- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2023-2-22 14:07:45
|
显示全部楼层
测试连通性
$ V/ Q% V' a6 l+ V. PWindows下测试:2 O0 v, {' j( h% Q: Z# e( C
/ V3 N9 j- D$ L. Y2 ~2 d使用SwitchyOmega工具,配置一条HTTP代理,默认端口是3128。
$ O0 {) L! K7 s1 C3 A4 m% x9 [# J' r1 y3 Y
image-20211202190634526
( M$ ~* A9 l( i5 b& t3 n. q1 H5 p3 Z7 S: K4 ^& s- D
切换到新建的策略,代理成功* x* @; c3 ]. e( u9 R# L
0 g# x0 I; s1 y# S7 C4 @- @/ Oimage-20211202191253822
* E3 b$ ]% N1 m1 }+ U1 B$ H8 K1 h. e0 }; u* D
Linux下测试:& q. n7 x4 a% J/ I _" a) q
! O1 h1 S1 F$ V2 r9 V; i& w) y
wget -e "http_proxy=http://***.**.**.***" https://www.baidu.com" d, N, M) I+ N: U
[root@Ubuntu ~]# wget -e "http_proxy=http://***.**.**.***" https://www.baidu.com
: _, u, T2 A4 u* Z! G% I3 M1 B--2021-12-02 19:26:05-- https://www.baidu.com/
; v/ W9 I6 C) h8 i: g9 n; O1 m正在解析主机 www.baidu.com (www.baidu.com)... 180.101.49.12, 180.101.49.11
& q& b! K# A; L1 P正在连接 www.baidu.com (www.baidu.com)|180.101.49.12|:443... 已连接。
: o" s1 n" Y& m: O$ G/ X5 y! ?; E已发出 HTTP 请求,正在等待回应... 200 OK. h1 I. u, j L8 t. k' \0 i- A
长度: 2443 (2.4K) [text/html]
7 k3 `) T/ q! a8 P3 v+ a0 ~正在保存至: “index.html”8 O6 d8 q/ o0 Y- w8 S, t; [ c; Y
& I* L* v, k8 W, o9 Gindex.html 100%[==================================================================>] 2.39K --.-KB/s 用时 0s ; V4 I2 r1 J; H. k* v; P3 v7 y0 a# l
6 J2 u8 q E1 n% [2021-12-02 19:26:05 (112 MB/s) - 已保存 “index.html” [2443/2443])
6 p% X4 h& w Z+ k
# i& ]& x! Q9 T! q! m* K$ A% g全局代理配置8 J: h6 O2 T V4 z& L; d9 U& [
* ^% I) ?; C' q% G2 G% g4 B4 G
vim /etc/profile
! W" O; U2 v! y8 \" H: m
; } o' ~# p3 I# f" U6 g#在最后加入(有认证的情况)
) R# O( x( U9 T9 q6 Y2 |. o Y$ g* A( d$ c3 T3 A
export http_proxy=”http://squid:123456@192.168.0.200:3128"
& n$ [; o5 l! z J$ {& Y; ^' i" ^# H. [# U
export https_proxy=”http://squid:123456@192.168.0.200:3128"
! y4 |3 Y/ ], ^1 S
: m u) I( n |* _2 F0 z5 Y+ z: ^如果没有开启认证
: E5 H3 g V4 G! Y1 ^; {+ {* c3 \+ D! Y/ \: R- c8 Z5 H
export http_proxy=http://192.168.0.200:3128
0 f: c6 G3 b: o# r# w8 O, \ [8 O7 }/ J9 L# E; b
export https_proxy=http://192.168.0.200:31289 C9 c* z* `! U$ c/ n: `
& w, A/ r6 N zsource /etc/profile6 X& ^' P2 o k- ~4 P: P
% l2 @7 S5 u/ A增加安全验证
9 H7 f2 x( N8 q0 K直接裸奔不太安全,首先把默认的端口改了,改成一个自己喜欢的端口(记得同步放行策略)。
. p# @1 r# f- J, n) ^/ k8 O' L+ i& q5 r+ p# b# `5 Y- K
vim /etc/squid/squid.conf1 n; A9 j, Z" ~5 t- L0 ?
