关闭
Hit
enter
to search or
ESC
to close
May I Suggest ?
#leanote #leanote blog #code #hello world
柯仓无居所
Home
Archives
Tags
Search
squid 使用小疑问
? squid ?
? squid Authorization ?
? squid 请求头 ?
? squid请求丢失 ?
? squid日志格式化 ?
374
0
0
swimming
? squid ?
? squid Authorization ?
? squid 请求头 ?
? squid请求丢失 ?
? squid日志格式化 ?
### 系统环境变量 > **squid version:** Squid Cache: Version 3.1.23 > **system:** redhat6.8 Linux 2.6.32-642.el6.x86_64 #1 SMP Wed Apr 13 00:51:26 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux ### squid 环境变量配置 \## squid proxy http_proxy=x.x.x.x:3128 https_proxy=\$http_proxy ftp_proxy=\$http_proxy sftp_proxy=\$http_proxy no_proxy=www.163.com,127.0.0.1 export http_proxy https_proxy no_proxy ftp_proxy sftp_proxy SQUID 检查是否缓存,头部信息查看 curl -I https://www.baidu.com ###squid 使用小技巧 \#检验:如果没有错误消息输出,恭喜,你可以使用squid sudo squid3 -k parse \# 重新配置Squid3,使得SquidGuard可以正常工作: sudo squid3 reload sudo squid3 -k reconfigure \# 清空缓存,关闭squid3 sudo squid3 -k kill \# 初始化squid的缓存空间 sudo squid3 -z \# 显示创建交换目录 sudo squid -z \# 启动squid sudo squid \# 关闭squid代理 sudo squid -k shutdown \# 查看squid的状态: sudo squid -k check \# 重新配置Squid3,使得SquidGuard可以正常工作: sudo squid3 reload sudo squid3 -k reconfigure \# 重新启动squid sudo /usr/local/squid3/sbin/squid -k reconfigure \# 时间搓变更 cat access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e' ### squid 参考配置信息 ```bash http_port0.0.0.0:3128#使用IPV4的3128端口作为代理服务器端口 cache_dirufs/var/spool /squid31000641024#缓存目录cache_access_log/var/log/squid3 /access.log#接入的日志文件 cache_log/var/log/squid3/cache.log#缓存日志 cache_store_log/var/log/squid3/store.log#存储日志 pid_filename/var/run/squid.pid#进程ID cache_mgrnewflydd@gmail.com#随意填一个email cache_mem32MB#缓存大小 cache_swap_low90#最小交换空间 cache_swap_high95#最大交换空间 maximum_object_size4096KBmaximum_object_size_in_memory8KBauth_param basicprogram/usr/lib/squid3/ncsa_auth/etc/squid3 /squid_passwd#以上都没意思,这边是重点,使用NCSA读取加密的用户密码 aclncsa_usersproxy_authREQUIRED#代理身份使用认证模式 http_accessallowncsa_users#所有IP都可以使用代理 ``` --- ###squid 白名单规则 \#只能过滤域名 acl myclient dstdomain "/etc/squid/whtielist" src 172.16.3.133-134 实例: https://www.chengzi520.com/?p=392 \# 过滤目标域名和IP acl myclient dst "/etc/squid/whtielist" src 172.16.3.133-134 \# ACL 规则 acl myclient src IP/32 其中myclient关联后面的http_access allow myclient ###白名单列表示例: ```bash .aliyuncs.com .weixin.qq.com .ronghub.com .wx.qq.com .lifeccp.com uc.qbox.me ``` ### squid 请求头信息被过滤解决办法 [参考网站](https://maoxian.de/2016/06/1415.html) > squid.conf内添加一下内容,重新加载配置即可生效。 ```bash forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all ``` --- ###疑问之丢失访问 在使用过程中,应用发起一个请求后,超时设置了1s,发现生产环境大部分请求丢失,反映在squid的access上为,状态码均为0,使用 **squid -k debug** 开起debug模式后,在cache.log内发现dns请求有问题,随之更改squid的DNS后恢复。 总结以上使用,发现SQUID的DNS无法缓存,使用自由的DNS配置项配置,本地做了DNS缓存的【可能】需要将SQUID内的DNS地址指定为本地地址,DNS缓存**可能**生效。 --- ###squid日志人类可读化 ```shell logformat combined %>a %la %ui %un [%tl %03tu] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh %tr access_log /var/log/squid/access.log combined ```
觉得不错,点个赞?
提交评论
Sign in
to leave a comment.
No Leanote account ?
Sign up now
.
0
条评论
More...
文章目录
swimming
No Leanote account ? Sign up now.