Прозрачный прокси со сквидом 3.1 на RHEL 6
Довольно распространено видеть это. Это означает, "используют доменный Unix сокет" вместо сокета TCP/IP. Эти "сокеты" домена Unix обнаруживаются в файловой системе. Например, в моей старой системе Slackware 11.0, сокет домена Unix имеет имя файла/tmp/.X11-unix/X0
12 % ls -ltr /tmp/.X11-unix
total 0
srwxrwxrwx 1 root users 0 2011-07-19 18:07 X0=
Отметьте' в режиме: это - "сокет". Я, кажется, вспоминаю другой X11s, помещая доменный Unix сокет в/tmp/непосредственно.
Используя доменный Unix сокет для трафика X11 может быть вполне немного быстрее, и вероятно намного более безопасным, чем бросание трафика по IP TCP
2
Kumar
14.01.2012, 08:58
Ссылка
3 ответа
Поместите это в свой squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# acl lan src 192.168.1.1 192.168.2.0/24 # configure this for your lan settings
http_access allow localhost
http_access allow lan
и удостоверьтесь, что Вы имеете, устанавливают iptables на Вашем сервере сквида.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Поскольку больше узнает ПРАКТИЧЕСКОЕ РУКОВОДСТВО по http://tldp.org/HOWTO/TransparentProxy.html
1
Nikhil Mulley
27.01.2020, 22:15
Ссылка
-
12012/01/18 | cache_cf.cc (364) parseOneConfigFile: нераспознанный сквид conf:4: 'httpd_accel_host' 18.01.2012 8:39:04 | cache_cf.cc (364) parseOneConfigFile: нераспознанный сквид conf:5: 'httpd_accel_port' 18.01.2012 8:39:04 | cache_cf.cc (364) parseOneConfigFile: нераспознанный сквид conf:6: 'httpd_accel_with_proxy' 18.01.2012 8:39:04 | cache_cf.cc (364) parseOneConfigFile: нераспознанный сквид conf:7: 'httpd_accel_uses_host_header' 18.01.2012 8:39:04 | Инициализирующий https контекст – Kumar 18.01.2012, 05:09
-
2прокси, Добирающийся об ошибке и сквиде, начинают быть отказавшими – Kumar 18.01.2012, 05:10
-
3Это не доступно для сквида 3,1 – Kumar 18.01.2012, 07:12
dns_nameservers 182.190.0.21 182.176.39.17 192.168.1.100
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
#acl M1 arp 00:18:8B:28:DD:7F
#acl M2 arp 00:21:9b:d3:d8:de
#http_access allow M1
#http_access allow M2
#http_access deny all
#http_port 80
#httpd_accel_host 127.0.0.1
#http_accel_port 80
http_port 80 accel defaultsite=proxy.shancomputers.com vhost
forwarded_for on
#httpd_accel_single_host on
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header off
icp_access allow all
#cache_peer 127.0.0.1 parent 3128 0 no-query default
acl web_ports port 80
http_access allow web_ports
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
hierarchy_stoplist cgi-bin ?
memory_replacement_policy lru
cache_replacement_policy heap LFUDA
#upgrade_http0.9 deny shoutcast
#acl all src all
unique_hostname proxy.shancomputers.com
visible_hostname proxy.shancomputers.com
cache_mgr rehanashraf@hotmail.com
acl dp url_regex -i \.mp3$ \.wmv$ \.avi$ \.wma$ \.mpe?g$
acl dp1 rep_mime_type video/flv
acl youtube dstdomain .youtube.com
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 192.168.1.0/24
acl MSN_methods method CONNECT
acl numconn maxconn 6
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl POST method POST
acl CONNECT method CONNECT
acl GET method GET
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl QUERY urlpath_regex cgi-bin \?
