利用squid配置代理服务器-Fedora 19

我的系统： x86_64位Feodra 18

# yum install squid

不需要用户名密码认证的配置方式

edit /etc/squid/squid.conf

#

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 172.16.16.0/24 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

http_port 8888

# We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

重启squid

# service squid restart

输入proxy的IP和端口号8888即可利用该proxy上网

需要用户名密码认证

edit /etc/squid/squid.conf，注意粗体部分

edit /etc/squid/squid.confhttp_access allow localhost

http_port 8888

cache deny all

hierarchy_stoplist cgi-bin ?

access_log none

cache_store_log none

cache_log /dev/null

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443

acl SSL_ports port 5656 # SolusVM SSL

acl Safe_ports port 5353 # SolusVM without SSL

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd



auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

http_access allow password

http_access deny all

forwarded_for off

request_header_access Allow allow all

request_header_access Authorization allow all

request_header_access WWW-Authenticate allow all

request_header_access Proxy-Authorization allow all

request_header_access Proxy-Authenticate allow all

request_header_access Cache-Control allow all

request_header_access Content-Encoding allow all

request_header_access Content-Length allow all

request_header_access Content-Type allow all

request_header_access Date allow all

request_header_access Expires allow all

request_header_access Host allow all

request_header_access If-Modified-Since allow all

request_header_access Last-Modified allow all

request_header_access Location allow all

request_header_access Pragma allow all

request_header_access Accept allow all

request_header_access Accept-Charset allow all

request_header_access Accept-Encoding allow all

request_header_access Accept-Language allow all

request_header_access Content-Language allow all

request_header_access Mime-Version allow all

request_header_access Retry-After allow all

request_header_access Title allow all

request_header_access Connection allow all

request_header_access Proxy-Connection allow all

request_header_access User-Agent allow all

request_header_access Cookie allow all

request_header_access All deny all

# htpasswd -c /etc/squid/passwd test

New password: mypass

Re-type new password:mypass

# service squid restart

然后在浏览器上设置代理服务器的IP和端口号（8888），输入网址，应该弹出一个页面让输入代理用户名和密码，输入你设定的用户名(test)和密码（password）。

参考：

http://freevps.us/thread-9926.html

巴特西

利用squid配置代理服务器-Fedora 19

最新文章

热门文章