最近在公司搭建了squid代理服务器,由于时间原因只将配置文件写出来,自己研究下,很实用的。有需要的朋友可以研究下。
# NETWORK OPTIONS
#Default:
http_port 192.168.1.222:8080 transparent? //开启透明代理 在客户端把网关改成这个就可以了
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on

#Default:
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 60 MB
cache_swap_low 70
cache_swap_high 85

maximum_object_size??32768 KB

maximum_object_size_in_memory??512 KB

cache_dir ufs /var/spool/squid 1000 16 256

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:???????1440????20%?10080
refresh_pattern ^gopher:????1440????0%??1440
refresh_pattern .???????0???20%?4320

dns_nameservers 202.106.0.20

# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0? //允许使用代理的网段
#acl mycents src 192.168.1.20-192.168.1.254/24
#####baddomain######

#acl sex_domain dst "/etc/squid/acl/sex_domain"
#acl Government_domain dst "/etc/squid/acl/Government_domain"
#acl game_domain dst "/etc/squid/acl/game_domain"
#acl money_domain dst "/etc/squid/acl/money_domain"
#acl webmail_domain dst "/etc/squid/acl/webmail_domain"
#acl chat_domain dst "/etc/squid/acl/chat_domain"
#acl badmailIP dst "/etc/squid/acl/mailIP"
acl badqqip dst "/etc/squid/acl/qqip"? //拒绝qqip的acl规则 被拒绝的qq ip放在/etc/squid/acl/qqip中

acl qq_domains dst "/etc/squid/acl/qq_dom"? //拒绝访问qq 域 被拒绝的qq域放在/etc/squid/acl/qq_dom中?
#####################################
#

#acl sex_r url_regex -i \sex
#acl stock url_regex -i stock
#acl chat url_regex -i chat
acl qq url_regex -i qq
acl qq url_regex -i tencent
#acl game url_regex -i game
#
#acl badurl urlpath_regex -i \.mp3 $\.avi $\.mp4
###acl manager proto cache_object
###acl localhost src 127.0.0.1/255.255.255.255

#acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563
acl Safe_ports port 80??????# http
acl Safe_ports port 21??????# ftp
acl Safe_ports port 22??????????# ftp
acl Safe_ports port 443 563?# https, snews
acl Safe_ports port 70??????# gopher
acl Safe_ports port 210?????# wais
acl Safe_ports port 1025-65535??# unregistered ports
acl Safe_ports port 280?????# http-mgmt
acl Safe_ports port 488?????# gss-http
acl Safe_ports port 591?????# filemaker
acl Safe_ports port 777?????# multiling http?
acl CONNECT method CONNECT
#########bad web---------

#http_access deny sex_domain
#http_access deny Government_domain
#http_access deny game_domain?
#http_access deny money_domain
#http_access deny webmail_domain
#http_access deny chat_domain
#http_access deny badmailIP
http_access deny badqqip??? //执行拒绝acl
http_access deny qq_domains
######

#http_access deny sex_r
#http_access deny stock
#http_access deny badurl
#http_access deny chat
http_access deny qq
#http_access deny game

####
icp_access allow all
#http_access allow mycents
#http_access allow all
http_access allow all
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

#http_access allow localhost
#http_access deny manager
# Deny requests to unknown ports

#http_access allow Safe_ports
#http_access allow SSL_ports

# Deny CONNECT to other than SSL ports
#http_access deny CONNECT !SSL_ports

?附件有配置文件


二、反向代理

?? 1、配置
????? http_port? 80? vhost vport? 访问端口,启用加速模式,支持虚拟主机,端口
????? http_access allow all? 权限控制??????????
????? #cache_peer hostname??? type?? http-port icp-port???????? [options]
????? cache_peer 127.0.0.1?? parent????? 8080??? 0????????????? originserver????????????????? no-query
???????????????? 原站服务器??????????????????? 缓存协议????? 指定原站,真正的web服务器?????? 不接受icp协议
????? 如果访问的是www的就从到10.0.0.190的80读取数据
????? cache_peer 10.0.0.190 parent 80 0 no-query originserver name=www
????? cache_peer 10.0.0.247 parent 80 0 no-query originserver name=bbs
????? cache_peer 10.0.0.233 parent 80 0 no-query originserver name=blog
????? cache_peer_domain www www.sina.com.cn
????? cache_peer_domain bbs bbs.sina.com.cn
????? cache_peer_domain blog blog.sina.com.cn
????? cache_peer_access www allow all
????? cache_peer_access bbs allow all
????? cache_peer_access blog allow all