Application of Squid proxy server (traditional proxy, transparent proxy, ACL control list, sarg log analysis, reverse proxy)

1. Overview of Squid proxy server

As a server proxy tool, squid can cache webpage objects and reduce repeated requests, so as to speed up webpage access, hide the real IP of the client, and be more secure.

Squid mainly provides the functions of cache acceleration and application layer filtering control

1. The working mechanism of squid proxy:

• Request data from the website instead of the client, so that the user's real IP address can be hidden

• Save the obtained web page data (static web elements) into the cache and send it to the client, so that the next time the same data is requested for a fast response

When our client accesses the web page through the squid proxy, the designated proxy server will first check its own cache. If there is a page that our client needs in the cache, then the squid server will directly return the page content in the cache to the client.

If there is no page requested by the client in the cache, the Squid proxy server will send an access request to the Internet, and after obtaining the returned web page, save the data of the web page in the cache and send it to the client.

Since the client's web access request is actually completed by the squid proxy server instead, the real IP address of the user is hidden, thereby playing a certain protective role.

On the other hand, squid can also filter and control the target to be accessed, the address of the client, and the time period of access.

2. Basic types of squid proxy

① Traditional proxy: applicable to the Internet, the address and port of the proxy server need to be specified on the client

② Transparent proxy: the client does not need to specify the address and port of the proxy server, but redirects the web access to the proxy server through the default route and firewall policy

③ Reverse proxy: If the requested resource is cached in the Squid reverse proxy server, the requested resource will be returned directly to the client; otherwise, the reverse proxy server will request the resource from the background web server, and then send the requested response Return to the client, and also cache (statically) the response locally for the next requester

According to different implementation methods, it can be basically divided into two ways: traditional proxy and transparent proxy:

Traditional proxy: that is, ordinary proxy service. Our client needs to set the address and port of the proxy server in some programs such as browsers and chat tools, and then use the proxy to access the network. This method is relatively troublesome. Because the client needs to manually specify the proxy server, it is generally used in the Internet environment.

Transparent proxy: The function implemented by the traditional proxy is the same, the difference is that the client does not need to manually specify the address and port of the proxy server, but redirects the web access through the default route and firewall policy, and actually still hands it over to the proxy server The process of processing and redirection is completely carried out by the squid server, so for the client, it does not even know that it uses the squid proxy service, so we call it transparent mode.

Transparent proxy is mostly used in the LAN environment. For example, after enabling the transparent proxy in the Linux gateway, the LAN host can enjoy better Internet access speed without additional settings.

3. Diagram of the working mode of squid proxy

3.1. Traditional mode:

This type of working mode is the simplest of the three modes, and it is not friendly to client configuration. Its main function is a forward proxy, which speeds up the access speed of intranet users and reduces egress traffic.

(If a public proxy server is set up, in this way, the user needs to enter the network settings of the machine and set the IP and port of the squid server)

3.2. Transparent mode:

The configuration of this type of working mode is relatively complicated, and the implementation of forward proxy also requires the redirection of ports with the help of a firewall. But for the client, the configuration is more friendly. The proxy function can be used without any configuration. The main function is to speed up the access speed of intranet users and reduce the egress traffic.

(If you set up a proxy server for accessing the external network from the intranet, it is recommended to use this, and you do not need to set the IP and port of the proxy server on the client, and automatically realize the squid proxy)

3.3. Reverse proxy mode:

The reverse proxy mode is located between the local WEB server and the public network, processing requests initiated by public network users, and proxying them to intranet services, effectively reducing the pressure on the real server at the back end and increasing the concurrent processing capacity of the server

4. Benefits of using squid proxy

• Improve web access speed

• Hide the real IP address of the client

2. Compilation, installation and operation of Squid proxy server

1. Operation steps of compiling, installing and running the Squid proxy server

First turn off the firewall and SElinux

systemctl stop firewalld
systemctl disable firewalld
setenforce 0

1.1. Compile and install Squid

#安装依赖环境
yum -y install gcc gcc-c++ make
#上传软件包squid-3.5.27. tar到/opt目录下
cd /opt
#解压
tar zxvf squid-3.5.27.tar.gz
#配置相关模块
cd squid-3.5.27/
./configure --prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gnuregex
 