http_port 3129; v% [8 ^* K: y4 }: _1 P7 Y* Y3 l* q
然后可以使用httpd-tools工具添加密码验证; ]6 |* R" w/ Q( K& ~9 S9 i
; M" [( B! Q) d1 E! R6 M% T
没有就先安装
0 t" Q7 }) e( i7 l3 z8 j! F) Oyum install httpd-tools -yLoaded plugins: fastestmirror
5 g: B7 V; G5 R& Z: j- n1 oLoading mirror speeds from cached hostfile
' k7 f; o' n( B& l- @ * base: mirrors.huaweicloud.com
2 F" e1 I! P: C( e * extras: mirrors.bupt.edu.cn) y5 Q2 D& |. T" G8 j9 X o
* updates: mirrors.huaweicloud.com, q# V! K4 S& ^
Resolving Dependencies
?" T1 X% H+ W, V$ o--> Running transaction check
9 n; j2 G! v: W% ]+ ]# u---> Package httpd-tools.x86_64 0:2.4.6-98.el7.centos.6 will be installed
+ S- D4 l2 `0 _: f--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_64
+ o2 E( y: C+ _- k3 V) u5 o ~--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_64/ m, ]- t+ p! B/ Q
--> Running transaction check$ H$ p, o2 v1 G
---> Package apr.x86_64 0:1.4.8-7.el7 will be installed ~( C6 y3 b# R' b3 K
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
- _" P/ M4 u/ ^5 d--> Finished Dependency Resolution
6 S0 H6 Z: j1 m# Y" w% U3 i3 o, M k8 N, _
Dependencies Resolved1 [1 F# f. Z+ O
2 X. {' ]% e) h) N, y4 S
==================================================================================================================================, a0 K) i& Y0 a9 _7 q
Package Arch Version Repository Size
* H9 t2 {; \' t& _ C( ]& x==================================================================================================================================: E, Z5 z' k0 O( N( H
Installing:' s5 M4 X9 \# a4 n
httpd-tools x86_64 2.4.6-98.el7.centos.6 updates 94 k) _4 a) _9 V+ \" A, h. i! q
Installing for dependencies:
, x5 o7 O: L+ h. e" _1 B+ a! ?1 { apr x86_64 1.4.8-7.el7 base 104 k
' U. q; I& H$ R8 z& V, U apr-util x86_64 1.5.2-6.el7 base 92 k
% y3 B& w7 b- @: C. x" N2 M' }# R
Transaction Summary
! K& a5 ]/ f9 @( T1 ], F================================================================================================================================== i1 a3 l7 z# S) ^
Install 1 Package (+2 Dependent packages)* P9 E) c4 d# _ _" H8 U: r
$ w$ C; R5 z; T+ W! V4 Y' B7 i) a
Total download size: 290 k% Y& G: H8 U/ t
Installed size: 584 k
( @1 m( |3 H* I& o7 p( JDownloading packages:
* D( T/ m _7 g2 a7 V; l3 l(1/3): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00:00
! N, K& W, _. M! \) F(2/3): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
- w% q& }. j' Q* Q$ {(3/3): httpd-tools-2.4.6-98.el7.centos.6.x86_64.rpm | 94 kB 00:00:00
" {( `0 D# Y% z* r----------------------------------------------------------------------------------------------------------------------------------
# E5 `- t1 i2 }5 @1 G6 tTotal 2.0 MB/s | 290 kB 00:00:00 2 e$ ]/ A- Q9 F* {9 E" x
Running transaction check
- }6 I2 K( {7 l) g3 a& bRunning transaction test
1 U$ t. Z; X/ s( M$ e7 DTransaction test succeeded5 |. |4 c9 V% a' J/ P2 K% m
Running transaction
: B; a$ v( Q i Installing : apr-1.4.8-7.el7.x86_64 1/3 8 U( P1 ?, M7 ]4 Q5 J/ `
Installing : apr-util-1.5.2-6.el7.x86_64 2/3 q5 T) Q( T4 p2 _$ v& y
Installing : httpd-tools-2.4.6-98.el7.centos.6.x86_64 3/3 / u" K# J4 r( r$ X. h! {! Z
Verifying : httpd-tools-2.4.6-98.el7.centos.6.x86_64 1/3 . E& t+ s( y& n
Verifying : apr-1.4.8-7.el7.x86_64 2/3
/ u7 q" e& d/ \' V: s Verifying : apr-util-1.5.2-6.el7.x86_64 3/3
' Q: ~9 d8 F4 F; r# N0 {8 @. e* l+ r+ Y7 H1 d% M5 e
Installed:, g# ?, r4 P9 L# z
httpd-tools.x86_64 0:2.4.6-98.el7.centos.6
& A5 G4 z* I8 i7 D9 w% a; ^8 m u, N/ k
Dependency Installed:+ v+ t* I3 z& e7 r1 J8 m \
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7
# \& j. a2 o/ N4 j* u% @- F- W9 m* H6 v$ T# F. T
Complete!
