Squid proxy server-ACL access control, log analysis Sarg, and reverse proxy configuration practice
One: ACL control access
1.1: ACL access control method
- Define the list according to the source address, target URL, file type, etc.
acl 列表名称 列表类型 列表内容...
- Restrictions on the defined acl list
http_access allow或deny 列表名称 ...
1.2: ACL rule priority
- When a user accesses the proxy server, Squid will sequentially match all the rule lists defined in Squid. Once the match is successful, the match will stop immediately
- When none of the rules match, Squid will use the opposite rule to the last one
1.3: Commonly used ACL list types
src | source address |
---|---|
dst | Destination address |
port | port |
dstdomain | Target domain |
time | interview time |
maxconn | Maximum concurrent connections |
url_regex | Target URL address |
Urlpath_regex | The entire target URL path |
- E.g
acl localhost src 20.0.0.20/32
acl MYLAN src 20.0.0.0/24
acl destionhost dst 20.0.0.52/32
acl MC20 max-conn 20
acl BURL url_regex -i ^rtsp:// ^emule://
acl PURL urlpath_regex -i \.mp3$ \.mp4$ \.rmvb$
acl work time MTWHFAC 08:30-17:30
1.4: Experimental configuration
1.4.1: Environment
- VMware software
- A centos7 virtual machine as the squid server, the IP address is: 20.0.0.51
- A centos7 virtual machine as a web server, the IP address is: 20.0.0.52
- A win7 virtual machine as the client test machine, the IP address is: 20.0.0.20
1.4.2: Experimental purpose
- Allow and deny access to the host through ACL access control
1.4.3: Experimental procedure
-
To build squid, based on the traditional model, you can read my previous blog
-
Link: https://blog.csdn.net/m0_47219942/article/details/108433500 .
-
Method 1: Set ACL access rules (when there are not many IP addresses)
[root@squid ~]# vim /etc/squid.conf
# should be allowed
acl localhost src 20.0.0.20/32 '添加,监控client客户端的主机(20.0.0.20/32)取名为hostlocal'
# Deny requests to certain unsafe ports
http_access deny hostlocal '添加,调用hostlocal,设置拒绝访问'
[root@squid ~]# service squid restart
- Method 2: Set ACL access rules (when multiple IP addresses)
mkdir /etc/squid '启用对象列表管理'
vim dest.list
20.0.0.52 '目标WEB'
vim /etc/squid.conf
acl destionhost dst "/etc/squid/dest.list"
http_access deny destionhost 拒绝列表(注意置顶)
[root@squid ~]# service squid restart
- The client client tries to access the web, the client client first clears the browser data
Two: Squid log analysis tool Sarg
2.1: Deploy sarg on the squid server
[root@squid ~]# yum install -y gd gd-devel
[root@squid ~]# mkdir /usr/local/sarg
[root@squid ~]# tar zxvf sarg -C /opt
[root@squid ~]# cd /opt/sarg-2.3.7/
[root@squid sarg-2.3.7]# ./configure --prefix=/usr/local/sarg \
> --sysconfdir=/etc/sarg \
> --enable-extraprotection
[root@squid sarg-2.3.7]# make && make install
2.2: Modify the Sarg configuration file
[root@squid sarg-2.3.7]# vim /etc/sarg/sarg.conf
'配置文件中所有的都被注释了,我们需要取消注释一下内容'
access_log /usr/local/squid/var/logs/access.log '指定访问日志文件'
title "Squid User Access Reports" '网页标题'
output_dir /var/www/html/squid-reports '报告输出目录'
user_ip no '使用用户名显示'
exclude_hosts /usr/local/sarg/noreport '不计入排序的站点列表文件'
topuser_sort_field connect reverse
'top排序中有连接次数,访问字节,降序排列,升序是normal'
overwrite_report no '同名日志是否覆盖'
mail_utility mailq.postfix '发送邮件报告命令'
charset UTF-8 '使用字符集'
weekdays 0-6 'top排行的时间周期'
hours 0-23 'top排行的时间周期'
www_document_root /var/www/html '网页根目录'
[root@squid sarg-2.3.7]# touch /usr/local/sarg/noreport '添加不计入站点文件,添加的域名将不被显示'
[root@squid sarg-2.3.7]# ln -s /usr/local/sarg/bin/sarg /usr/local/bin/ '创建sarg命令的软连接'
[root@squid sarg]# sarg '生成报告'
SARG: 纪录在文件: 158, reading: 100.00%
SARG: 成功的生成报告在 /var/www/html/squid-reports/2020Sep07-2020Sep07'提示报告生成在这个目录,我们进入这个目录查看一下'
[root@squid sarg-2.3.7]# cd /var/www/html/squid-reports/ '进入目录'
[root@squid squid-reports]# ls
2020Feb08-2020Feb08 images index.html
[root@squid squid-reports]# yum install httpd -y '安装httpd'
[root@squid squid-reports]# systemctl start httpd '开启httpd'
[root@squid squid-reports]# systemctl stop firewalld.service '关闭防火墙'
[root@squid squid-reports]# setenforce 0
2.3: Use the client client to access the sarg log
-
Visit 20.0.0.51/squid-reports
-
Perform periodic scheduled tasks and generate reports every day
[root@squid squid-reports]# sarg -l /usr/local/squid/var/logs/access.log -o /var/www/html/squid-reports/ -z -d $(date -d "1 day ago" +%d/%m/%Y)-$(date +%d/%m/%Y)
- Check again
Three: Squid reverse proxy
3.1: Add a web server and set the homepage content
- Add a web2 server with an IP address of 20.0.0.47
'原本的web服务器修改一下主页内容用来和新添加的web2服务器区分'
[root@web ~]# cd /var/www/html
[root@web html]# vim index.html '修改首页内容'
<h1>this is web01</h1>
'web2服务器设置'
[root@web2 ~]# yum install httpd -y '安装httpd服务'
[root@web2 ~]# vim /var/www/html/index.html '修改首页内容'
<h1>this is web02</h1>
[root@web2 ~]# systemctl stop firewalld.service '关闭防火墙'
[root@web2 ~]# setenforce 0
[root@web2 ~]# systemctl start httpd '开启httpd服务'
- Set up reverse proxy
[root@squid squid-reports]# vim /etc/squid.conf
http_port 20.0.0.51:80 accel vhost vport '监控本机80端口'
cache_peer 20.0.0.47 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1 '节点服务器1最大访问30,权重1,别名web1'
cache_peer 20.0.0.52 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web2 '节点服务器2最大访问30,权重1,别名web2'
cache_peer_domain web1 web2 www.yun.com '访问www.yun.com匹配web1,web2节点'
[root@squid squid-reports]# service squid restart '重启服务'
正在关闭 squid...
正在启动 squid...
[root@squid sarg]# netstat -ntap |grep squid '查看80端口是否被squid使用'
tcp 0 0 20.0.0.51:80 0.0.0.0:* LISTEN 53968/(squid-1)
3.2: The client client sets up domain name resolution and squid proxy and tests
- Set up domain name resolution (log in as the administrator user)
- Location: C drive-Windows-system32-drivers-etc-hosts
- Set the browser proxy: because you are using Google Chrome, take Google Chrome as an example
- The client client visits www.yun.com to check whether the proxy is successful
- The client implements polling access, and the reverse proxy succeeds