# 编译安装
make && make install
 
-----------------------------------------------
####_上述脚本解释###
 
./configure --prefix=/usr/local/squid
##安装目录
--sysconfdir=/etc/
##单独将配置文件修改到/etc目录下
-- enable-arp-acl
##可在ACL中设置通过MAC地址进行管理，防止IP欺骗
--enable-1inux-netfilter
##使用内核过滤
--enable-linux-tproxy
##支持透明模式
--enable-async-io=100
##异步I/O，提升储存性能，值可修改
--enable-err-language="Simplify_Chinese"
##错误信息的显示语言
--enable-underscore
##允许URL中有下划线
-enable-poll
##使用Poll () 模式，提升性能
--enable-gnuregex
##使用GNU正则表达式

ln -s /usr/local/squid/sbin/* /usr/local/sbin
##创建链接文件，优化路径
useradd -M -s /sbin/nologin squid
###创建程序用户、组
chown -R squid:squid /usr/local/squid/var/
##改变目录属主，此目录用来存放缓存文件

1.2. Modify the configuration file of Squid

vim /etc/squid.conf
......
-----56行--插入------
http_access allow all         #放在http_access deny all 之前，允许任意客户机使用代理服务，控制规则自上而下匹配
http_access deny all
http_port 3128                 #用来指定代理服务监听的地址和端口(默认的端口号为3128)
-----61行--插入------
cache_effective_user squid     #添加，指定程序用户，用来设置初始化、运行时缓存的账号，否则启动不成功
cache_effective_group squid    #添加，指定账号基本组
coredump_dir /usr/local/squid/var/cache/squid   #指定缓存文件目录

1.3, Squid operation control

#检查配置文件语法是否正确
squid -k parse
 
#启动Squid， 第一次启动Squid服务时，会自动初始化缓存目录
squid -z   #-z选项用来初始化缓存目录
squid      #启动squid 服务
 
netstat -anpt | grep "squid"

1.4. Create a Squid service script

vim /etc/init.d/squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
 
case "$1" in
   start)
     netstat -natp | grep squid &> /dev/null
     if [ $? -eq 0 ]
     then
       echo "squid is running"
       else
       echo "正在启动 squid..."
       $CMD
     fi
   ;;
   stop)
     $CMD -k kill &> /dev/null
     rm -rf $PID &> /dev/null
   ;;
   status)
     [ -f $PID ] &> /dev/null
        if [ $? -eq 0 ]
          then
            netstat -natp | grep squid
          else
            echo "squid is not running"
        fi
   ;;
   restart)
      $0 stop &> /dev/null
      echo "正在关闭 squid..."
      $0 start &> /dev/null
      echo "正在启动 squid..."
   ;;
   reload)
      $CMD -k reconfigure
   ;;
   check)
      $CMD -k parse
   ;;
   *)
      echo "用法：$0{start|stop|status|reload|check|restart}"
   ;;
esac

#2345 is the default self-start level, if yes - means no self-start at any level; 90 is the start priority, 25 is the stop priority, the priority range is 0-100, the larger the number, the lower the priority.

chmod +x /etc/init.d/squid
chkconfig --add squid
chkconfig --level 35 squid on

2. Example operation: Compile, install and run the Squid proxy server

First turn off the firewall and SElinux

　　

2.1, compile and install Squid

#Install the dependent environment, upload the software package squid-3.5.28.tar to the /opt directory and decompress it

　　

# Configure related modules

　

# compile and install

　

#Create a link file, create a program user, group, and change the directory owner

2.2. Modify the configuration file of Squid

2.3, Squid operation control

2.4. Create Squid service script

3. Build traditional agents

1. The operation steps of building a traditional agent

Environmental preparation

Squid proxy server: 192.168.2.22

web server: 192.168.2.66

win10 client: 192.168.2.10

1.1 Modify squid configuration file

vim /etc/squid.conf
......
http_access allow all
http_access deny all
http_port 3128
cache_effective_user squid
cache_effective_group squid
---63行，插入----
cache_mem 64 MB            
#指定缓存功能所使用的内存空间大小，便于保持访问较频繁的WEB对象，容量最好为4的倍数，单位为MB，建议设为物理内存的1/4
reply_body_max_size 10 MB          
#允许用户下载的最大文件大小，以字节为单位，当下载超过指定大小的Web对象时，浏览器的报错页面中会出现“请求或访问太大”的提示默认设置0表示不进行限制
maximum_object_size 4096 KB        
#允许保存到缓存空间的最大对象大小，以KB为单位，超过大小限制的文件将不被缓存，而是直接转发给用户

