squid正向搭建

cat /etc/squid/squid.conf

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl SSL_ports port 443 
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https,在这里指定授信端口
acl CONNECT method CONNECT
acl http_ifconfig dstdomain ifconfig.co  #http访问方式域名
acl http_abc_xurl url_regex ^http://xurl.abc-inc.com/abc
acl http_163_mirrors dstdomain mirrors.163.com
acl http_aliyun_mirrors dstdomain mirrors.cloud.aliyuncs.com
acl http_aliyun_mirrors-1 dstdomain mirrors.aliyun.com
acl http_archive_com dstdomain cn.archive.ubuntu.com
acl http_abc-inc_com www.baidu.com www.google.com#多个域名用空格分开就行了。
acl ssl_ubuntu_mirrors_aliyun ssl::server_name mirrors.aliyun.com # HTTPS域名检查
acl ssl_pypi_org ssl::server_name pypi.org #https访问的域名
acl ssl_file_org ssl::server_name files.pythonhosted.org
acl ssl_eclipse_org ssl::server_name www.eclipse.org
acl ssl_aliyun_mirrors ssl::server_name opsx.alibaba.com
acl http_acl_part_1_of_3 dstdomain www.squid-cache.org
acl http_acl_part_2_of_3 url_regex /Doc/config/acl/
acl http_acl_part_3_of_3 method GET
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow http_ifconfig # TO BE REMOVED
http_access allow http_163_mirrors
http_access allow http_aliyun_mirrors
http_access allow http_aliyun_mirrors-1
http_access allow ssl_pypi_org
http_access allow ssl_file_org
http_access allow ssl_eclipse_org
http_access allow ssl_aliyun_mirrors
http_access allow http_archive_com
http_access allow ssl_ubuntu_mirrors_aliyun
http_access deny http_abc_xurl
http_access deny CONNECT ssl_ubuntu_mirrors_aliyun
http_access allow http_acl_part_1_of_3 http_acl_part_2_of_3 http_acl_part_3_of_3 # TO BE REMOVED
http_access deny http_acl_part_1_of_3 # TO BE REMOVED
http_access deny all
http_port 3128
coredump_dir /usr/local/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

 

注意事项:

1.先设定acl,再添加是否允许的策略。

2.多个域名使用空格分开

3.代理的IP地址如果有端口,先设置acl的授信端口,然后再acl设置授信IP或者域名,最后设置allow,或者deny的策略。

4.客户端配置代理的时间可以填写不需要代理的IP或者网段,不使用代理。

5.客户端配置参考:

.windows环境代理配置,参考百度链接。

https://jingyan.baidu.com/article/84b4f565a60b4560f6da3223.html

 

.Linux环境代理配置

1.命令执行代理需求:

export http_proxy=http://proxy.abc.com:3128

export https_proxy=http://proxy.abc.com:3128

source ~/.bashrc

2.yum源更新需求配置

echo proxy=http://proxy.abc.com:3128 >> /etc/yum.conf

 

posted @ 2019-05-15 12:19  grape_lee  阅读(97)  评论(0编辑  收藏  举报