Squid 反向代理服务器

最新推荐文章于 2025-06-10 08:32:56 发布

转载最新推荐文章于 2025-06-10 08:32:56 发布 · 933 阅读

Linux 专栏收录该内容

101 篇文章

订阅专栏

本文详细介绍Squid代理服务器的安装与配置过程，包括ACL设置、端口管理、缓存策略及日志记录等核心内容，并提供了清除缓存的方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

操作系统：CentOS Linux release 7.3.1611 (Core)

安装：yum install squid
编辑配置文件：vim /etc/squid/squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access allow localnet

http_access allow localhost

http_port 80 accel vhost

http_access allow all

visible_hostname bgpServer1

cache_mgr cjw001@uid5a.com

coredump_dir /var/spool/squid

cache_dir ufs /var/spool/squid 100 16 256

cache_mem 256 MB　
//额外提供给squid使用的内存，squid的内存总占用为 X * 10+15+“cache_mem”，其中X为squid的cache占用的容量（以GB为单位），

cache_swap_low 50

cache_swap_high 80

maximum_object_size_in_memory 3 MB

memory_replacement_policy lru

minimum_object_size 0 KB //设置squid磁盘缓存最小文件

maximum_object_size 30 MB 　//设置squid磁盘缓存最大文件，超过4M的文件不保存到硬盘

cache_peer 10.250.0.191 parent 31060 0 no-query originserver name=www_uid5a_cn

cache_peer_domain www_uid5a_cn www.uid5a.cn

cache_peer_access www_uid5a_cn allow all

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

#refresh_pattern . 0 20% 4320

refresh_pattern -i \.gif$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.jpg$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.png$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.css$ 10 50% 60 reload-into-ims

refresh_pattern -i \.js$ 10 50% 60 reload-into-ims

refresh_pattern -i \.xml$ 10 50% 30 reload-into-ims

/usr/sbin/squid -z

/usr/sbin/squid -s

squid -v

在squid设置有日志格式设置
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
参数解释如下
Field name syntax keys:
{} modifier or argument. Also used to specify header names
> request (client) 客户请求
< reply (server) 服务端回应
a address 访问用户ip地址
A address name 访问用户电脑名称
h all headers 浏览器头信息
i ident
p port 端口
r request line (no query)
t time 访问时间
u user
l local address/port (where request was accepted)
不记图片类访问日志设置
acl nolog urlpath_regex \\.gif \\.jpg \\.css \\.js \\.swf
access_log /data/squid/var/logs/access.log common !nolog

squid不缓存指定url和网站

acl sina dstdomain www.sina.com.cn /* 首先用ａｃｌ定义不想ｃａｃｈｅ的地址*/
no_cache deny sina /*然后用no_cache设置*/

或者
acl yoursite urlpath_regex www/.yoursite/.com
no_cache deny yoursite
另一个方法
一般不缓存根就可以，如常见的Discuz!论坛，只要不缓存
bbs.linuxtone.org 这样的形式的URL就可以。
如下参考：
#deny cache
hierarchy_stoplist cgi-bin ? /.php
acl QUERY urlpath_regex cgi-bin/? /.php /.css
acl DIRECT url_regex -i ^http:////bbs/.linuxtone/.org//$
acl DIRECT url_regex -i ^http:////bbs/.linuxtone/.org//.*$
acl DIRECT url_regex -i ^http:////bbs/.linuxtone/.org//index/.html$
cache deny QUERY
cache deny DIRECT

SQUID更新某个缓存 vim /usr/sbin/clear_squid_cache.sh

#!/bin/sh
squidcache_path="/var/squid/cache"
squidclient_path="/usr/bin/squidclient"
/usr/sbin/clear_squid_cache.sh
#!/bin/sh
squidcache_path="/var/squid/cache"
squidclient_path="/usr/bin/squidclient"
grep -a -r $1 $squidcache_path/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}' > cache_list.txt
for url in `cat cache_list.txt`; do
$squidclient_path -m PURGE -p 80 $url
done

更新指定缓存URL。
/usr/sbin/squidclientCache.sh http://w.1x1u.cn/wx/user/pv?from_url=wx/user/pv

设置：
squidcache_path= 表示squid缓存目录的路径
squidclient_path= 表示squidclient程序所在的路径，默认为squid安装目录下的bin/squidclient
用法：
1、清除URL中包含sina.com.cn的所有缓存：
./clear_squid_cache.sh sina.com.cn
2、清除所有Flash缓存（扩展名.swf）：
./clear_squid_cache.sh swf
3、清除文件名为zhangyan.jpg的所有缓存：
./clear_squid_cache.sh zhangyan.jpg

直接用命令清除一个图片的缓存
/usr/sbin/squidclient -m PURGE -p 3338 http://www.uid5a.cn/24.jpg ;
清除指定url的缓存

squidclient -h 127.0.0.1 -p 5006 -m PURGE http://127.0.0.1:5006/

用squid的PURGE清除缓存
只允许本地PUGRE，清楚缓存
PUGRE是一种有点危险的http请求
squid.conf中加配置如下:

acl AdminBoxes src 127.0.0.1
acl Purge method PURGE
http_access allow AdminBoxes Purge
http_access deny Purge

squidclient -h xx.xx.xx.xx -p 80 -U xxx@gmail.com -W password -m PURGE http://img1.sss.com/js/s_code.js
放在脚本clear_squid_cache.sh中调用:
#!/bin/sh
squidcache_path="/opt/xx/squid/var/cache"
squidclient_path="/opt/xx/squid/bin/squidclient"
grep -a -r $1 $squidcache_path/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'>cache_list.txt
for url in `cat cache_list.txt`; do
$squidclient_path -p 80 -U david.chenfuwei@gmail.com -W tuniu2906 -m PURGE -p 80 $url
done

批量清除Cache的工具:

http://www.wa.apana.org.au/~dean/squidpurge/

wget http://www.wa.apana.org.au/~dean ... 20040201-src.tar.gz
tar zxvf purge-20040201-src.tar.gz
cd purge
make

清除Squid缓存示例：
　　1、清除 URL 以“.mp3”结尾的缓存文件（例如 http://www.uid5a.com/uid.mp3、http://www.uid5a.com/a.mp3）

./purge -p localhost:80 -P 1 -se '\.mp3$'

　　2、清除URL中包含s135.com的所有缓存：

./purge -p localhost:80 -P 1 -se 's135.com'

　　我喜欢将程序推到后台去执行，让它慢慢地去清Squid缓存，同时将输出内容记录到purge.log文件：

./purge -p localhost:80 -P 1 -se 's135.com' > purge.log 2>&1 &