内网环境使用squid访问特定域名
<p>1 安装</p><p>yum install squid -y</p>
<p>2 Squid主要组成部分</p>
<p>服务名:<code>squid</code><br>主程序:<code>/usr/sbin/squid</code><br>配置目录:<code>/etc/squid</code><br>主配置文件:<code>/etc/squid/squid.conf</code><br>监听tcp端口号:<code>3128</code><br>默认访问日志文件:<code>/var/log/squid/access.log</code></p>
<p>3 配置内网访问外网特定域名</p>
<p># cat /etc/squid/squid.conf</p>
<p>acl localnet src 172.172.3.2 # RFC1918 possible internal network #定义ip或ip段 为localnet<br>acl localnet src 172.18.240.99# RFC1918 possible internal network #定义ip或ip段 为localnet<br>acl SSL_ports port 443<br>acl Safe_ports port 80 # http 添加80端口到Safe_prots 以下同义<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 70 # gopher <br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 1025-65535# unregistered ports<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl Safe_ports port 8686 # 美康端口<br>acl CONNECT method CONNECT</p>
<p>acl allowWeb dstdomain .dingtalk.com# 添加域名到 allowweb <br>#acl allowweb dstdomain mirrors.aliyun.com<br>acl allowweb dstdomain .baidu.com<br>http_access deny !allowWeb # deny allowweb范围以外的域名</p>
<p>http_access deny !Safe_ports #deny safe_ports以外的端口</p>
<p>http_access deny CONNECT !SSL_ports #deny ssl_ports以外的端口<br>http_access allow localnet #允许localnet 网络内的ip<br>http_access allow localhost</p>
<p>http_access deny all</p>
<p># Squid normally listens to port 3128<br>http_port 33128 #端口</p>
<p># Leave coredumps in the first cache dir<br>coredump_dir /var/spool/squid</p>
<p>#<br># Add any of your own refresh_pattern entries above these.<br>#<br>refresh_pattern ^ftp: 144020% 10080<br>refresh_pattern ^gopher:14400%1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0%0<br>refresh_pattern . 0 20% 4320</p><br><br>
来源:https://www.cnblogs.com/linuxbai/p/13026101.html
頁:
[1]