변군이글루

[리눅스] Proxy 서버 구축(squid) 본문

서___리눅스

[리눅스] Proxy 서버 구축(squid)

변군 변군이글루 2017.05.26 15:40

1. 설치
# yum install squid

 

설정 파일 구성
/etc/squid/squid.conf
/var/log/squid/cache.log
/var/log/squid/access.log

 

2. 설정 파일(squid.conf)
# vi /etc/squid/squid.conf
---
### Access Control List
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

 

### Deny requests to certain unsafe ports
http_access deny !Safe_ports

 

### Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

 

### Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

 

### Example rule allowing access from your local networks.
### Adapt localnet in the ACL section to list your (internal) IP networks
### from where browsing should be allowed
http_access allow localnet
http_access allow localhost

 

### And finally deny all other access to this proxy
http_access deny all

 

### Squid normally listens to port 3128
http_port 3128

 

### Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_access_log /var/log/squid/access.log

cache_store_log /var/log/squid/store.log

 

### Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

 

### Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
---

 

3. 데몬 기동
# systemctl squid start
# systemctl squid stop
# squid -z

 

0 Comments
댓글쓰기 폼