ubuntu8.04 server +squid3做代理服务器（实用）

目标：代理公司所有用户上INTERNET，分三类用户，一类高级用户，不分时段，不受限访问的站点；第二类为普通的用户，只能在工作时间访问，且有站点限制，如不能访开心网等；第三类用户，在普通用户受限的基础的上，只能访问公司规定的站点，其余站点都不能访问。

#------------------ proxy  server --------------

#2010-5-10 

#----------------- acl ---------------------------------

acl fann_network src 192.168.0.0/24

acl work_hours time MTWHFAS 07:30-20:30

#               S - Sunday

#               M - Monday

#               T - Tuesday

#               W - Wednesday

#               H - Thursday

#               F - Friday

#               A - Saturday

acl deny_website dstdomain "/usr/lib/squid3/deny_website"

acl allow_website dstdomain "/usr/lib/squid3/allow_website"

#deny_website ,allow_website 分别是要禁止和允许访问的站点

auth_param basic program /usr/lib/squid3/ncsa_auth /usr/lib/squid3/fann_users

#fann_users为公司用户的认证文件，用htpasswd创建

acl normal proxy_auth normal 

acl advanced proxy_auth manager

acl user proxy_auth user

#三类用户分别为manager,nolmal,user

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 

acl Safe_ports port 80        

# http 

acl Safe_ports port 21        

# ftp 

acl Safe_ports port 443        

# https 

acl Safe_ports port 70        

# gopher 

acl Safe_ports port 210        

# wais 

acl Safe_ports port 1025-65535    

# unregistered ports 

acl Safe_ports port 280        

# http-mgmt 

acl Safe_ports port 488        

# gss-http 

acl Safe_ports port 591   

# filemaker 

acl Safe_ports port 777        

# multiling http 

acl CONNECT method CONNECT

#------------------------------- http_access ------------------

http_access allow advanced

http_access deny !work_hours

http_access deny deny_website

http_access allow normal

http_access deny !allow_website

http_access allow user

http_access allow fann_network

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all

icp_access deny all

htcp_access deny all

#------------------------------- server -------------------------

http_port 192.168.0.15:808

dns_nameservers 202.96.209.5 202.96.209.133

cache_dir ufs /var/spool/squid3 204800 16 256

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid3/access.log  squid 

cache_log /var/log/squid3/cache.log

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY 

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern .        0    20%    4320

icp_port 3130 

coredump_dir /var/spool/squid3

*：建起来很比较容易的，难的是如何维护！

本文转自xcjgutong 51CTO博客，原文链接:http://blog.51cto.com/xuchengji/314059