透過Squid 代理上網的一些設定參數紀錄
1.設定ACL
2.允許http(s)協議但非標準 80 443端口(預設不允許)
3.修改Squid 服務端口
4.在日誌上增加時間欄位
1.設定ACL
Squid 設定檔案規則 http_access
預設允許 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network http_access allow localnet
如果要阻擋單一某個IP (deny 要在allow 之上)
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl test src 192.168.1.10/32 http_access deny test http_access allow localnet
對所有IP 開放訪問
acl all src 0.0.0.0/0 http_access allow all
2.允許http(s)協議但非標準 80 443端口(預設不允許)
範例是允許 http://fqdn:4443 以及 https://fqdn:4443
acl Safe_ports port 4443 acl SSL_ports port 4443
3.修改Squid 服務端口
預設Sqiud 服務端口是3128,範例修改為3000
http_port 3000
4.在日誌上增加時間欄位
logformat timereadable %tl %6tr %>a %Ss/%03Hs % access_log daemon:/var/log/squid/access.log timereadable
Facebook Comments