& |5 A: C) I+ o& [* A8 z- V
7 e; w+ a* I8 V& T ?
8 a: M1 @9 R; V0 o% q# D/ ~ 生成密码文件,指定文件路径,其中squid是用户名,密码不能超过8个字符3 D* s3 n9 o4 t b4 U" L1 z: n
htpasswd -cd /etc/squid/passwords squid m# S7 S3 _& r. M- a
测试生成的密码文件" k% C1 c1 L3 v! c4 ^ B
) P" }& [5 S9 P' R/ v3 B" z
/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords : Y/ W8 O+ `, ]6 I/ T, G2 Q5 g5 K
squid 123456
, l( G# B# k# z0 V, eok
" }) w, ~) P1 P5 q* B) T# _
, {. c# D; X4 E0 t$ a# o% z) i/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
( p! b3 K4 T$ h. c# r9 h: P( ~6 xsquid cuscqaws; [+ o7 D* x& H- h
OK . c' D! F6 h7 n6 ^; u
( O$ @; v- H5 Y9 i, j3 V' [ R1 r
测试完成,crtl + c 打断$ l+ m! ]" l2 v" o$ o; T! |
- f9 S" E& s1 F
7 O* e r8 C8 }* u
配置Squid文件
- f$ _6 o% V2 l) Q& t6 j1 M, ?$ L% H! }
vim /etc/squid/squid.conf7 z; H" p" P$ W/ u! T# i) W
+ Z0 K3 S/ U6 S% r#And finally deny all other access to this proxy
) L) b! D- l, dauth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords #账户密码文件9 H) F2 c+ B. s6 ^ [5 U% I! f
auth_param basic realm proxy
+ T' h3 u4 e' d+ b& ?: d- {auth_param basic children 50 #最多 50 个账户同时运行& v( l# {# Y$ K% r
auth_param basic realm CoolTube Proxy Server #密码框描述
. }. p# _! L4 J: v7 cauth_param basic credentialsttl 8 hours #认证持续时间
5 W- I; @- L: h, t6 i1 Nacl authenticated proxy_auth REQUIRED #对 authenticated 进行外部认证2 c3 u4 K; P' H. E
http_access allow authenticated #允许 authenticated 中的成员访问
! S1 n5 s$ R$ Q! V9 |http_access deny all #拒绝所有其他访问7 S: l7 Y! w1 c, u" M3 s: L5 h4 D Y
visible_hostname squid.CoolTube #代理机名字4 b; _, y- W% p; Y( }/ [ L: z
5 n; t# K: X! R; y/ I* @5 D/ N重启服务. i* w% V+ [$ k. g
systemctl restart squid.service6 D6 q: T9 D! O2 O5 N0 M/ _
) `- n6 z/ f; r8 l
# squid -z: A; @- ]0 Z# m, V" f6 d! ^% E
2023/02/22 14:19:42| Squid is already running! Process ID 37932 J3 M' ^0 l8 A
+ L7 f: \& c# e* C |) C/ q+ a# l* a. m5 u/ Q0 `, t
systemctl restart squid.service
. N* n4 N6 j8 g# a1 ]
0 f9 C) i! Y" q+ h7 K! S
6 ]5 A* M$ p- b' g systemctl status squid.service
8 d1 q6 _' p6 f/ ]) ?2 b● squid.service - Squid caching proxy
- z c5 y4 R+ ^' x, I! X1 }! Q Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
3 O# s. J: O6 L( b" j Active: active (running) since Wed 2023-02-22 14:18:18 CST; 1min 56s ago
6 \* h2 w3 u7 y$ H+ M Process: 3749 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=1/FAILURE)1 e) _+ F( w! j5 `
Process: 3789 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
