Squid正向代理搭建

mtain 2022年09月29日 59次浏览

一、安装

1.安装squid
yum -y install squid

2.修改内核参数,打开ip转发
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

使内核参数修改生效
sysctl -p

二、配置

1. 配置访问控制

vim /etc/squid/squid.conf

# 1. 允许所有地址的访问
http_access deny all
改为
http_access allow all

# 2. 只允许指定地址访问
# src  源地址
# dst  目标地址
# srcdomain  源域名
# dstdomain  目标域名
acl allownet dst 10.0.0.0/8
acl allownet dst 192.168.0.0/16

acl allowweb dstdomain www.baidu.com
acl allowweb dstdomain .aliyun.com

http_access allow allownet
http_access allow allowweb

http_access deny all


# 代理访问端口
http_port 3128


启动squid服务

systemctl restart squid

2. 配置用户密码验证

sudo yum install httpd-tools -y


htpasswd -c /etc/squid/.squid_users [username]
New password: 
Re-type new password: 
Adding password for user [username]

查看密码文件
less /etc/squid/.squid_users
amos:$apr1$IyfTZICg$2fPImX5o14XC2KPF1kZWv/
john:$apr1$5o0XKeto$m6c5B5KK5ZAK/7A/VIgYB/


vim /etc/squid/squid.conf
添加以下几行
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users
auth_param basic children 5
auth_param basic realm Proxy Authentication Required
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl auth_users proxy_auth amos john
# 配置http_access allow auth_users,会允许访问所有的网络
http_access deny !auth_users

三、日志

 tail -f /var/log/squid/access.log