[[:start|úvod]] --- [[:Linux]] ---- ====== SQUID ====== * http://www.squid-cache.org/ * další pěkný [[http://linux.cudeso.be/linuxdoc/squid.php|návod]] ke Squidu ===== Konfigurace ===== * **cache_peer **\\ nadřazená proxy * **http_port 3128**\\ nastavení portu proxy * **CACHE_DIR /usr/local/squid/cache 100 16 256**\\ 100MB místa na disku pro Cache * **cache_access_log **\\ kam se maji nahravat logy * **cache_log **\\ logovani akci proxy * **cache_store_log **\\ swap.log * **ACL, HTTP_ACCESS, ICP_ACCESS**\\ Access Control List - zde se určují seznamy, více v konfiguráku. Základní věcí je ale povolit přístup na SQUID pro PC acl povolWEB src "/usr/local/squid/etc/txt/povolWEB" acl IPadmin src "/usr/local/squid/etc/txt/IPadmin" acl zakazaneURL url_regex "/usr/local/squid/etc/txt/zakazaneURL" http_access allow povolWEB !zakazane_url http_access allow IPadmin * **cache_mgr ** * **reply_body_max_size xx MB (KB)**\\ nastavje limit, jak velký může být soubor ke stažení ... * **cache_effective_user**\\ Když se musí squid startovat jako root, najdi bezpečého uživatele a skupinu, pod jakými má squid běžet - typicky je to nobody a nogroup. Musí se ale pak nastavit práva do /cache aby tam mohl squid zapisovat * **visible_hostname**\\ název cache * **error_directory /usr/local/stow/squid-2.5.7/share/errors/Czech** ===== Transparentní cache ===== httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on httpd_accel_single_host off * přesměrovat požadavky na port 80 na port 3128:\\ ''iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 '' ===== Start ===== * nejdříve se musí vytvořit swapfile ''/usr/local/squid/bin/squid -z'' * pak už jen spustit ''/usr/local/squid/bin/squid'' ===== automatické nastavení proxy ===== * http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#netscape-pac function FindProxyForURL(url, host) { //If they have only specified a hostname, go directly. if (isPlainHostName(host)) return "DIRECT"; //These connect directly if the machine they are trying to //connect to starts with "intranet" - ie http://intranet //Connect directly if it is intranet.* //If you have another machine that you want them to //access directly, replace "internal*" with that //machine's name if (shExpMatch( host, "intranet*")|| shExpMatch(host, "internal*")) return "DIRECT"; //Connect directly to our domains (NB for Important News) if (dnsDomainIs( host,"company.com")|| //If you have another domain that you wish to connect to //directly, put it in here dnsDomainIs(host,"sistercompany.com")) return "DIRECT"; //So the error message "no such host" will appear through the //normal Netscape box - less support queries :) if (!isResolvable(host)) return "DIRECT"; //We only cache http, ftp and gopher if (url.substring(0, 5) == "http:" || url.substring(0, 4) == "ftp:"|| url.substring(0, 7) == "gopher:") //Change the ":8080" to the port that your cache //runs on, and "cache.company.com" to the machine that //you run the cache on return "PROXY cache.company.com:8080; DIRECT"; //We don't cache WAIS if (url.substring(0, 5) == "wais:") return "DIRECT"; else return "DIRECT"; } ===== Filtrování ===== * **Squirm** - http://squirm.foote.com.au/ * **BannerFilter** - http://phroggy.com/bannerfilter/