Practice makes perfect --squid of ACL access control and log analysis using the verification sarg
Foreword
In this paper, a little less nonsense, the two previous blog was based on squid proxy to achieve positive and negative examples demonstrate, to deepen the understanding of the working principle and the proxy process. This paper describes about the realization of ACL access control and the use of actual cases sarg software squid log analysis software based on squid.
Added: Based manually compile and install squid software, refer to forward proxy test article.
A, ACL access control verification experiment
Server address planning
client ip:192.168.100.100(Win7/win10)
squid proxy server IP address: 20.0.0.128 192.168.100.1
Configuration
Modifying the master configuration file on the server squid
[root@squid ~]# vim /etc/squid.conf #修改配置文件
# should be allowed #找到acl位置插入下面的语句
acl hostlocal src 192.168.100.100/32 #控制hostlocal10.10的主机
# Deny requests to certain unsafe ports #在该处下方插入语句
http_access deny hostlocal #表示匹配上方的设置,拒绝来自192.168.100.100的主机访问
[root@squid ~]# service squid reload #重启squid服务
First in Win7 (192.168.100.100) Verification: The result is access denied
In the win10 (192.168.100.50) access: the result is a test page, in order to distinguish from writing an index.html file as follows on the squid server:
[root@squid html]# echo "you can access my web(because your ip is not 192.168.100.100)" > index.html
The results shown below to access the server:
Two, sarg simple log analysis application
sarg brief introduction
Sarg (Squid Analysis Report Generator), it is a Squid log analysis tool, HTML format, detailing every user to access Internet site information, the time occupancy information, rank, number of connections, traffic and so on.
Use Cases
#软件包资源,解压
[root@squid ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg sarg-2.3.7.tar.gz squid-3.4.6.tar.gz 公共 模板 视频 图片 文档 下载 音乐 桌面
[root@squid ~]# tar -xzf sarg-2.3.7.tar.gz -C /opt/
[root@squid ~]# cd /opt/
[root@squid opt]# ls
rh sarg-2.3.7 squid-3.4.6
#安装gd库
[root@squid opt]# yum install -y gd gd-devel
作为依赖被安装:
expat-devel.x86_64 0:2.1.0-10.el7_3 fontconfig-devel.x86_64 0:2.13.0-4.3.el7 freetype-devel.x86_64 0:2.8-14.el7
libX11-devel.x86_64 0:1.6.7-2.el7 libXau-devel.x86_64 0:1.0.8-2.1.el7 libXpm-devel.x86_64 0:3.5.12-1.el7
libjpeg-turbo-devel.x86_64 0:1.2.90-8.el7 libpng-devel.x86_64 2:1.5.13-7.el7_2 libsmartcols.x86_64 0:2.23.2-61.el7_7.1
libuuid-devel.x86_64 0:2.23.2-61.el7_7.1 libxcb-devel.x86_64 0:1.13-1.el7 xorg-x11-proto-devel.noarch 0:2018.4-1.el7
zlib-devel.x86_64 0:1.2.7-18.el7
作为依赖被升级:
fontconfig.x86_64 0:2.13.0-4.3.el7 freetype.x86_64 0:2.8-14.el7 libX11.x86_64 0:1.6.7-2.el7
libX11-common.noarch 0:1.6.7-2.el7 libblkid.x86_64 0:2.23.2-61.el7_7.1 libjpeg-turbo.x86_64 0:1.2.90-8.el7
libmount.x86_64 0:2.23.2-61.el7_7.1 libuuid.x86_64 0:2.23.2-61.el7_7.1 libxcb.x86_64 0:1.13-1.el7
util-linux.x86_64 0:2.23.2-61.el7_7.1 zlib.x86_64 0:1.2.7-18.el7
完毕!
Installation and configuration parameters
[root@squid sarg-2.3.7]# ./configure --prefix=/usr/local/sarg \ ##安装路径
> --sysconfdir=/etc/sarg \ ##配置文件
> --enable-extraprotection ##开启安全防护
[root@squid sarg-2.3.7]# make && make install ##编译安装
Sarg modify configuration files
[root@squid sarg-2.3.7]# vim /etc/sarg/sarg.conf
#配置文件中所有的都被注释了,我们需要取消注释一下内容
access_log /usr/local/squid/var/logs/access.log #指定访问日志文件
title "Squid User Access Reports" #网页标题
output_dir /var/www/html/squid-reports #报告输出目录
user_ip no #使用用户名显示
exclude_hosts /usr/local/sarg/noreport #不计入排序的站点列表文件
topuser_sort_field connect reverse
#top排序中有连接次数,访问字节,降序排列,升序是normal
overwrite_report no #同名日志是否覆盖
mail_utility mailq.postfix #发送邮件报告命令
charset UTF-8 #使用字符集
weekdays 0-6 #top排行的时间周期
hours 0-23 #top排行的时间周期
www_document_root /var/www/html #网页根目录
[root@squid sarg-2.3.7]# touch /usr/local/sarg/noreport #添加不计入站点文件,添加的域名将不被显示
[root@squid sarg-2.3.7]# ln -s /usr/local/sarg/bin/sarg /usr/local/bin/ #创建sarg命令的软连接
[root@squid sarg-2.3.7]# sarg #生成报告
SARG: 纪录在文件: 123, reading: 100.00%
SARG: 成功的生成报告在 /var/www/html/squid-reports/2020Feb08-2020Feb08 #提示报告生成在这个目录,我们进入这个目录查看一下
[root@squid sarg-2.3.7]# cd /var/www/html/squid-reports
[root@squid squid-reports]# ls
2020Feb08-2020Feb08 images index.html
Then install and open httpd service
Client client to view the log reports sarg
Because the gd library is installed we can access sarg log on the client, we can generate a periodic scheduled tasks using crontab log reports generated on the server.