系统版本:CentOS6.91。安装squid并启动yum-yinstallsquid//yum方式安装chkconfig--level35squidon//在level3和5自动运行squid服务2.修改squid配置文件,修改为如下Configurevi/etc/squid/squid.conf#RecommendedminimumAccessPermissionconfiguration:#Onlyallowcachemgraccessfromlocalhosthttp_accessallowmanagerlocalhosthttp_accessdenymanager#Denyrequeststocertainunsafeportshttp_accesstheredeny!Safe_ports#DenyCONNECTSSLportdenyhttpCONNECT!SSL_ports#我们强烈推荐以下被取消注释以保护在代理服务器上运行的无辜#web应用程序认为唯一可以访问“localhost”上的服务的人是本地用户#http_accessdenyto_localhost##INSERTYOUOWNRULE(S)HERETOALLOWACCESSFROM您的客户##允许从您的本地网络访问的示例规则。#在ACL部分中调整localnet以列出您的(内部)IP网络#从应该允许浏览的地方http_accessallowlocalnethttp_accessallowlocalhost#最后拒绝对这个代理的所有其他访问http_accessdenyall#squid通常监听端口3128http_port3128transparent#取消注释并调整以下内容以添加磁盘缓存目录。cache_dirufs/mnt/squid100000016256cache_mem300000MBmaximum_object_size_in_memory1MBmaximum_object_size2GBmax_filedesc45000logformatcombined%>a%ui%un[%tl]"%rm%ruHTTP/%rv"%Hs%h""%{User-Agent}>h"%Ss:%Shaccess_log/var/log/squid/access.logcombinedcache_log/var/log/squid/cache.loghierarchy_stoplistcgi-bin?#aclQUERYurlpath_regexcgi-bin?aclBIGMEDIAurlpath_regex-i.rmvb$.avi$.mpg$.mkv$.rm$#aclWEBMAILdstdom_regex-i"/usr/local/squid/etc/webmails"#cachedenyWEBMAIL#cachedenyQUERYcachedenyBIGMEDIAcacheallowallcache_swap_high95cache_swap_low90cache_mgr123@123.comcache_effective_usersquidquick_abort1fresh_resh_minset-1KB-i.htm$520%1440refresh_pattern-i.html$520%1440refresh_pattern-i.jpeg$6050%4320重新加载到imsrefresh_pattern-i.jpg$6050%4320重新加载到imsrefresh_pattern-i.png$6050%4320重新加载到imsrefresh_pattern.flv?开始00%0refresh_pattern.flv?ref00%0refresh_pattern.f4v?ref00%0refresh_pattern.mp4?ref00%0refresh_pattern.flv?144099%10080重新加载到ims忽略重新加载忽略无缓存模式.flv$144099%10080重新加载到ims忽略重新加载忽略无缓存模式.f4v?144099%10080reload-into-imsignore-reloadignore-no-cacherefresh_pattern.mp4?144099%10080重新加载到ims忽略重新加载忽略无cacherefresh_pattern.m4v?144099%10080reload-into-imsignore-reloadignore-no-cacherefresh_pattern.swf$144099%10080reload-into-imsignore-reloadignore-no-cache#将核心转储留在第一个缓存中dircoredump_dir/home/squid01#在这些上面添加任何你自己的refresh_pattern条目。#refresh_pattern\.(jpg|png|gif|mp3|xml)144050%2880忽略重新加载refresh_pattern^ftp:144020%10080refresh_pattern^gopher:14400%1440refresh_pattern-i(/cgi-bin/|\?)00%0refresh_pattern。020%4320其他查看命中率的相关命令squidclient-h127.0.0.1-p3128mgr:infocheckaccessstatustail-f/var/log/squid/access.logcheckhitstatustail-f/var/log/鱿鱼/access.log|grepHIT3。检查squid配置是否正常,如果没有问题,启动servicesquid-z//根据反馈提示,修改配置文件servicesquidstartchkconfigsquidon4。编辑iptables文件,插入如下配置重启vi/etc/sysconfig/iptablesserviceiptablesrestart*nat:PREROUTINGACCEPT[0:0]:POSTROUTINGACCEPT[0:0]:OUTPUTACCEPT[0:0]-APREROUTING-s192.168.1.0/24-ptcp-mtcp--dport80-jREDIRECT--to-ports3128//重定向ros路由的内网80端口流量到squid3128端口根据实际情况调整源网段COMMIT注意:如果缓存使用外部挂载存储,请关闭SElinuxsetenforce0&&sed-i's/SELINUX=enforcing/SELINUX=disabled/g'/etc/selinux/configRouterOS根据实际情况将以上配置改为IPaddressiprouteadddst-address=0.0.0.0/0gateway=192.168.1.2routing-mark=squidcheck-gateway=ping//给代理服务器添加一条默认路由,并添加标签为squid,用ping查看gatewayaccording根据实际情况调整源网段ipfirewalladdress-listaddaddress=192.168.1.1list=noproxy//添加网关地址和代理服务器地址ipfirewalladdress-listaddaddress=192.168.1.2list=noproxyipfirewallmangleaddsrc-address=192.168.1.0/24dst-address-list=noproxyprotocol=tcpdst-port=80action=mark-routingnew-routing-mark=squid//转发80端口的流量源内网段到代理服务器并排除之前添加的网关和服务器IP
