http_access 一条一条向下查 只要符合一条便不再向下查
默认规则不是allow 也不是deny 是最后http_access的一条是allow或deny取反
比如最后一条为:
http_access deny badip # 其他则允许
http_access allow goodip # 其他则拒绝
http_access deny all # 肯定匹配啦 全允许
http_access allow all # 肯定匹配啦 全拒绝
默认规则不是allow 也不是deny 是最后http_access的一条是allow或deny取反
比如最后一条为:
http_access deny badip # 其他则允许
http_access allow goodip # 其他则拒绝
http_access deny all # 肯定匹配啦 全允许
http_access allow all # 肯定匹配啦 全拒绝
*透明代理*
#---------------------------------------------------------------------------------------
visible_hostname gateway # 必写主机名 错误的时候让管理员知道是哪台出问题
#---------------------------------------------------------------------------------------
visible_hostname gateway # 必写主机名 错误的时候让管理员知道是哪台出问题
http_port 3128 transparent # squid监听本地3128端口
cache_mem 32 MB # 最常用的缓存内存 官方建议总内存的1/3 - 1/2
cache_dir ufs /var/squid/spool 500 16 256 # 500M 16个一级目录 256个二级目录
access_log /var/log/squid/access.log squid # access日志
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl goodnet src 192.168.0.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl goodnet src 192.168.0.0/24
http_access allow goodnet
http_access allow localhost
http_access deny all
#--------------------------------
防火墙加条:
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
service iptables save
#---------------------------------------------------------------------------------------
http_access allow localhost
http_access deny all
#--------------------------------
防火墙加条:
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
service iptables save
#---------------------------------------------------------------------------------------
*正向代理*
#---------------------------------------------------------------------------------------
visible_hostname proxy_one
cache_mem 32 MB
cache_dir ufs /var/squid/spool 500 16 256
http_port 8080
access_log /var/log/squid/access.log squid
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl goodnet src 192.168.0.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl goodnet src 192.168.0.0/24
http_access allow goodnet
http_access allow localhost
http_access deny all
#---------------------------------------------------------------------------------------
http_access allow localhost
http_access deny all
#---------------------------------------------------------------------------------------
*反向代理*
#---------------------------------------------------------------------------------------
hosts文件加反向
192.168.0.21
192.168.0.22
192.168.0.23 www.example.com
#--------------------------------
visible_hostname example_proxy
http_port 80 transparent # squid监听本地3128端口
cache_mem 1000 MB # 最常用的缓存内存 官方建议总内存的1/3 - 1/2
cache_dir ufs /var/squid/spool 5000 32 512 # 500M 16个一级目录 256个二级目录
access_log /var/log/squid/access.log squid # access日志
acl all src 0.0.0.0/0.0.0.0
http_access allow all
http_access deny all
http_access deny all
外网合法DNS 所有*.example.com 指向squid外网ip
#---------------------------------------------------------------------------------------
