Squid ACL access control and sarg log

ACL access control

ACL (Access Control List, access control list), can filter for various conditions such as source address, destination address, URL path accessed, access time and other conditions
. Steps of ACL access control
Use the acl configuration item to define the conditions that need to be controlled.
Configure through http_access Item to allow or deny access control to the defined list
ACL interpretation
acl list name list type list content
src source address
dst destination address
port destination port
dstdomain destination domain
time access time
maxconn maximum concurrent connection
url_regex destination URL address
urlpath_regex entire destination URL path

bring it on! Show! !

Based on the transparent proxy we did yesterday, start today’s experiment and
click here for yesterday’s blog address

[root@localhost ~]# vim /etc/squid.conf
##在acl字段添加
acl win src 192.168.10.20/32

# Deny requests to certain unsafe ports   ##找到这行
http_access deny win  ##添加这行
http_access deny !Safe_ports
[root@localhost ~]# service squid reload

The client cannot access normally. It proves that the policy is set successfully.
You can also put your IP or domain name in a list, and use the list name you created when making the policy.

Squid log analysis tool Sarg show! !

Install sarg on the squid server

[root@localhost bao]# rz -E
rz waiting to receive.
[root@localhost bao]# ls
sarg-2.3.7.tar.gz  squid-3.4.6  squid-3.4.6.tar.gz
[root@localhost bao]# tar zxvf sarg-2.3.7.tar.gz 
[root@localhost sarg-2.3.7]# ./configure  \
> --prefix=/usr/local/sarg \
> --sysconfdir=/etc/sarg \
> --enable-extraprotection
[root@localhost sarg-2.3.7]# make && make install

Configure sarg

[root@localhost sarg-2.3.7]# vim /etc/sarg/sarg.conf
  7 access_log /usr/local/squid/var/logs/access.log  ##取消注释，指定日志文件
 25 title "Squid User Access Reports"	##页面标题
120 output_dir /var/www/html/squid-reports	##报告输出位置
178 user_ip no	##用户名显示
184 topuser_sort_field BYTES reverse	##降序排列
190 #user_sort_field BYTES reverse  ##列表降序
206 exclude_hosts /usr/local/sarg/weizhi	##不计入排序站点位置
257 overwrite_report no	##是否覆盖同名日志
289 mail_utility mailq/postfix	##发送邮件报告
434 charset UTF-8	#字符集UTF-8
518 weekdays 0-6	##星期周期
525 hours 0-23	##小时周期
633 www_document_root /var/www/html	##网页根目录
[root@localhost sarg-2.3.7]# touch /usr/local/sarg/weizhi
[root@localhost sarg-2.3.7]# ln -s /usr/local/sarg/bin/sarg /usr/local/bin/
[root@localhost sarg-2.3.7]# sarg
SARG: 纪录在文件: 419, reading: 100.00%
SARG: 成功的生成报告在 /var/www/html/squid-reports/2020Sep06-2020Sep07
[root@localhost sarg-2.3.7]# cd /var/www/html/squid-reports/
[root@localhost squid-reports]# ls
2020Sep06-2020Sep07  images  index.html
[root@localhost squid-reports]# yum -y install httpd
[root@localhost squid-reports]# systemctl start httpd
[root@localhost squid-reports]# setenforce 0

Use the client to access Squid and view the log (first cancel the above acl access policy)

[root@localhost squid-reports]# vim /etc/squid.conf
# Deny requests to certain unsafe ports
#http_access deny win
http_access deny !Safe_ports
[root@localhost squid-reports]# service squid reload

Perform periodic scheduled tasks and check the report again

[root@localhost squid-reports]# sarg -l /usr/local/squid/var/logs/access.log -o /var/www/html/squid-reports/ -z -d $(date -d "1 day ago" +%d/%m/%Y)-$(date +%d/%m/%Y)