squid server IP address: ens33:192.168.80.184 ens36 : 192.168.10.1 (host-only mode) web server IP address: 192.168.80.151client client IP address: 192.168.10.10 (host-only mode) modify the configuration file on the squid server root@squid ~] # vim / etc/squid.conf / / modify the configuration file # should be allowedacl hostlocal src 192.168.10.10 hostlocal10.10 32 / / control the host # Deny requests To certain unsafe portshttp_access deny hostlocal / / deny access to [root@squid ~] # service squid reload / / restart the squid service to access the web web page on the test machine

Sarg log configuration installs sargon [root @ squid ~] # mount.cifs / / 192.168.80.2/LNMP-C7 / mnt/ mounts Password for root@//192.168.80.2/LNMP-C7: [root@squid ~] # cd / mnt/ [root@squid mnt] # tar zxvf sarg-2.3.7.tar.gz-C / opt/ decompress [root@squid mnt] # cd / opt / sarg-2.3.7/ [root@squid sarg-2.3.7] # yum install gd gd-devel-y / / install the gd library [root@squid sarg-2.3.7]. / configure-- prefix=/usr/local/sarg\ / / installation path >-- sysconfdir=/etc/sarg\ / / specify the location of the configuration file >-- enable-extraprotection / / enable security [root@squid] Sarg-2.3.7] # make & & make install / / compile, install, modify sarg configuration file [root@squid sarg-2.3.7] # vim / etc/sarg/sarg.conf / / modify sarg configuration file access_log / usr/local/squid/var/logs/access.log / / Open the specified access log file title "Squid User Access Reports" / / web page title output_dir / var/www/html/squid-reports / / report output directory user_ip no / / use user name to display exclude_hosts / usr/local/sarg/noreport / / the number of connections in the sort of site list file topuser_sort_field connect reverse / / top that is not included in the sort Access bytes, sort in descending order Ascending order is whether normaloverwrite_report no / / log of the same name overrides mail_utility mailq.postfix / / send email report command charset UTF-8 / / use character set weekdays 0-6 / / top ranking time period hours 0-23 / / time period of top ranking www_document_root / var/www/html / / the root directory of the web page [root@squid ~] # sarg / / generate report SARG: recorded in file: 91 Reading: 100.00%SARG: successful generation report in / var/www/html/squid-reports/2019Dec11-2019Dec12 [root@squid sarg-2.3.7] # cd / var/www/html/squid-reports/ switch to html directory [root@squid squid-reports] # ls2019Dec11-2019Dec12 images index.html [root@squid squid-reports] # yum install httpd-y / / install httpd service [root@squid squid] -reports] # systemctl start httpd.service / / enable the service [root@squid squid-reports] # systemctl stop firewalld.service / / turn off the firewall [root@squid squid-reports] # setenforce 0 / / turn off selinux to view the access record in the client client access web page

Configure periodic scheduled tasks on the squid server to collect access information sarg-l / usr/local/squid/var/logs/access.log-o / var/www/html/squid-reports/-z-d $(date-d "1 day ago" +% d/%m/%Y)-$(date +% d/%m/%Y) again in the client client to visit the web page to view access records.

Squid reverse proxy configuration lab environment squid server IP address: ens33:192.168.80.184 ens36:192.168.10.1 (host-only mode) web1 server IP address: 192.168.80.151web2 server IP address: 192.168.80.185client client IP address: 192.168.10.10 (host-only mode) Editing web content on the web1 server root@web ~] # cd / var/www/html/ [root@web html] # echo "this is test web!" > visit web pages on index.htmlclient clients

Edit the web content on the web2 server [root@web2 ~] # systemctl stop firewalld.service / / turn off the firewall [root@web2] # setenforce 0 [root@web2 ~] # yum install httpd-y / / install the httpd service [root@web2] # cd / var/www/html/ create web content [root@web2 html] # echo "this is test2 web!" > index.html [root@web2 html] # systemctl start httpd.service configure reverse proxy [root@localhost squid] # vim / etc/squid.conf# Squid normally listens to port 3128http_port 192.168.80.184systemctl start httpd.service 80 accel vhost vport / / Monitoring native port 80 cache_peer 192.168.80.151 parent 800 no-query originserver round-robin max_conn=30 weight=1 name=web1 / / Node Server 1 maximum access 30 Weight 1, alias web1cache_peer 192.168.80.185 parent 800 no-query originserver round-robin max_conn=30 weight=1 name=web1cache_peer_domain web1 web2 www.yun.com / / access yun.com matches web1,web2 node [root@localhost squid] # service squid restart / / restart squid service configure resolution domain name address and set proxy under admin user of client client

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.