本文详细介绍了Squid代理服务器的配置文件squid.conf中的关键设置项,包括访问控制列表(ACL)的定义及如何通过这些列表来管理网络流量。针对内部网络的不同需求,设置了多个ACL来控制HTTP访问策略。
/etc/squid/squid.conf的相关设置:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 172.16.8.0/24 # RFC1918 possible internal network
acl localnet src 192.168.236.0/24 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl wktime1 time MTWHF 08:30-12:00
acl wktime2 time MTWHF 13:00-17:30
acl blacklist_regex url_regex "/etc/squid/blacklist_regex"
acl restlist_regex url_regex "/etc/squid/restlist_regex"
#http_access deny blacklist
http_access deny blacklist_regex
http_access deny wktime1 restlist_regex
http_access deny wktime2 restlist_regex
然后设置blacklist_regex
/etc/squid/blacklist_regex
gateway.dll
meebo
mail
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 172.16.8.0/24 # RFC1918 possible internal network
acl localnet src 192.168.236.0/24 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl wktime1 time MTWHF 08:30-12:00
acl wktime2 time MTWHF 13:00-17:30
acl blacklist_regex url_regex "/etc/squid/blacklist_regex"
acl restlist_regex url_regex "/etc/squid/restlist_regex"
#http_access deny blacklist
http_access deny blacklist_regex
http_access deny wktime1 restlist_regex
http_access deny wktime2 restlist_regex
然后设置blacklist_regex
/etc/squid/blacklist_regex
gateway.dll
meebo
扫一扫
1523
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