% i$ C g5 o' U- q; g7 U% H Process: 3783 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
; K4 w1 F8 O+ l! @+ ~ Main PID: 3791 (squid), X7 ~+ Y/ j8 V
CGroup: /system.slice/squid.service$ b! ^' H& Z: k
├─3791 /usr/sbin/squid -f /etc/squid/squid.conf$ E8 R9 r6 r1 L
├─3793 (squid-1) -f /etc/squid/squid.conf
+ d4 g0 A( s! I$ Z └─3798 (logfile-daemon) /var/log/squid/access.log2 U9 f( K( v6 ]6 {; V
9 C3 c* H! C( U* cFeb 22 14:18:18 squid-ntp systemd[1]: Starting Squid caching proxy...
+ f8 I4 i) ]1 M& r6 v l4 pFeb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: will start 1 kids
2 A6 `. S6 l, ^& S9 v4 a/ xFeb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: (squid-1) process 3793 started5 j, h5 i4 B7 P2 G
Feb 22 14:18:18 squid-ntp systemd[1]: Started Squid caching proxy.
, Z" V5 [4 i5 x+ N/ j0 d' Z0 ~7 H1 [
7 X% {+ ] m) x# w+ O8 _
连接测试,弹出需要账号密码
9 X$ w' P# o% t2 E! ]0 h+ {. B/ f
6 _+ p, `4 m# w- U+ x) o* y5 \& P9 C/ O9 t7 w) }
image-202112022108586944 s" N+ K4 ^- |( W
# ]$ q9 R; }6 a* q在SwitchyOmega中配置账号密码0 `5 y, T# z1 V1 I6 {* Q
* {7 I# t+ y% c/ x* Z% K7 c: ^ Iimage-20211202211038469- c: c9 w4 o4 n' k; c* G
0 ~1 ]0 T0 D: Z. Y5 O$ s连接成功
. [ P& V! F1 N! m; C: \ N$ I- h
$ _/ e) U& p v% M& Ximage-20211202211115489* w; o$ H/ Z, K
$ i" E7 Q9 V! _' n: ]5 [- {
查看日志
! K2 J4 [" [. F, ?" g查看运行日志( r% s) A' y* u# J9 H' }
- l# [8 S4 U- [8 B# tail -f /var/log/squid/cache.log " S* w3 v; P1 E0 O. [- A
tail默认显示最后10行。-f参数代表实时更新
( Q9 F+ n& u! X9 b" F
; P7 E$ d8 v% v ]查看连接日志
0 w! h Y3 G/ T$ a0 f0 @
% m5 h- l( l: a1 E! E$ b: Z5 H2 k+ G# tail -f /var/log/squid/access.log " U- [1 ~0 b+ E5 @0 g
增强流量匿名性
: [. A0 W; c+ C1 i( h0 @; q5 j7 R普通的代理会把原来的client信息放在X-Forwarded-For:这个header当中,这样子,我们请求的服务器就会知道我们的请求是从哪里来的了,这样子,我们显然没有做到匿名。所以我们通过forwarded_for off把这个信息去掉达到匿名的效果。2 B5 G8 U+ E; D
5 \. u2 u1 o" R# D' e/ W ANONYMOUS PROXY
( v( {7 H: z' _3 T' D5 U* [! M3 {forwarded_for off
. b1 m r, D. U: c7 trequest_header_access Allow allow all
' T& R g9 A2 [, T8 _0 t' }4 d4 T& mrequest_header_access Authorization allow all
! y( |0 N, A! C4 |) Y* \% Trequest_header_access WWW-Authenticate allow all
7 z6 @1 V3 y2 Z! y* ^request_header_access Proxy-Authorization allow all
" ]8 ?9 L8 L N. r1 q5 Prequest_header_access Proxy-Authenticate allow all
_+ t* K& _! \8 D8 t$ yrequest_header_access Cache-Control allow all
, N+ V, H! k% ^# U% Drequest_header_access Content-Encoding allow all