1.2 Restart the service

service squid restart
systemctl restart squid　　

1.3 Firewall rules need to be modified in the production environment

iptables -F
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
iptables -nL INPUT

1.4 web server install web service (httpd or nginx)

systemctl stop firewalld.service
setenforce 0
yum -y install httpd
systemctl start httpd
netstat -natp | grep 80

1.5 Modify win10 client, add agent

Open browser tool --> Internet option --> connection --> LAN settings --> enable proxy server (address: Squid server IP address, port: 3128) After clearing cache, use browser to access http://192.168.2.66 (web server address)　　

1.6 Access the web server on the win10 client for verification

#View new records in the Squid access log

tail -f /usr/local/squid/var/logs/access.log　　　

#View new records in the Web access log

tail -f /var/log/httpd/access_log　　

Enter the IP address of the web server in the browser to access, and check the web server access log, which shows that the proxy server is accessing on behalf of the client.

2. Example operation: build a traditional agent

2.1 Modify squid configuration file

2.2 Restart the service

2.3 Firewall rules need to be modified in the production environment

　　

2.4 web server install web service (httpd or nginx)

2.5 Modify win10 client and add proxy

2.6 Access the web server on the win10 client for verification

4. Build a transparent proxy

1. Steps to build a transparent proxy

Environment preparation:

Squid server: dual network card ens33:192.168.2.22, ens36:12.0.0.1

Web server: 12.0.0.18 (the gateway is ens36 of the squid proxy server)

Win10 client: 192.168.229.200 (the gateway is ens33 of the squid proxy server)

1.1 Squid server: dual network card

内网ens33: 192.168.2.22  外网ens36: 12.0.0.1　
cd /etc/sysconfig/network-scripts/
cp ifcfg-ens33 ifcfg-ens36
vim ifcfg-ens36           #修改IP地址，并注释或者删除DNS与网关
systemctl restart network　　

1.2 Modify squid configuration file

vim /etc/squid.conf
http_access allow all
http_access deny all
--60行--修改添加提供内网服务的IP地址，和支持透明代理选项transparent
http_port 192.168.229.60:3128 transparent
 
systemctl restart squid

1.3 Squid server adds routing forwarding and iptables rules

#开启路由转发，实现本机中不同网段的地址转发
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p
<br>#修改防火墙规则
iptables -F
iptables -t nat -F
# 添加防火墙规则（将来源为229网段：80/443端口的流量重定向到3128端口）
iptables -t nat -I PREROUTING -i ens33 -s 192.168.229.0/24 -p tcp --dport 80 -j REDIRECT --to 3128  #用于转发Http协议
iptables -t nat -I PREROUTING -i ens33 -s 192.168.229.0/24 -p tcp --dport 443 -j REDIRECT --to 3128 #用于转发https协议   
#如果要进行重启，则需要配置以下规则
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

1.4 web server

Modify the IP address to 12.0.0.18, and set the gateway to 12.0.0.1

And open the httpd service, which has been installed before

 vim /etc/sysconfig/network-scripts/ifcfg-ens33
 cat /etc/sysconfig/network-scripts/ifcfg-ens33
 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID="4ff14eea-f777-4bc2-b50b-7179db6ba998"
DEVICE=ens33
ONBOOT=yes
IPADDR=12.0.0.18
NETMASK=255.255.255.0
GATEWAY=12.0.0.1
#DNS1=192.168.229.2
 
 systemctl restart network
 systemctl restart httpd.service 　

1.5. The client closes the proxy and accesses the web server

Add a gateway, the gateway is ens33 of the squid server

View the new record of Web1 access log
tail -f /var/log/httpd/access_log

2. Example operation: build a transparent proxy

2.1 Squid server: dual network card

2.2 Modify squid configuration file

2.3 Squid server adds routing forwarding and iptables rules

2.4 web server

　　

2.5 The client closes the proxy and accesses the web server

Five, ACL access control

1. Overview of ACL access control

1.1. The concept of ACL access control list

ACL (Access Control List) access control list, mainly used to filter the traffic in the network, is a technical means to control access. In order to filter packets, a network device needs to configure a series of matching conditions to classify packets, apply them to ports, and control the traffic of specific ports according to preset policies.

