论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2012-07-26 09:41 |只看该作者 |倒序浏览

acl NotWorkRelated dstdomain
"/usr/local/squid/etc/not-work-related-sites"

acl WorkingHours time D 08:00-17:30

http_access deny !WorkingHours NotWorkRelated
刚学squid最后这句不是很明白，特别是这个！，有明白的给解释一下吧

文库|博客

ulovko

版主

论坛徽章:: 13

2楼 [报告]

发表于 2012-07-26 10:18 |只看该作者

小弟以前的笔记希望对兄弟有所帮助 ^_^
> more ~/squid/squid.txt
# Squid Web Proxy Cache (3128port)
yum install squid -y
/etc/init.d/squid restart
acl love src 192.168.0.0/255.255.255.0
http_access allow love
#1. Whitelist Control
acl whitelist src 192.168.0.12 192.168.0.1
http_access allow whitelist
http_access deny ! whitelist
acl myclients src 192.168.0.0/24
acl myclients src example.com
acl all src 0.0.0.0/0.0.0.0
acl myfriends src "/etc/squid/myfriends.lst"
http_access allow myfriends
http_access allow myclients
http_access deny all
#1.2 vim /etc/squid/myfriends.lst
192.168.0.39
192.168.0.49
192.168.0.59
#1.3 Domain Control
acl all src 0.0.0.0/0.0.0.0
http_access allow myclients
http_access deny all
#1.4 Contents Control
acl ICQ_domain dst "/etc/squid/acl/ICQ_domain"
acl sex_domain dst "/etc/squid/acl/sex_domain
acl violence_domain dst "/etc/squid/acl/violence_domain
http_access deny ICQ_domain
http_access deny sex_domain
http_access deny violence_domain
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP address)
# acl aclname myip ip-address/netmask ... (local socket IP address)
# acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation)
# acl aclname urllogin [-i] [^a-zA-Z0-9] ... # regex matching on URL login field
#1.5 Regular Expression
acl movie_site1 url_regex ^http://www.youku.com
acl movie_site2 url_regex ^http://www.tudou.com
acl movie_site3 url_regex ^http://www.ku6.com
acl games_site url_regex -i 3721
acl download_file urlpath_regex -i \.swf$ \.gif$ \.jpg$ \.png$ \.wmv$ \.exe$ \.rmvb$ \.flv$
http_access deny movie_site1
http_access deny movie_site2
http_access deny movie_site3
http_access deny games_site
http_access deny download_file
# 1.6 Boss Control
acl special_user src 192.168.0.8
http_access allow special_user
# 1.7 Time Control
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
acl admin src 192.168.0.254
acl allowed_clients src 192.168.0.0/24
acl all src 0.0.0.0/0.0.0.0
acl maintain_time time S 0:00-3:00
acl working_time time MTWHF 8:30-20:30
http_access allow admin maintain_time
http_access allow allowed_clients working_time
http_access deny all
# acl aclname port 80 70 21 ...
# acl aclname port 0-1024 ... # ranges allowed
# acl aclname myport 3128 ... # (local socket TCP port)
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# 1.8 Security Control
acl Safe_ports port 80 21 443 1025-65535
acl ftp proto FTP
acl allowed_clients src 192.168.0.0/24
acl all src 0.0.0.0/0.0.0.0
http_access allow allowed_clients
http_access deny ! Safe_ports
http_access deny ftp
http_access deny all
# 2. Transparence Proxy
# 2.1 Enable ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
# 2.2 vim /etc/squid/squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_user_host_header on
# 2.3 Firewall Configure
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE