Squid
服务器需要停止的服务: NetworkManager dnsmasq 域名不能解析,resolv.conf被修改 cat /etc/resolv.conf # Generated by NetworkManager chkconfig dnsmasq off chkconfig –list dnsmasq Dec 1 13:39:04 dhcpd: No subnet declaration for eth0 (no IPv4 addresses). Dec 1 13:39:04 dhcpd: ** Ignoring requests on eth0. If this is not what Dec 1 13:39:04 dhcpd: you want, please write a subnet declaration Dec 1 [...]
关键:squid自定义日志格式中combined %>a和之间只可有一个空格分隔,如果多于一个,squid日志中每行行首会有前置空格,分析时会报错: Found 6 corrupted records。 以下测试在centos linux中通过。 squid配置: #logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh %{host}>h access_log /var/squid/logs/access.log combined logfile_rotate 10 日志类似:10.168.6.166 – – [11/Jul/2011:10:16:42 +0800] "POST http://veryi.com/getconf.php HTTP/1.1" 200 960 "-" "Mozilla/4.0 [...]
实现linux服务器配置squid透明代理访问非80端口,允许部分地址不通过代理服务器直接访问。 iptables相关配置: *mangle -A PREROUTING -d 10.11.48.0/255.255.255.192 -j MARK –set-mark 0×2 -A PREROUTING -d 10.11.48.0/255.255.255.192 -j RETURN #以上地址不通过代理 -A PREROUTING -p tcp -m tcp –dport 80 -j MARK –set-mark 0×4 -A PREROUTING -p tcp -m tcp –dport 80 -j RETURN -A PREROUTING -j MARK –set-mark 0×7 -A PREROUTING -j RETURN COMMIT *filter :INPUT DROP [...]
开心网的游戏叫人杀盗淫妄,而不是教人仁义礼智信。公司下令封锁,现把方法写出来。如果是用iptables,只需要在Chain FORWARD最前面加一下几条就可以。 $IPTABLES -A FORWARD -d www2.kaixin001.z.cdn20.com -m state –state NEW -j DROP $IPTABLES -A FORWARD -d kaixin001.com -m state –state NEW -j DROP $IPTABLES -A FORWARD -d www.kaixin001.com -m state –state NEW -j DROP $IPTABLES -A FORWARD -d www.kaixin.com -m state –state NEW -j DROP $IPTABLES -A FORWARD -d kaixin.com -m state –state NEW [...]
/usr/local/squid/bin/squidclient -p 3128 -h localhost mgr:io HTTP/1.0 200 OK Server: squid/3.0.STABLE15 HTTP I/O number of reads: 18985956 Read Histogram: 1- 1: 766 0% 2- 2: 38574 0% 3- 4: 9769 0% 5- 8: 30168 0% 9- 16: 10200 0% 17- 32: 31835 0% 33- 64: 32801 0% [...]
linux服务器:centos squid3 squid日志: "NONE error:unsupported-request-method HTTP/0.0" 400 1817 NONE:NONE, 原来qq使用了80端口但使用的非http标准协议。 公司允许使用qq、msn, 只好打开udp 8000端口: -A FORWARD -m state –state NEW -m udp -p udp -s 192.168.6.0/23 -d 58.251.0.0/16 –dport 8000 -j ACCEPT squid透明代理https以后,msn(live messager)不能登录,报错: MSN登录报错80048820 只好取消REDIRECT,打开443端口: -A FORWARD -m state –state NEW -m tcp -p tcp -s 192.168.6.0/23 –dport 443 –tcp-flags SYN,RST,ACK SYN -j ACCEPT [...]
近期评论