SQUID

http://www.squid-cache.org/
další pěkný návod ke Squidu

Konfigurace

cache_peer <hostanme>
nadřazená proxy
http_port 3128
nastavení portu proxy
CACHE_DIR /usr/local/squid/cache 100 16 256
100MB místa na disku pro Cache
cache_access_log <cesta>
kam se maji nahravat logy
cache_log <cesta>
logovani akci proxy
cache_store_log <cesta>
swap.log
ACL, HTTP_ACCESS, ICP_ACCESS
Access Control List - zde se určují seznamy, více v konfiguráku. Základní věcí je ale povolit přístup na SQUID pro PC

acl povolWEB src "/usr/local/squid/etc/txt/povolWEB"
acl IPadmin src "/usr/local/squid/etc/txt/IPadmin"
acl zakazaneURL url_regex "/usr/local/squid/etc/txt/zakazaneURL"
http_access allow povolWEB !zakazane_url
http_access allow IPadmin

cache_mgr <email managera>
reply_body_max_size xx MB (KB)
nastavje limit, jak velký může být soubor ke stažení …
cache_effective_user
Když se musí squid startovat jako root, najdi bezpečého uživatele a skupinu, pod jakými má squid běžet - typicky je to nobody a nogroup. Musí se ale pak nastavit práva do /cache aby tam mohl squid zapisovat
visible_hostname
název cache
error_directory /usr/local/stow/squid-2.5.7/share/errors/Czech

Transparentní cache

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off

přesměrovat požadavky na port 80 na port 3128:
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

Start

nejdříve se musí vytvořit swapfile /usr/local/squid/bin/squid -z
pak už jen spustit /usr/local/squid/bin/squid

automatické nastavení proxy

http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#netscape-pac

    function FindProxyForURL(url, host)
        {
            //If they have only specified a hostname, go directly.
            if (isPlainHostName(host))
                    return "DIRECT";

            //These connect directly if the machine they are trying to
            //connect to starts with "intranet" - ie http://intranet
            //Connect  directly if it is intranet.*
            //If you have another machine that you want them to
            //access directly, replace "internal*" with that
            //machine's name
            if (shExpMatch( host, "intranet*")||
                            shExpMatch(host, "internal*"))
                return "DIRECT";

            //Connect directly to our domains (NB for Important News)
            if (dnsDomainIs( host,"company.com")||
            //If you have another domain that you wish to connect to
            //directly, put it in here
                            dnsDomainIs(host,"sistercompany.com"))
                return "DIRECT";

            //So the error message "no such host" will appear through the
            //normal Netscape box - less support queries :)
            if (!isResolvable(host))
                    return "DIRECT";

            //We only cache http, ftp and gopher
            if (url.substring(0, 5) == "http:" ||
                            url.substring(0, 4) == "ftp:"||
                            url.substring(0, 7) == "gopher:")

            //Change the ":8080" to the port that your cache
            //runs on, and "cache.company.com" to the machine that
            //you run the cache on
                    return "PROXY cache.company.com:8080; DIRECT";

            //We don't cache WAIS
            if (url.substring(0, 5) == "wais:")
                    return "DIRECT";

            else
                    return "DIRECT";
        }

Filtrování

Squirm - http://squirm.foote.com.au/
BannerFilter - http://phroggy.com/bannerfilter/