带用户验证的SQUID源码编译安装代理服务器教程
|
| 论文作者:佚名 论文来源:不详 论文发布时间:2006-6-19 18:15:01 论文发布人:chjchjchj |
 减小字体
 增大字体
摘要:带用户验证的SQUID源码编译安装
[b:08a74b3ab3]首先升级openssl(为了系统更安全)[/b:08a74b3ab3]
详见 http://blog.platinum.net.cn/index.php?op=ViewArticle&articleId=16&blogId=1
[b:08a74b3ab3]编译squid[/b:08a74b3ab3]
./configure --prefix=/usr/local/squid --mandir=/usr/share/man --enable-carp --with-dl --enable-storeio=aufs,ufs,diskd,coss,null --with-pthreads --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --enable-kill-parent-hack --enable-snmp --enable-arp-acl --enable-htcp --enable-ssl --with-openssl=/usr/local/openssl-0.9.7e --enable-external-acl-helpers=ip_user --enable-err-language="Simplify_Chinese" --enable-err-language="Simplify_Chinese" --enable-linux-netfilter --enable-auth="basic" --enable-baisc-auth-helpers="NCSA" --enable-underscores --enable-x-accelerator-vary --disable-internal-dns
[b:08a74b3ab3]修改src/fs/aufs/store_asyncufs.h,使其可以用异步IO写文件,以提高存储速度
将#define ASYNC_WRITE改为1[/b:08a74b3ab3]
make
make install
[b:08a74b3ab3]进入helpers/basic_auth/NCSA,编译出nasa_auth[/b:08a74b3ab3]
make
make install
[b:08a74b3ab3]利用apache里面的htpasswd生成密码文件[/b:08a74b3ab3]
/path/htpasswd -c /etc/squid.pass test
123
123
[b:08a74b3ab3]配置squid.conf[/b:08a74b3ab3]
[code:1:08a74b3ab3]
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
emulate_httpd_log on
auth_param basic program /usr/local/squid/libexec/ncsa_auth /etc/squid.pass
auth_param basic children 5
auth_param basic realm Platinum proxy-caching server
auth_param basic credentialsttl 1 minutes
auth_param basic casesensitive off
refresh_pattern ^ftp: & & & & & 1440 & &20% & & 10080
refresh_pattern ^gopher: & & & &1440 & &0% & & &1440
refresh_pattern . & & & & & & & 0 & & & 20% & & 4320
cachemgr_passwd platinum all
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl AUTHUSER proxy_auth REQUIRED
http_access allow AUTHUSER
http_access allow localhost
http_access allow to_localhost
http_access deny &all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
visible_hostname platinum
httpd_accel_host platinum
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /usr/local/squid/share/errors/Simplify_Chinese
coredump_dir /usr/local/squid/var/cache
cache_dir aufs /usr/local/squid/var/cache 100 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
cache_mem 32 MB
[/code:1:08a74b3ab3]
[b:08a74b3ab3]创建交换文件[/b:08a74b3ab3]
useradd squid -s /sbin/nologin
mkdir -p /usr/local/squid/var/cache
chown -R squid.squid /usr/local/squid/var
/usr/local/squid/sbin/squid -z
[b:08a74b3ab3]运行squid[/b:08a74b3ab3]
/usr/local/squid/sbin/squid
若使开机自动运行,在/etc/rc.local里添加即可
[color=red:08a74b3ab3]注意:
用户认证模式不能与透明模式一起使用,否则会出错,用户验证无法通过[/color:08a74b3ab3]
ljily000 回复于:2005-03-13 12:54:28对每个用户能否绑定一个ip,该用户只能在指定ip的机器上通过squid代理出去。
platinum 回复于:2005-03-13 14:00:35可以用acl控制
也可以结合iptables来实现
wingger 回复于:2005-03-13 18:14:42External ACLs
squid2.5版本,有一个ACL扩展功能ip_user,应该可以满足你的要求
如:可能安装的时候要编译进去
[code:1:2707935133]./configure —enable-external-acl-helpers=ip_user[/code:1:2707935133]
配置时要在squid.conf加入如下一行:
[code:1:2707935133]external_acl_type ip_user_helper %SRC %LOGIN
usr/local/squid/libexec/ip_user -f /usr/local/squid/etc/ip_user.conf
acl AclName external ip_user_helper[/code:1:2707935133]
%SRC 指客户IP地址,%LOGIN指用户名. 在ip_user.conf 中的配置 格式如下:
ip_addr[/mask] user|@group|ALL|NONE
例如:
[code:1:2707935133]127.0.0.1 ALL
192.168.1.0/24 bob
10.8.1.0/24 @lusers
172.16.0.0/16 NONE[/code:1:2707935133]
上面的语句意思如下(我就不翻译了):
This configuration file causes ip_user to return OK for any request coming from 127.0.0.1, for Bob's requests coming from the 192.168.1.0/24 network, for any name in the luser group when the request comes from the 10.8.1.0/24 network, and returns ERR for any request from the 172.16.0.0/16 network. It also returns ERR for any address and username pair that doesn't appear in the list.
段誉 回复于:2005-03-13 18:26:41受教,学习ing
ljily000 回复于:2005-03-22 14:15:42[quote:c478550dd1="wingger"]
上面的语句意思如下(我就不翻译了):
This configuration file causes ip_user to return OK for any request coming from 127.0.0.1, for Bob's requests coming from the 192.168.1.0/24 network, for any na..........[/quote:c478550dd1]
:P :P
[code:1:c478550dd1][code]external_acl_type ip_user_helper %SRC %LOGIN
usr/local/squid/libexec/ip_user -f /usr/local/squid/etc/ip_user.conf
acl AclName external ip_user_helper [/code][/code:1:c478550dd1]
好像差点东西 :P ,
[code:1:c478550dd1]external_acl_type ip_user_helper %SRC %LOGIN
/usr/local/squid/libexec/ip_user_check -f /usr/local/squid/etc/ip_user.conf
acl AclName external ip_user_helper [/code:1:c478550dd1]
找了好半天! :em06:
|
|
|
|
|
|
|
| ∷相关技术评论 |
(评论内容只代表网友观点,与本站立场无关!) [查看发表评论...] | |
|
|
| |
 站内广告 |
 | |
|
| 站内搜索 |
| |
| 栏目导航 |
| |
|
|
| 本月热门 |
| |
|
|
| 本日热门 |
| |
|
|
|
设为首页
加入收藏
联系我们
相关技术