Squid agent service deployment

1、squid Service description for

Master profile ： /etc/squid.conf
Check grammar ： squid -k parse
initialization ： squid -z
Start the service ： squid
Reload service ： squid -k reconfigure
Port number ： tcp 3128
Check the port ： netstat -anpt | grep squid
Use the internal server to pass squid Proxy access external web The server

 2、 install squid service

There are three Linux, Inside linux You need to configure the default gateway , external linux web There is no need to configure the default gateway ifconfig View NIC
 

(1) Inside Linux To configure ip

vim /etc/sysconfig/network-scripts/ifcfg-ens33
    （ add to ）

IPADDR=192.168.1.20
GATEWAY=192.168.1.1
 
systemctl restart network
       
route -n Check out the gateway 

（2）Linux squid The server

ifconfig   View NIC 

vim /etc/sysconfig/network-scripts/ifcfg-ens33

（ add to ）
IPADDR=192.168.1.1

cd /etc/sysconfig/network-scripts/

cp ifcfg-ens33  ifcfg-ens37



vim ifcfg-ens37
    （ modify ）
NAME=ens37
DEVICE=ens37
IPADDR=200.0.0.1



systemctl restart network

        （3） external Linux web The server

vim /etc/sysconfig/network-scripts/ifcfg-ens33

（ add to ）
IPADDR=200.0.0.10


systemctl restart network

3、web Server installation  

        （1） install yum service
 

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/test.repo
    （ add to ）

[aaa]
name=aaa
baseurl=file:///media
gpgcheck=0

        （2） Install and test  web

Insert 1611 Compact disc

yum -y install httpd        （ install http）


echo 1234 > /var/www/html/index.html        （ Create a test web page ）


systemctl  start  httpd
systemctl  enable  httpd

Use internal Linux visit web, Failed to access for

4、 Installation and operation control squid

        （1） Compilation and installation squid
Insert squid Compact disc

tar zxf squid-3.5.23.tar.gz -C /usr/src/

cd /usr/src/squid-3.5.23/

./configure  --prefix=/usr/local/squid  --sysconfdir=/etc  --enable-linux-netfilter  --enable-async-io=240  --enable-default-err-language=Simplify_Chinese  --disable-poll   --enable-epoll  --enable-gnuregex


make && make install

        （2） Create link file 、 Create users and groups

ln -s /usr/local/squid/sbin/* /usr/local/sbin/

useradd -M -s /sbin/nologin squid 

chown -R squid:squid  /usr/local/squid/var/

        （3）squid Configuration file for

vim /etc/squid.conf

（ add to ）

cache_effective_user squid
cache_effective_group squid        ( Appoint squid Program users , Used to set initialization , Run time cached account )

squid -k parse                     （ Check that the configuration file syntax is correct ）

        （4）squid The operation control of

squid -z                    （ Initialize cache directory ）

squid                       （ start-up squid service ）

squid -k reconfigure        （ Restart squid service ）

netstat -anpt | grep "squid"

5、 Traditional agency

        （5） Inside Linux Access to the agent
Open Firefox → Preferences → senior → The Internet → Set up → Specify the proxy server ip,

  Direct access web The server ip200.0.0.10, Show 1234 The successful

        （6）  Limit download file size

squid Configuration on the server

vim /etc/squid.conf

（ add to ）

reply_body_max_size 10 MB      （ The allowed download file size is 10MB）

squid -k reconfigure           （ Restart the service ）

stay web Settings on the server
 

cat  /dev/zero   >  /var/www/html/000        （ Generate a large file ）

ll -hd /var/www/html/000                     （ View size ）      

In the internal Linux visit webIP Address , It will prompt that the file is too large , cannot access ,

6、 Transparent proxy  

         （1） see squid New record of access log

tail -f /usr/local/squid/var/logs/access.log   （ stay squid Check... On the server ）

        （2） see web  New record of access log

tail -f /var/log/httpd/access_log            （ stay web Check... On the server ）

        （3） To configure squid Support transparent agent

vim /etc/squid.conf
（ Add ）

http_port 192.168.1.1:3128 transparent        （ Add support for transparent proxy ）

squid -k reconfigure        

        （4） Turn on route forwarding

vim /etc/sysctl.conf

（ add to ）
net.ipv4.ip_forward = 1 

sysctl -p

        （5） Set up firewalld Redirection policy
The firewall does port forwarding , Will access this machine 80, 443 Port requests forwarded to 3128 port .
 

systemctl start firewalld        （ Turn on the firewall ）

firewall-cmd --zone=external --add-interface=ens33

firewall-cmd --zone=internal --add-interface=ens37

firewall-cmd --zone=external --add-service=http

firewall-cmd --zone=external --add-service=https

firewall-cmd --zone=external --add-port=3128/tcp

firewall-cmd --direct --add-rule  ipv4  nat   PREROUTING 0 -i ens33  -p  tcp  --dport  80  -j  REDIRECT  --to-ports 3128

firewall-cmd --direct --add-rule  ipv4  nat   PREROUTING 0 -i ens33  -p  tcp  --dport  443  -j  REDIRECT  --to-ports 3128


firewall-cmd --runtime-to-permanent

Inside Linux Client access web The server can （ The browser does not need any configuration ）

7、ACL Access control

 192.168.1.0、24 The network segment is from Monday to Friday 9:00--17:00 You can use a proxy to surf the Internet

vim /etc/squid.conf

#acl localnet src 192.168.0.0/16   （ Comment out ）

acl MYLAN src 192.168.1.0/24        （ add to ）
acl WORKTIME time MTWHF 9:00-17:00
http_access allow MYLAN WORKTIME    （ The application rule must be placed on rejecting all http_access deny all  Before ）


squid -k reconfigure  

Modify the date and time test

date -s  year - month - Japan     （ modification date ）

date -s  when : branch        （ Modification time ）

 8、squid Log analysis

squid Server insert 1611 Mirror image

        （1） install yum

        （2） install GD Kuhe http

yum -y install gd gd-devel httpd

systemctl start httpd
systemctl enable httpd

        （3） install SARG
Insert squid Compact disc

mkdir  /usr/local/sarg

tar zxf sarg-2.3.7.tar.gz -C /usr/src/  

cd /usr/src/sarg-2.3.7/

./configure --prefix=/usr/local/sarg --sysconfdir=/etc/sarg  --enable-extraprotection && make && make install

        （4） To configure

vim /etc/sarg/sarg.conf 

    （ Remove below # notes ）
access_log /usr/local/squid/var/logs/access.log        

title "Squid User Access Reports"

output_dir /var/www/html/sarg        （ Modify the path ）

www_document_root /var/www/html

        （5） function

touch /usr/local/sarg/noreport

ln -s /usr/local/sarg/bin/sarg  /usr/local/bin/

sarg

         （6） View the log report
squid visit ：squid The server IP/sarg