An access control list (ACL) consists of a set of rules in which conditions are defined to allow or deny access to a router

ACL can be used to filter the data packets passing through the router according to the set rules, so that the data packets can selectively pass through the router and play the role of a firewall.

ACLs are generally only configured on the following routers:

• Border routers for intranets and extranets.
• A router at the junction of two functional networks.

1.2. In the configuration file squid.conf, the steps of ACL access control

This is achieved through the following two steps:

• Use the acl configuration item to define the conditions that need to be controlled
• Control "allow" or "deny" access to the defined list through the http_access configuration item

1.3. Define the access control list

Format: acl list name list type list content

• List name: the name can be customized, which is equivalent to giving the acl a name

• List type: Squid predefined values ​​must be used, corresponding to different types of control conditions

• List content: it is the specific object to be controlled, different types of lists correspond to different contents, and can have multiple values ​​(separated by spaces,
in the relationship of "or")

1.4 ACL access control method

Define lists based on source address, target URL, file type, etc.

acl list name list type list content...

Restrict for the defined acl list

http_access allow or deny list name...

1.5 Priority of ACL rules

When a user accesses the proxy server, Squid will sequentially match all the rule lists defined in Squid. Once the match is successful, it will stop matching immediately. When
all rules do not match, Squid will use the opposite rule to the last one.

1.6 Commonly used ACL list types

src →> source address

dst > self-labeled address

port→>port

dstdomain> target domain

time →> access time

maxconn → maximum concurrent connections

ourl_regex → target URL address

Urlpath_regex → entire target URL path

2. Steps to set ACL access control

Environmental preparation

Squid proxy server: 192.168.2.22

web server: 192.168.2.66

win10 client: 192.168.2.10

Use the traditional proxy method to set ACL access control (see above for the traditional proxy setting)

2.1 Define the access control list

method one:

vim /etc/squid.conf
......
acl localhost src 192.168.2.100/32                 #源地址为192.168.2.100
acl MYLAN src 192.168.2.0/24                      #客户机网段
acl destinationhost dst 192.168.2.66/32               #目标地址为192.168.2.66
acl MC20 maxconn 20                         #最大并发连接20
acl PORT port 21                            #目标端口21
acl DMBLOCK dstdomain .qq.com                       #目标域，匹配域内所有站点
acl BURL url_regex -i ^rtsp:// ^emule://                #以rtsp://.emule://开头的URL，-i表示忽略大小写
acl PURL urlpath_regex -i \.mp3$ \.mp4$ \.rmvb$                 #以.mp3、.mp4、.rmvb结尾的URL路径
acl WORKTIME time MTWHF 08:30-17:30                 #时间为周一--至周五8:30~17:30，"MTWHF"为每个星期的英文首字母
 
第一条插入:
http_access deny localhost

Method Two:

#Start object list management　　

mkdir /etc/squid
vim /etc/squid/dest.list
192.168.2.22                               #Squid服务器IP
192.168.200.0/24                             #任意需要的网段
 
vim /etc/ squid.conf
.......
acl destinationhost dst "/etc/squid/dest.list"                  #调用指定文件中的列表内容
http access deny(或allow) destinationhost                #注意，如果是拒绝列表，需要放在http_access allow all前面
 
systemctl restart squid

2.2. Install httpd service on the WEB server

yum install -y httpd
systemctl start httpd

2.3 Test on Client

Enter 192.168.2.66 in the browser to check whether the web is rejected

3. Example operation: set ACL access control

2.1 Define the access control list

method one:

2.1 Use the client (192.168.2.10) to access the web browser to access 192.168.2.66

2.3 Define the access control list again

Method Two:

