squid

 

Cache:

/var/spool/squid/

Directory = Nearly Full   ===>  Permance = low

Initiailize Cache:

squid -z

 

 

Configure File:

/etc/squid.conf

 

Port:

3128 / TCP

3130 / UDP   <--- ICP

 

Proxy_authentication:

For External user

  • LDAP
  • Apache htpasswd

 

 ifconfig ethX:Y <IP_ADDRESS>

acl my_network src 192.168.1.0/255.255.255.0 *

tcp_outgoing_address <OUTGOING_IP_YOU_WANT> <ACL_NAME>

acl USER1 proxy_auth Dick
acl USER2 proxy_auth Jane
acl DAY time 06:00-18:00
http_access allow USER1 DAY
http_access deny USER1
http_access allow USER2 !DAY
http_access deny USER2


ACL elements

src: source (client) IP addresses
dst: destination (server) IP addresses
myip: the local IP address of a client's connection
arp: Ethernet (MAC) address matching
srcdomain: source (client) domain name
dstdomain: destination (server) domain name
srcdom_regex: source (client) regular expression pattern matching
dstdom_regex: destination (server) regular expression pattern matching
src_as: source (client) Autonomous System number
dst_as: destination (server) Autonomous System number
peername: name tag assigned to the cache_peer where request is expected to be sent.
time: time of day, and day of week
url_regex: URL regular expression pattern matching
urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname
port: destination (server) port number
myport: local port number that client connected to
myportname: name tag assigned to the squid listening port that client connected to
proto: transfer protocol (http, ftp, etc)
method: HTTP request method (get, post, etc)
http_status: HTTP response status (200 302 404 etc.)
browser: regular expression pattern matching on the request user-agent header
referer_regex: regular expression pattern matching on the request http-referer header
ident: string matching on the user's name
ident_regex: regular expression pattern matching on the user's name
proxy_auth: user authentication via external processes
proxy_auth_regex: regular expression pattern matching on user authentication via external processes
snmp_community: SNMP community string matching
maxconn: a limit on the maximum number of connections from a single client IP address
max_user_ip: a limit on the maximum number of IP addresses one user can login from
req_mime_type: regular expression pattern matching on the request content-type header
req_header: regular expression pattern matching on a request header content
rep_mime_type: regular expression pattern matching on the reply (downloaded content) content-type header. This is only usable in the http_reply_access directive, not http_access.
rep_header: regular expression pattern matching on a reply header content. This is only usable in the http_reply_access directive, not http_access.
external: lookup via external acl helper defined by external_acl_type
user_cert: match against attributes in a user SSL certificate
ca_cert: match against attributes a users issuing CA SSL certificate
ext_user: match on user= field returned by external acl helper defined by external_acl_type
ext_user_regex: regular expression pattern matching on user= field returned by external acl helper defined by external_acl_type

 


 

Http Header:

 

forwarded_for on 時

Proxy host/type: 1.1 Domain:3128 (squid/2.7.STABLE9), Forwarded for: 10.1.2.3

當有以下設定時

forwarded_for off

If set to "off", it will appear as

X-Forwarded-For: unknown

If set to "delete", Squid will delete the entire "X-Forwarded-For header"

If set to "truncate", Squid will remove all existing

X-Forwarded-For entries, and place the client IP as the sole entry.

 

Proxy host/type: 1.1 Domain:3128 (squid/2.7.STABLE9), 

 

再加下以下設定:

header_replace
http_header_access