Squid from the scratch: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
(25 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=Installation=
+
*[[Squid Grundlagen]]
*apt-get install squid
+
*[[Squid Anbindungen]]
=Konfiguration=
+
*[[Proxy Konzepte]]
*cd /etc/squid
+
*[[Squid erste Schritte]]
*mv squid.conf squid.conf.org
+
*[[Squid handling]]
=Reduzieren auf das notwendige=
+
*[[Squid ACL Basic]]
*grep "^[^#]" squid.conf.org  > squid.conf
+
*[[Squid acl types]]
=Die Konfigurationsdatei=
+
*[[Squid Logging]]
cat /etc/squid/squid.conf
+
*[[Squid Authentifizierung]]
<pre>
+
*[[Squid zeitliche Beschränkung]]
#Accesslisten
+
*[[Squid https aufbrechen]]
acl SSL_ports port 443
+
*[[Squid und ClamAV]]
acl Safe_ports port 80          # http
+
*[[Iptables mit Squid Transparenter Proxy]]
acl Safe_ports port 21          # ftp
+
*[[Proxy Pac]]
acl Safe_ports port 443        # https
+
*[[Proxy auf Linux Console]]
acl Safe_ports port 70          # gopher
 
acl Safe_ports port 210        # wais
 
acl Safe_ports port 1025-65535  # unregistered ports
 
acl Safe_ports port 280        # http-mgmt
 
acl Safe_ports port 488        # gss-http
 
acl Safe_ports port 591        # filemaker
 
acl Safe_ports port 777        # multiling http
 
acl CONNECT method CONNECT
 
 
 
#HTTP Access
 
http_access deny !Safe_ports
 
http_access deny CONNECT !SSL_ports
 
http_access allow localhost manager
 
http_access deny manager
 
http_access allow localhost
 
http_access deny all
 
 
 
#Port
 
http_port 3128
 
 
 
#Wenn Squid abstürtz wird hier ein Abbild hingeschrieben
 
coredump_dir /var/spool/squid
 
 
 
#Caching Verhalten
 
refresh_pattern ^ftp:          1440    20%    10080
 
refresh_pattern ^gopher:        1440    0%      1440
 
refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
 
refresh_pattern (Release|Packages(.gz)*)$      0      20%    2880
 
refresh_pattern .              0      20%    4320
 
</pre>
 
=Lan und DMZ freischalten=
 
==acl bilden==
 
acl lan src 172.16.150.0/24
 
acl dmz src  10.40.115.0/24
 
 
 
==acl anwenden(Reihenfolge ist entscheidend)==
 
http_access allow lan
 
http_access allow dmz
 
=Squid handling=
 
==Squid stop==
 
*systemctl stop squid
 
==Squid start==
 
*systemctl start squid
 
==Squid restart==
 
*systemctl restart squid
 
==Squid reload==
 
*systemctl reload squid
 
 
 
==Squid status==
 
*systemctl status squid
 
==Squidport checken==
 
*netstat -ltnp | grep 3128
 
tcp6      0      0 :::3128                :::*                   LISTEN      4396/(squid-1)
 
==Squidprozesse checken==
 
*ps -elf | grep squid
 
<pre>
 
0 S root      3010  2361  0  80  0 - 14458 poll_s 11:34 pts/1    00:00:00 vim squid.conf
 
1 S root      4394    1  0  80  0 - 27319 wait  15:18 ?        00:00:00 /usr/sbin/squid -YC -f /etc/squid/squid.conf
 
4 S proxy    4396  4394  0  80  0 - 37351 ep_pol 15:18 ?        00:00:00 (squid-1) -YC -f /etc/squid/squid.conf
 
4 S proxy    4397  4396  0  80  0 -  3320 unix_s 15:18 ?        00:00:00 (logfile-daemon) /var/log/squid/access.log
 
</pre>
 
=Webseite einschränken=
 
==Acl bilden==
 
acl facebook url_regex -i facebook
 
 
 
==Acl anwenden==
 
http_access deny facebook
 
 
 
=Logs checken=
 
*tail -f /var/log/squid/access.log
 
1490008947.188      2 192.168.244.144 TCP_MISS/503 4447 GET http://detectportal.firefox.com/success.txt - HIER_NONE/- text/html
 
=Blacklist erstellen=
 
==http-liste erstellen==
 
<pre>
 
vi /etc/squid/bad-sites.list
 
</pre>
 
==http-seiten hinzufügen==
 
<pre>
 
facebook.com
 
pr0gramm.com
 
</pre>
 
==erstellen der acl==
 
<pre>
 
acl bad-sites  url_regex -i "/etc/squid/bad-sites.list"
 
</pre>
 
==erstellen der http_access==
 
<pre>
 
http_access deny bad-sites
 
</pre>
 

Aktuelle Version vom 7. August 2023, 21:43 Uhr

Abgerufen von „https://xinux.net/index.php?title=Squid_from_the_scratch&oldid=48489