一)在/usr/local/squid/etc/squid.conf(具體位置要看編譯時的prefix參數),注意和cache manager相關的行:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
# TAG: cachemgr_passwd
# Specify passwords for cachemgr operations.
# Usage: cachemgr_passwd password action action ...
# Some valid actions are (see cache manager menu for a full list):
# 5min
# 60min
# asndb
# authenticator
# cbdata
# client_list
# comm_incoming
# config *
# counters
# delay
# digest_stats
# dns
# events
# filedescriptors
# fqdncache
# histograms
# http_headers
# info
# io
# ipcache
# mem
# menu
# netdb
# non_peers
# objects
# offline_toggle *
# pconn
# peer_select
# redirector
# refresh
# server_list
# shutdown *
# store_digest
# storedir
# utilization
# via_headers
# vm_objects
# * Indicates actions which will not be performed without a
# valid password, others can be performed if not listed here.
# To disable an action, set the password to "disable".
# To allow performing an action without a password, set the
# password to "none".
# Use the keyword "all" to set the same password for all actions.
#Example:
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
#Default:
# none
我們需要在acl指令、http_access指令和cachemgr_passwd指令都添加相關的參數。
起作用的是以下的指令:
# 允許本地使用者清除緩存
acl Purge method PURGE
http_access allow Purge localhost
http_access deny Purge
# 對于檢視配置,關閉Squid等這類重要操作禁用掉
cachemgr_passwd disable config shutdown authenticator offline_toggle
# 對于不大查詢的操作使用不使用密碼
cachemgr_passwd none info stats/objects
# 對于其它操作密碼保護
# cachemgr_passwd secretP all
二)檢驗我們的配置
通路不需要密碼的項:
squidclient -p80 cache_object://localhost/info
或者
squidclient -p80 -h localhost mgr:info
通路需要密碼的項:
squidclient -p80 cache_object://localhost/menu@secretP
注:該指令常用來有權限通路的項
squidclient -p80 -h localhost mgr:menu@secretP
删除緩存:
squidclient -m PURGE http://url
下面是預設的權限(未做配置):
# squidclient -p80 -h www.xxx.xxx mgr:
HTTP/1.0 200 OK
Server: squid/2.6.STABLE10
Date: Sat, 26 Mar 2011 14:41:47 GMT
Content-Type: text/plain
Expires: Sat, 26 Mar 2011 14:41:47 GMT
Last-Modified: Sat, 26 Mar 2011 14:41:47 GMT
X-Cache: MISS from webcache
X-Cache-Lookup: MISS from webcache:80
Via: 1.0 webcache:80 (squid/2.6.STABLE10)
Proxy-Connection: close
mem Memory Utilization public
cbdata Callback Data Registry Contents public
events Event Queue public
squidaio_counts Async IO Function Counters public
config Current Squid Configuration hidden
ipcache IP Cache Stats and Contents public
fqdncache FQDN Cache Stats and Contents public
idns Internal DNS Statistics public
external_acl External ACL stats public
http_headers HTTP Header Statistics public
menu This Cachemanager Menu public
shutdown Shut Down the Squid Process hidden
offline_toggle Toggle offline_mode setting hidden
info General Runtime Information public
filedescriptors Process Filedescriptor Allocation public
objects All Cache Objects public
vm_objects In-Memory and In-Transit Objects public
openfd_objects Objects with Swapout files open public
pending_objects Objects being retreived from the network public
client_objects Objects being sent to clients public
io Server-side network read() size histograms public
counters Traffic and Resource Counters public
peer_select Peer Selection Algorithms public
digest_stats Cache Digest and ICP blob public
5min 5 Minute Average of Counters public
60min 60 Minute Average of Counters public
utilization Cache Utilization public
histograms Full Histogram Counts public
active_requests Client-side Active Requests public
store_digest Store Digest public
storedir Store Directory Stats public
store_check_cachable_stats storeCheckCachable() Stats public
store_io Store IO Interface Stats public
pconn Persistent Connection Utilization Histograms public
refresh Refresh Algorithm Statistics public
delay Delay Pool Levels public
forward Request Forwarding Statistics public
client_list Cache Client List public
asndb AS Number Database public
server_list Peer Cache Statistics public
即:
預設設定hidden的項為:
config shutdown offline_toggle
它的含意是,如果服務端不配置密碼,将不能被通路,預設是隐藏的。
這不同于配置為,這樣不允許用戶端通路這幾個項,通路時狀态為disable
http_access disable config shutdown offline_toggle
這也不同于被配置為hidden,這樣也不允許用戶端通路這幾個項,不過通路時狀态為protected
http_access protected config shutdown offline_toggle
三)配置允許以哪些域名和端口通路cache manager
修改/usr/local/squid/etc/squid/etc/cachemgr.conf(檔案位置依賴于我們的編譯選項)檔案
,增加Host:Port的行。
例如我的配置:
# grep ^[^#] /etc/squid/etc/cachemgr.conf
localhost:80
192.168.88.51:80
squid01.wangxiaoyu.org:80
本文轉自xiaoyuwang 51CTO部落格,原文連結:http://blog.51cto.com/wangxiaoyu/527268,如需轉載請自行聯系原作者
![Linux(Centos7版本中安裝mysql5.7 遇到的各種問題,最後由于Centos7安裝mysql5.7需要收費,安裝了 mariadb 資料庫)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)