要配置squid,首先要确定是否安装此软件包。如下:
[root@ts3-142 ~]# rpm -qa|grep -i squid
squid-2.6.STABLE6-3
和大多数网络服务一样,squid的配置文件也在/etc/squid下。其主要配置文件为/etc/squid/squid.conf,而其中主要的配置选项及介绍如下:
端口定义
# TAG: http_port
# Usage: port [options]
# hostname:port [options] //这里可以用ts3-142:3128
# 1.2.3.4:port [options] //这里可以用172.16.78.142:3128
#The default port number is 3128. //默认端口为3128,根据需要可以定义为8080或者80
http_port 3128
访问控制列表
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# TAG: acl
# Defining an Access List //定义访问控制列表
#
# acl aclname acltype string1 ... //访问控制列表的格式
# acl aclname acltype "file" ...
#
# when using "file", the file should contain one item per line
#
# acltype is one of the types described below
#
# By default, regular expressions are CASE-SENSITIVE. To make
# them case-insensitive, use the -i option.
#
*** IP地址访问控制列表***
# acl aclname src ip-address/netmask ... (clients IP address) //以源客户端IP地址为列表
# acl aclname src addr1-addr2/netmask ... (range of addresses) //以源IP地址范围为列表
# acl aclname dst ip-address/netmask ... (URL host's IP address) //以目的主机IP地址为列表
# acl aclname myip ip-address/netmask ... (local socket IP address) //squid主机的IP地址为myip列表
#
# acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation)
# # The arp ACL requires the special configure option --enable-arp-acl.
# # Furthermore, the arp ACL code is not portable to all operating systems.
# # It works on Linux, Solaris, FreeBSD and some other *BSD variants.
# #
# # NOTE: Squid can only determine the MAC address for clients that are on
# # the same subnet. If the client is on a different subnet, then Squid cannot
# # find out its MAC address.
#
***域名访问控制列表***
# acl aclname srcdomain .foo.com ... # reverse lookup, client IP //以域名为源列表
# acl aclname dstdomain .foo.com ... # Destination server from URL //以域名为目的列表
# acl aclname srcdom_regex [-i] xxx ... # regex matching client name //
# acl aclname dstdom_regex [-i] xxx ... # regex matching server
# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# # based URL is used and no match is found. The name "none" is used
# # if the reverse lookup fails.
#
***时间访问控制列表***
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
***其它访问控制列表***
# acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL //匹配以http://开始的列表
# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path //匹配以.gif为结尾的列表
# acl aclname urllogin [-i] [^a-zA-Z0-9] ... # regex matching on URL login field //
# acl aclname port 80 70 21 ... //端口列表
# acl aclname port 0-1024 ... # ranges allowed //端口范围列表
# acl aclname myport 3128 ... # (local socket TCP port) //squid本地端口
# acl aclname proto HTTP FTP ... //协议列表
# acl aclname method GET POST ... //访问方式列表
# acl aclname browser [-i] regexp ... //浏览器列表
访问控制
格式:http_access allow/deny aclname
典型访问控制规则如下:
http_access allow your-aclname
http_access deny all