2.14 Use the client (192.168.2.10) again to access the web browser to access 192.168.2.66

Six, Squid log analysis

sarg (Squid Analysis Report Generator), is a squid log analysis tool, which uses HTML format to list in detail the site information, time occupancy information, ranking, connection times, visits, etc. of each user visiting the Internet

1. Steps to implement Squid log analysis

1.1 Install image processing software package

yum install -y gd gd-devel pcre-devel
mkdir /usr/local/sarg　　

1.2 Upload the zxvf sarg-2.3.7. tar.gz compressed package to the /opt directory, decompress and configure related modules, compile and install

tar zxvf sarg-2.3.7.tar.gz -C /opt/
 
cd /opt/sarg-2.3.7
./configure --prefix=/usr/local/sarg \   #指定安装路径
--sysconfdir=/etc/sarg \    #配置文件目录
--enable-extraprotection    #额外安全防护
 
-----------------------------------------------------------------------------------------------
./configure --prefix=/usr/local/sarg --sysconfdir=/etc/sarg --enable-extraprotection
--------------------------------------------------------------------------------------------------
 
make && make install

1.3 Modify the sarg configuration file

vim /etc/sarg/sarg.conf
--7行--取消注释
access_log /usr/local/squid/var/logs/access.1og #指定访问日志文件
--25行--取消注释
title "Squid User Access Reports"   #网页标题
-- 120行--取消注释，修改
output_dir /var/www/html/squid-reports  #报告输出目录
--178行--取消注释
user_ip no  #使用用户名显示
--184行--取消注释，修改
topuser_sort_field connect reverse  #top排序中，指定连接次数采用降序排列，升序是normal
-- 190行--取消注释，修改
user_sort_field connect reverse #对于用户访问记录，连接次数按降序排序
--206行--取消注释，修改
exclude_hosts /usr/local/sarg/noreport  #指定不计入排序的站点列表的文件
--257行--取消注释
overwrite_report no #同名同日期的日志是否覆盖
--289行--取消注释，修改
mail_utility mailq.postfix  #发送邮件报告命令
--434行--取消注释，修改
charset UTF-8   #指定字符集UTF-8
--518行--取消注释
weekdavs 0-6    #top排行的星期周期
--525行--取消注释
hours 0-23  #top排行的时间周期
--633行--取消注释
www_document_root /var/www/html #指定网页根目录　　

1.4 Adding is not included in the site file, and the added domain name will not be displayed in the sorting

touch /usr/local/sarg/noreport
ln -s /usr/local/sarg/bin/sarg /usr/local/bin/
sarg --help #获取帮助
 
#运行
sarg #启动一次记录　

1.5 Verification

yum install httpd -y
systemctl start httpd　　

Use a browser to visit http://192.168.2.22/squid-reports on the squid server to view the sarg report page

date -s

1.6 Add scheduled tasks to execute daily report generation

vim /usr/local/sarg/report.sh
#/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
#Get one week ago today
YESTERDAY=$(date -d "1 day ago" +%d/%m/%Y)
/usr/local/sarg/bin/sarg -l /usr/1ocal/squid/var/logs/access.log -o /var/www/html/sarg
-z -d $YESTERDAY-$TODAY &> /dev/null
exit 0
 
chmod +x /usr/local/sarg/report.sh
 
crontab -e
0 0 * * * /usr/1ocal/sarg/report.sh

2. Example operation: implement Squid log analysis

1.1 Install image processing software package

1.2 Upload the sarg-2.3.7. tar.gz compressed package to the /opt directory, decompress and configure related modules, compile and install

　　

1.3 Modify the sarg configuration file

 

1.4 Adding is not included in the site file, and the added domain name will not be displayed in the sorting

1.5 Browser Access Verification

Use a browser to visit http://192.168.2.22/squid-reports on the squid server to view the sarg report page

Seven. Reverse proxy

1. Overview of squid reverse proxy

If the requested resource is cached in the Squid reverse proxy server, the requested resource is returned directly to the client;

Otherwise, the reverse proxy server will request resources from the background web server, then return the response to the request to the client, and also cache the response locally for use by the next requester

Working Mechanism:

