squid

 

 

安装

装squid

yum install -y squid

安装httpd（用于后面生成密码文件）

yum install -y httpd  或者 yum install httpd-tools -y

配置文件   vim /etc/squid/squid.conf

如果不需要带用户认证，只需启用这条即可（安全性很差）

http_port 3128
http_access allow all

带用户认证配置(这里通过ncsa认证模块来为我们的squid添加认证)

htpasswd -c /etc/squid/passwd username#创建一个密码文件名为passwd，账号名为username的密码文件
# 回车之后提示输入密码，在此这里我设置的密码为 321654
# 注意密码不要超过8位　

#注释以下内容：
# http_access deny !Safe_ports
# http_access deny CONNECT !SSL_ports
# http_access deny to_localhost
# http_access allow localnet
# http_access deny all
 
#在代码后添加验证和安全相关命令
acl OverConnLimit maxconn 16       #定义每个IP最大允许16个连接，防止攻击
 
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd 　　　　 #选择的认证方式为basic，定义认证程序路径和密码文件路径。
auth_param basic children 5 　　　　　　　　#认证程序的进程数
auth_param basic realm airoot's Squid Server 　　　　　　 #客户端在使用代理时，输入密码时弹出来的提示框中的描述文字
auth_param basic credentialsttl 5 hours　　　　　#认证有效时间
acl auth_user proxy_auth REQUIRED　　　　　#定义认证的用户
http_access deny OverConnLimit       #超出之前设定的连接数则拒绝
http_access allow auth_user　　　　　#允许认证的用户访问
http_access deny all 　　　　#拒绝所有其它访问

via off
forwarded_for delete

 

　　

启动命令与开机自启

# 启动
systemctl start squid.service
# 停止
systemctl stop squid.service
# 重启
systemctl restart squid.service
 
#设置开机自启
systemctl enable squid.service

 

　　

　　另一个conf

#
# Recommended minimum configuration:
#
workers 8
max_filedesc 500000
hosts_file /etc/hosts
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# auth认证
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic realm zshd's Auth
acl auth_user proxy_auth REQUIRED
http_access allow auth_user
# And finally deny all other access to this proxy

# Squid normally listens to port 3128
http_port 28345
icp_port 0
half_closed_clients off
maximum_object_size 102400 KB

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir null /tmp
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

via off
forwarded_for delete
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access All allow all
dns_v4_first on

acl  ip49   myip  39.97.x.49
acl  ip50   myip  39.97.x.50
acl  ip51   myip  39.97.x.51
tcp_outgoing_address 39.97.x.49 ip49
tcp_outgoing_address 39.97.x.50 ip50
tcp_outgoing_address 39.97.x.51 ip51