簡(jiǎn)介

正向代理語(yǔ)義上更側(cè)重于储矩，讓代理服務(wù)器去幫忙請(qǐng)求某個(gè)網(wǎng)址。讓代理服務(wù)器去幫忙訪(fǎng)問(wèn)qq褂乍，baidu這些網(wǎng)站等持隧。
在這里有兩個(gè)特征。
1逃片、被訪(fǎng)問(wèn)的服務(wù)器（qq屡拨、baidu）只知道是代理服務(wù)器請(qǐng)求的，而不知道是你請(qǐng)求的题诵；
2洁仗、你可以明確知道你要請(qǐng)求的真實(shí)服務(wù)器（qq、baidu）
3性锭、客戶(hù)端必須在瀏覽器設(shè)置代理服務(wù)器的地址和端口赠潦。（設(shè)置之后，意思就是說(shuō)只要在這個(gè)瀏覽器上輸入的網(wǎng)址草冈，統(tǒng)統(tǒng)都丟給代理服務(wù)器去幫忙訪(fǎng)問(wèn)）

安裝

yum install -y squid

配置

vim /etc/squid/squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?
# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

這里我主要改變了以下幾行

http_access allow all
cache_dir aufs /data/cache  1024 16 256
cache_mem 512 MB
hierarchy_stoplist cgi-bin ?

將緩存的目錄改變到
/data/cache
所以我們要來(lái)創(chuàng)建/緩存目錄

mkdir -p /data/cache

chown -R squid:squid /data/cache

初始化緩存目錄

squid -z

檢測(cè)配置文件是否有語(yǔ)法錯(cuò)誤

squid -k check

squid: ERROR: No running copy

這是說(shuō) squid 還未啟動(dòng)她奥，沒(méi)有關(guān)系

service squid start

我在啟動(dòng)的時(shí)候一直出錯(cuò)無(wú)法啟動(dòng)，查看日志后發(fā)現(xiàn)

/data/cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.23): Terminated abnormally.

但是我明明已經(jīng)給squid授權(quán)了呀怎棱！
后來(lái)才發(fā)現(xiàn)自己的selinux沒(méi)有關(guān)閉

setenforce=0

vim /etc/selinux/config

selinux=disabled

再次啟動(dòng)服務(wù)哩俭，成功啟動(dòng)

測(cè)試

curl -x 127.0.0.1:3128 http://www.baidu.com -I

成功返回網(wǎng)頁(yè)，成功拳恋！

設(shè)置白名單

如果我們只想代理某幾個(gè)域名
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl good_domain dstdomain .hpe.com .hpelinux.com
http_access allow http good_domain
http_access deny http !good_domain

重啟squid
service squid restart

再次代理訪(fǎng)問(wèn)百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

不能成功返回凡资，應(yīng)該是403禁止訪(fǎng)問(wèn)

設(shè)置黑名單

道理和設(shè)置白名單相同
vim /etc/squid/squid.conf
在acl CONNECT method CONNECT下面加入

acl http proto HTTP
acl bad_domain dstdomain .sina.com .sohu.com
http_access allow http !bad_domain
http_access deny http bad_domain

重啟squid

service squid restart

再次代理訪(fǎng)問(wèn)百度

curl -x 127.0.0.1:3128 http://www.baidu.com -I

可以訪(fǎng)問(wèn)，成功返回200

代理訪(fǎng)問(wèn)新浪

curl -x 127.0.0.1:3128 http://www.sina.com -I

訪(fǎng)問(wèn)出錯(cuò)谬运，403禁止訪(fǎng)問(wèn)