ubuntu8.04 server +squid3做代理伺服器（實用）

目标：代理公司所有使用者上INTERNET，分三類使用者，一類進階使用者，不分時段，不受限通路的站點；第二類為普通的使用者，隻能在工作時間通路，且有站點限制，如不能訪開心網等；第三類使用者，在普通使用者受限的基礎的上，隻能通路公司規定的站點，其餘站點都不能通路。

#------------------ proxy  server --------------

#2010-5-10 

#----------------- acl ---------------------------------

acl fann_network src 192.168.0.0/24

acl work_hours time MTWHFAS 07:30-20:30

#               S - Sunday

#               M - Monday

#               T - Tuesday

#               W - Wednesday

#               H - Thursday

#               F - Friday

#               A - Saturday

acl deny_website dstdomain "/usr/lib/squid3/deny_website"

acl allow_website dstdomain "/usr/lib/squid3/allow_website"

#deny_website ,allow_website 分别是要禁止和允許通路的站點

auth_param basic program /usr/lib/squid3/ncsa_auth /usr/lib/squid3/fann_users

#fann_users為公司使用者的認證檔案，用htpasswd建立

acl normal proxy_auth normal 

acl advanced proxy_auth manager

acl user proxy_auth user

#三類使用者分别為manager,nolmal,user

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 

acl Safe_ports port 80        

# http 

acl Safe_ports port 21        

# ftp 

acl Safe_ports port 443        

# https 

acl Safe_ports port 70        

# gopher 

acl Safe_ports port 210        

# wais 

acl Safe_ports port 1025-65535    

# unregistered ports 

acl Safe_ports port 280        

# http-mgmt 

acl Safe_ports port 488        

# gss-http 

acl Safe_ports port 591   

# filemaker 

acl Safe_ports port 777        

# multiling http 

acl CONNECT method CONNECT

#------------------------------- http_access ------------------

http_access allow advanced

http_access deny !work_hours

http_access deny deny_website

http_access allow normal

http_access deny !allow_website

http_access allow user

http_access allow fann_network

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all

icp_access deny all

htcp_access deny all

#------------------------------- server -------------------------

http_port 192.168.0.15:808

dns_nameservers 202.96.209.5 202.96.209.133

cache_dir ufs /var/spool/squid3 204800 16 256

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid3/access.log  squid 

cache_log /var/log/squid3/cache.log

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY 

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern .        0    20%    4320

icp_port 3130 

coredump_dir /var/spool/squid3

*：建起來很比較容易的，難的是如何維護！

本文轉自xcjgutong 51CTO部落格，原文連結:http://blog.51cto.com/xuchengji/314059