很實用的squid代理伺服器

最近在公司搭建了squid代理伺服器，由于時間原因隻将配置檔案寫出來，自己研究下，很實用的。有需要的朋友可以研究下。

# NETWORK OPTIONS

#Default:

http_port 192.168.1.222:8080 transparent  //開啟透明代理 在用戶端把網關改成這個就可以了

#httpd_accel_host virtual

#httpd_accel_port 80

#httpd_accel_with_proxy on

#httpd_accel_uses_host_header on

icp_port 3130

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

cache_mem 60 MB

cache_swap_low 70

cache_swap_high 85

maximum_object_size  32768 KB

maximum_object_size_in_memory  512 KB

cache_dir ufs /var/spool/squid 1000 16 256

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:       1440    20% 10080

refresh_pattern ^gopher:    1440    0%  1440

refresh_pattern .       0   20% 4320

dns_nameservers 202.106.0.20

# ACCESS CONTROLS

acl all src 0.0.0.0/0.0.0.0  //允許使用代理的網段

#acl mycents src 192.168.1.20-192.168.1.254/24

#####baddomain######

#acl sex_domain dst "/etc/squid/acl/sex_domain"

#acl Government_domain dst "/etc/squid/acl/Government_domain"

#acl game_domain dst "/etc/squid/acl/game_domain"

#acl money_domain dst "/etc/squid/acl/money_domain"

#acl webmail_domain dst "/etc/squid/acl/webmail_domain"

#acl chat_domain dst "/etc/squid/acl/chat_domain"

#acl badmailIP dst "/etc/squid/acl/mailIP"

acl badqqip dst "/etc/squid/acl/qqip"  //拒絕qqip的acl規則 被拒絕的qq ip放在/etc/squid/acl/qqip中

acl qq_domains dst "/etc/squid/acl/qq_dom"  //拒絕通路qq 域 被拒絕的qq域放在/etc/squid/acl/qq_dom中 

#####################################

#

#acl sex_r url_regex -i \sex

#acl stock url_regex -i stock

#acl chat url_regex -i chat

acl qq url_regex -i qq

acl qq url_regex -i tencent

#acl game url_regex -i game

#acl badurl urlpath_regex -i \.mp3 $\.avi $\.mp4

###acl manager proto cache_object

###acl localhost src 127.0.0.1/255.255.255.255

#acl manager proto cache_object

#acl localhost src 127.0.0.1/255.255.255.255

#acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80      # http

acl Safe_ports port 21      # ftp

acl Safe_ports port 22          # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70      # gopher

acl Safe_ports port 210     # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280     # http-mgmt

acl Safe_ports port 488     # gss-http

acl Safe_ports port 591     # filemaker

acl Safe_ports port 777     # multiling http 

acl CONNECT method CONNECT

#########bad web---------

#http_access deny sex_domain

#http_access deny Government_domain

#http_access deny game_domain 

#http_access deny money_domain

#http_access deny webmail_domain

#http_access deny chat_domain

#http_access deny badmailIP

http_access deny badqqip    //執行拒絕acl

http_access deny qq_domains

######

#http_access deny sex_r

#http_access deny stock

#http_access deny badurl

#http_access deny chat

http_access deny qq

#http_access deny game

####

icp_access allow all

#http_access allow mycents

#http_access allow all

http_access allow all

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

#http_access allow localhost

#http_access deny manager

# Deny requests to unknown ports

#http_access allow Safe_ports

#http_access allow SSL_ports

#http_access deny CONNECT !SSL_ports

 附件有配置檔案

二、反向代理

   1、配置

      http_port  80  vhost vport  通路端口,啟用加速模式，支援虛拟主機，端口

      http_access allow all  權限控制          

      #cache_peer hostname    type   http-port icp-port         [options]

      cache_peer 127.0.0.1   parent      8080    0              originserver                  no-query

                 原站伺服器                    緩存協定      指定原站，真正的web伺服器       不接受icp協定

      如果通路的是www的就從到10.0.0.190的80讀取資料

      cache_peer 10.0.0.190 parent 80 0 no-query originserver name=www

      cache_peer 10.0.0.247 parent 80 0 no-query originserver name=bbs

      cache_peer 10.0.0.233 parent 80 0 no-query originserver name=blog

      cache_peer_domain www www.sina.com.cn

      cache_peer_domain bbs bbs.sina.com.cn

      cache_peer_domain blog blog.sina.com.cn

      cache_peer_access www allow all

      cache_peer_access bbs allow all

      cache_peer_access blog allow all

<a href="http://down.51cto.com/data/2357835" target="_blank">附件：http://down.51cto.com/data/2357835</a>

本文轉自zhaoyun00 51CTO部落格，原文連結:http://blog.51cto.com/zhaoyun/530642