Due to recent corporate network to optimize research through the network using squid proxy forward to increase speed.
A, squid command
Usually common operations common squid has eight (the online version is also reproduced back and forth more):
1, initialization to squid.conf configuration cache directory
/ App / squid / sbin / squid-z // initialize cache space
If so want to observe the entire process, increase the -X parameters, namely: squid -zX. If there is error, please check your cache directory permissions.
2, debugging squid.conf, i.e. syntax and validation squid.conf configuration.
/App/squid/sbin/squid-k parse
If squid.conf syntax or configuration errors, will return here prompt. If it does not, if there is no return to the successful start
3, start the squid in the foreground, and the output of the boot process.
/App/squid/sbin/squid-N-d1
If you have to ready to server reques, congratulations, started successfully. Then ctrl + c, stop squid, and after running the way it started.
4, start squid in the background.
/App/squid/sbin/squid-s
Start squid, and logging to syslog process.
5, stop squid
/App/squid/sbin/squid-k shutdown
The safest way to stop squid, plus -k interrupt and -k kill command is also used to close the squid, the difference between its parameters will be mentioned in the squid's.
6, reboot modified squid.conf
/ App / squid / sbin / squid-k reconfigure // load the new configuration file
This estimate with more time, when you find that you have a different configuration to your liking, they can modify at any time squid.conf, squid.conf troubleshooting and then do not forget you, and then execute this command, you can make squid to run again according to your squid.conf.
7, round-robin log
/App/squid/sbin/squid-k rotate
When the squid -k rotate each execution, Squid Round Robin the following documents: cache.log, access.log, store.log, useragent.log (if activated), and referer.log (if activated).
At the same time, Squid will create the latest version of swap.state file. Note, however, swap.state not extend to digital form rotation.
In addition, special reminder swap.state file. When the squid application is running for some time, cache_dir corresponding swap.state file will become bigger and bigger, more and more inside invalid interface data, which may affect the response time of the squid to some extent, at this time we you can use the rotate command to clean up the squid inside swap.state invalid data, reduce the size of swap.state.
8, add the squid to the system startup items
Edit /etc/rc.d/rc.local add the following line:
/App/squid/sbin/squid-sD
9, squid_start script
/usr/local/squid/sbin/squid-sD && squid -sD
10, homemade startup script
#!/bin/bash
case $1 in
start)
/usr/local/squid/sbin/squid -s
;;
stop)
/usr/local/squid/sbin/squid -k shutdown
;;
desk
11, scheduled tasks to run rotate log files
squid -k rotate // log in rotation
0 4 * * * * / usr / local / squid / sbin / squid -k rotate .// 4:00 logs run in rotation
Second, access control
1, ACL elements are the basis of squid access control. Here to tell you how to specify include IP, port, host name, url matching variables. Each ACL element has a name you need to reference in the preparation of access rules, the basic elements are as follows:
acl name type value1 value2 value3
acl workstation src 10.0.0./16
2, in most cases, the ACL elements include a plurality of values. You can use multiple acl multiple names, configuration is equivalent
acl http_ports port 80 8000 8080
acl httpd_ports port 80
acl httpd_ports port 8000
acl httpd_ports port 8080
3, IP address
Use objects: src, dst, myip
When the squid ip address specified in the ACL, can be written in the form of subnets, address ranges, domain names.
acl foo src 10.0.0.0/24
acl foo src 10.0.0.0/255.255.255.0
acl foo src 10.0.0.1
4, the host name
Specify the host name
acl xxx dstwww.cgmb.com.cn
5, matching domain name
Specify the domain name
acl a dstdomain foo.com
acl b dstdomain foo.com
6, regular expressions
适用对象:srcdom_regex, dstdom_regex, url_regex, urlpath_regex, browser, referer_regex, ident_regex, proxy_auth_regex, req_mime_type, rep_mime_type
^ Character matches the beginning of the line or character
^ Http: // expression matches any http:. // beginning
\ .Jpg $. Expression matches the end of the jpg, backslash to turn signifier
Example: acl foo url_regex -i ^ http: // www (-i parameters are case insensitive)
7, TCP port number
acl foo port 123
acl foo port 1024-5000
Three, ACL type
1.src
ip address commonly used in access control elements, most sites use ipl do restrict access, specify the type of src ip client source, that is, when src appear in the control list acl inside, squid do it with ip request issued Compared
Single-subnet: acl mynetwork src 192.168.0.0/24
Multi-subnet: acl mynetwork src 192.68.0.1/24 10.0.0.0/24
2.dst
The original server address
acl adserver dst 1.2.3.4/24
3.myip
myip refers to the squid itself ip address
acl admin myip 1.1.1.1
4.myport
squid accelerator configuration
acl accport myport 80
acl proxyport myport 3128
5.method request type
http request method refers to a method acl request. GET, POST
acl purge method purge
acl localhost src 127.0.0.1
http_access allow purge localhost
http_access deny purge
6.proto
agreement type
acl FTP proto FTP
7.maxconn
The maximum number of connections per user
acl overconn maxconn 4
http_access deny overconn
Author: skinny Iceman
link: https: //www.jianshu.com/p/a9364ac3de68
Source: Jane book
Jane book copyright reserved by the authors, are reproduced in any form, please contact the author to obtain authorization and indicate the source.
Reproduced in: https: //www.cnblogs.com/Jintaonet/p/11044250.html