#---------------------------------------------------------------------
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
http_access allow MSN_methods MSN_ports MSN_hosts
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.1:3128 transparent
#http_port 192.168.1.1:8080 transparent
#---------------------------------------------------------------------
#memory_cache_mode always
acl FTP proto FTP
always_direct allow FTP
miss_access allow all
#--------------------------------------------------------------------
cache_store_log /var/log/squid/store.log
no_cache deny QUERY
no_cache deny POST
#---------------------------------------------------------------------
request_header_max_size 100 MB
maximum_object_size 96 MB
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 9999 99% 99990 override-expire reload-into-ims override-lastmod
refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2
refresh_pattern \? 1 20% 2
refresh_pattern \.gif$ 10080 90% 43200
refresh_pattern \.jpg$ 10080 90% 43200
refresh_pattern \.bom\.gov\.au 30 20% 120
refresh_pattern \.html$ 480 50% 22160
refresh_pattern \.htm$ 480 50% 22160
refresh_pattern \.class$ 10080 90% 43200
refresh_pattern \.zip$ 10080 90% 43200
refresh_pattern \.jpeg$ 10080 90% 43200
refresh_pattern \.mid$ 10080 90% 43200
refresh_pattern \.shtml$ 480 50% 22160
refresh_pattern \.exe$ 10080 90% 43200
refresh_pattern \.thm$ 10080 90% 43200
refresh_pattern \.wav$ 10080 90% 43200
refresh_pattern \.txt$ 10080 90% 43200
refresh_pattern \.cab$ 10080 90% 43200
refresh_pattern \.au$ 10080 90% 43200
refresh_pattern \.mov$ 10080 90% 43200
refresh_pattern \.xbm$ 10080 90% 43200
refresh_pattern \.ram$ 10080 90% 43200
refresh_pattern \.avi$ 10080 90% 43200
refresh_pattern \.chtml$ 480 50% 22160
refresh_pattern \.thb$ 10080 90% 43200
refresh_pattern \.dcr$ 10080 90% 43200
refresh_pattern \.bmp$ 10080 90% 43200
refresh_pattern \.phtml$ 480 50% 22160
refresh_pattern \.mpg$ 10080 90% 43200
refresh_pattern \.pdf$ 10080 90% 43200
refresh_pattern \.swf$ 10080 90% 43200
refresh_pattern \.mp3$ 10080 90% 43200
refresh_pattern \.ra$ 10080 90% 43200
refresh_pattern \.spl$ 10080 90% 43200
refresh_pattern \.viv$ 10080 90% 43200
refresh_pattern \.doc$ 10080 90% 43200
refresh_pattern \.gz$ 10080 90% 43200
refresh_pattern \.Z$ 10080 90% 43200
refresh_pattern \.tgz$ 10080 90% 43200
refresh_pattern \.tar$ 10080 90% 43200
refresh_pattern \.vrm$ 10080 90% 43200
refresh_pattern \.vrml$ 10080 90% 43200
refresh_pattern \.aif$ 10080 90% 43200
refresh_pattern \.aifc$ 10080 90% 43200
refresh_pattern \.aiff$ 10080 90% 43200
refresh_pattern \.arj$ 10080 90% 43200
refresh_pattern \.c$ 10080 90% 43200
refresh_pattern \.cpt$ 10080 90% 43200
refresh_pattern \.dir$ 10080 90% 43200
refresh_pattern \.dxr$ 10080 90% 43200
refresh_pattern \.hqx$ 10080 90% 43200
refresh_pattern \.jpe$ 10080 90% 43200
refresh_pattern \.lha$ 10080 90% 43200
refresh_pattern \.lzh$ 10080 90% 43200
refresh_pattern \.midi$ 10080 90% 43200
refresh_pattern \.movie$ 10080 90% 43200
refresh_pattern \.mp2$ 10080 90% 43200
refresh_pattern \.mpe$ 10080 90% 43200
refresh_pattern \.mpeg$ 10080 90% 43200
refresh_pattern \.mpga$ 10080 90% 43200
refresh_pattern \.pl$ 10080 90% 43200
refresh_pattern \.ppt$ 10080 90% 43200
refresh_pattern \.ps$ 10080 90% 43200
refresh_pattern \.qt$ 10080 90% 43200
refresh_pattern \.qtm$ 10080 90% 43200
refresh_pattern \.ras$ 10080 90% 43200
refresh_pattern \.sea$ 10080 90% 43200
refresh_pattern \.sit$ 10080 90% 43200
refresh_pattern \.tif$ 10080 90% 43200
refresh_pattern \.tiff$ 10080 90% 43200
refresh_pattern \.snd$ 10080 90% 43200
refresh_pattern \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
refresh_pattern \.iso$ 10080 90% 43200
#------------------------------------------------------------------------
range_offset_limit 0 KB
#---------------------------------------------------------------------------
hosts_file /etc/hosts
coredump_dir /var/spool/squid
#----------------------------------------------------------------------------
quick_abort_min 1024 KB
quick_abort_max 2048 KB
quick_abort_pct 90
cache_effective_user squid
cache_effective_group squid
cache_dir ufs /var/spool/squid 20000 16 256
cache_mem 1024 MB
fqdncache_size 1024
request_body_max_size 100 KB
1
Michael Mrozek
27.01.2020, 22:15
Ссылка
-
1Nouman Qaiser, Что относительно iptable правил? Что изменяется, я хочу сделать в iptables? – Kumar 26.03.2012, 12:30
[115290]Кальмар обычно слушает порт 3128
Сделайте эту модификацию в вашем файле squid.conf[115293].
0
27.01.2020, 22:15
Ссылка