• Cache web page objects to reduce repeated requests

• Polling Internet requests or assigning weights to intranet web servers
• Proxying user requests to prevent users from directly accessing web servers and improving security

2. Operation steps of squid reverse proxy

Environmental preparation

Squid proxy server: 192.168.2.22

web1 server: 192.168.2.66

web2-server: 192.168.2.99

win10 client: 192.168.2.10

2.1 Close httpd locally

systemctl stop httpd

2.2 Clear firewall rules and empty port 3128

iptables -F
iptables -t nat -F
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

2.3. Modify squid configuration file

vim /etc/ squid.conf
60行--修改，插入-------
http_port 192.168.2.22:80 accel vhost vport
cache_peer 192.168.2.66 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
cache_peer 192.168.2.99 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web2
cache_peer_domain web1 web2 www.xkq.com  #表示对www.xkq.com的请求,squid向192.168.2.66和192.168.2.99的80端口发出请求　

####The keywords are explained as follows####

http_port 80 accel vhost vport
#Squid has changed from a cache to a web server reverse proxy acceleration mode. At this time, Squid listens for requests on port 80 and binds to the request port (vhost vport) of the webserver. At this time, the request arrives at Squid. Squid does not need to forward the request, but directly either gets the data from the cache or directly requests the data from the bound port.
accel: reverse proxy acceleration mode
vhost: support domain name or host name to represent the proxy node
vport: support IP and port to represent the proxy node
parent: represent the parent node, upper-lower relationship, non-level
relationship Port
0: No icp is used, which means only one squid server
no-query: no query operation, directly obtain data
originserver: specify the source server
round-robin: specify squid to distribute the request to one of the parents by polling Node
max_conn: specify the maximum number of connections
weight: specify the weight
name: set an alias

2.4 Restart squid service

systemctl stop squid
service squid reload　　

2.5 Backend web node server settings

yum install -y httpd
systemctl start httpd
 
#节点1(web1):
echo "this is test01" >> /var/www/html/index.html
#节点2(web2):
echo "this is test02" >> /var/www/html/index.html　

2.6 Client domain name mapping configuration

Modify C:\Windows\System32\drivers\etc\hosts file
192.168.2.66 www.xkq.com

2.7 Agent configuration and access test of the client

Open the browser, Tools-->Internet Options-->Connection-->LAN Settings-->Enable proxy server (address: Squid server IP address, port: 80)

Browser visit http://www.xkq.com

3. Example operation: squid reverse proxy

3.1 The squid server closes httpd locally

3.2 Clear firewall rules and empty port 3128

2.3. Modify squid configuration file

2.4 Restart squid service

2.5 Backend web node server settings

#Node 1(web1):

#Node 2(web2):

2.6 Client domain name mapping configuration

2.7 Agent configuration and access test of the client

SquidSummary

1. The role of Squid:
cache acceleration, the cache is obtained from the back-end web server, and the acceleration is for client access

2. Three modes of Squid:

① Traditional mode

The client needs to point to the squid proxy server, and the client can perceive the existence of the squid proxy server. The
modified configuration file: squid.conf sets the 3128 port, cache and the size of the allowed download
② transparent proxy

The client does not need to be configured, as long as it can be accessed directly, the server opens the road forwarding, and completes the transparent proxy with the help of firewall rules and static routing. Modified configuration file: squid.conf
setting ip and port 3128
need to set iptables traffic Redirect, redirect the traffic of the specified network card network segment to port 3128
③ Reverse proxy

As a reverse proxy function similar to the nginx server, but it does not need a home page, based on ip: port. The weight method is used to complete the reverse proxy.
Modified configuration file: squid.conf Set the port to 80.
The server needs to enable the proxy configuration of the client
. 3. Corresponding to the management/function of Squid itself:

① ACL: The main thing to do is the permission and denial management of http_access (based on http protocol, access access)

Use the acl configuration item to define the conditions that need to be controlled;
use the http_access configuration item to control "allow" or "deny" access to the defined list.
② Sarg: log analysis function, you can specify to output the content in access_log to a web page (with the help of httpd) in a day-by-day manner.

Realized with the help of SARG log analysis tool;
writing scripts and adding scheduled tasks can realize daily automatic report generation.