# ?1 d, G. |6 c% |9 J' Yrequest_header_access Content-Length allow all
( x- M) { Z0 L6 Krequest_header_access Content-Type allow all* i s% Z% H0 N( f5 m
request_header_access Date allow all
' u) e3 z4 d( X4 S* r; mrequest_header_access Expires allow all
( N% e% ?: C* M; V0 Hrequest_header_access Host allow all* |' m/ i; o- d/ R% o4 T1 g+ e
request_header_access If-Modified-Since allow all/ ^7 Y$ D# _% R' `5 G8 g
request_header_access Last-Modified allow all
7 F5 d6 J6 x! Z- v& o- _9 erequest_header_access Location allow all
9 j3 l) ^, R" C. [; F7 orequest_header_access Pragma allow all
- i- A% _4 e0 d1 _. Frequest_header_access Accept allow all
H$ W! W U6 crequest_header_access Accept-Charset allow all
6 |2 |* B0 Q* f& Grequest_header_access Accept-Encoding allow all: o, o/ k+ p9 b' Z
request_header_access Accept-Language allow all
4 M/ C! f/ ?9 G1 D: ?request_header_access Content-Language allow all4 Z! {+ e2 j8 f: x' {% B! u$ {
request_header_access Mime-Version allow all3 R* L2 I# j7 e" f& @& g
request_header_access Retry-After allow all
0 O- ^* q* {, l7 S% u) Grequest_header_access Title allow all
9 J; S. g3 a) K' Brequest_header_access Connection allow all
# ?% K3 V9 G& z; n/ `request_header_access Proxy-Connection allow all" A% U$ N6 U6 N- C# ]* x# v
request_header_access User-Agent allow all1 R9 L9 u/ }: K% b3 T
request_header_access Cookie allow all
5 s8 y7 U& ~9 I; }' j5 O- O: q drequest_header_access All deny all
( e) @. P: o: K
0 w v" [- @2 t( h9 L& _request_header_access Via deny all
4 m# b, g8 K2 n8 ]% k, ]- j) P1 Urequest_header_access Forwarded-For deny all
3 m" h4 V! l. ~- ~# W/ V ~$ wrequest_header_access X-Forwarded-For deny all3 v& Z+ C: M, b/ I) W+ ]+ n8 J
request_header_access中的allow all是指squid保留我们client请求的header信息,如果使用deny则squid会把我们对应的header也一起隐藏掉。我们最好是保留header,因为我们用到了不同的useragent。! G0 G+ `. i, P; d' h$ p
4 Z, v( O, r/ S$ s
重启服务# v7 ?2 [ a+ a6 u% l
" E) M3 v1 [% K G& ][root@Q1nghuan ~]# squid -z
( z0 ]7 t/ }! i8 a* o3 ^[root@Q1nghuan ~]# systemctl restart squid.service3 Z% L g' o' b& G
[root@Q1nghuan ~]# systemctl status squid
' q' U. Z- L3 K6 l/ _- s0 _也可以在配置中增加一条关闭缓存服务/ i" O. b/ U8 O) c0 K
@: S: U4 D5 f* I6 a7 T; zvim /etc/squid/squid.conf2 s) F2 v a; r" Y
cache deny all9 f; h: U f& L3 e% d$ T* T
4 D7 {4 f: a4 P7 u6 b
- T% g( n; y, m1 Q- {( k5 z) j. q! M z' b+ X4 \. c
% k2 {2 V9 C* o0 Z# j
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2023-2-22 13:36:54
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