当前位置:网站首页>Transparent proxy server architecture of squid proxy service
Transparent proxy server architecture of squid proxy service
2022-07-23 16:21:00 【Full stack programmer webmaster】
Hello everyone , I meet you again , I'm your friend, Quan Jun .
List of articles
1. Server configuration
The server | Host name | IP Address | Main software |
|---|---|---|---|
Squid The server | squid_server | Extranet ens33:192.168.10.20 | Intranet ens37:10.0.0.100 | squid |
Web The server | web_server | Intranet 10.0.0.200 | apache |
Win10 client | Extranet 192.168.10.85 | edge browser |
2. Squid Server deployment
2.1 modify Squid The configuration file
[[email protected]_server ~]# vim /etc/squid.conf
# And finally deny all other access to this proxy
http_access allow all
http_access deny all
# Squid normally listens to port 3128
##60 That's ok , modify , Add a network card that provides intranet services IP Address , And support transparent proxy options transparent
http_port 192.168.10.20:3128 transparent
cache_effective_user squid
cache_effective_group squid
cache_mem 64 MB
reply_body_max_size 10 MB
maximum_object_size 4096 KB
[[email protected]_server ~]# systemctl restart squid2.2 Turn on route forwarding , Realize the address forwarding of different network segments in the machine
[[email protected]_server ~]#echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[[email protected]_server ~]#sysctl -p
net.ipv4.ip_forward = 12.3 Modify firewall rules
[[email protected]_server ~]#iptables -F
[[email protected]_server ~]#iptables -t nat -F
[[email protected]_server ~]#iptables -t nat -I PREROUTING -i ens33 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
# For forwarding http agreement , Redirect access port to 3128
[[email protected]_server ~]#iptables -t nat -I PREROUTING -i ens33 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
# For forwarding https agreement , Redirect access port to 3128
[[email protected]_server ~]#iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
# Define firewall inbound rules , allow 3128 Connection request for 3. Client access test
client 192.168.10.85 visit web The server 10.0.0.200
- Close the manual agent
- The gateway to squid agent ens33 IP
see Squid New record of access log (192.168.10.20)
Refresh the page several times on the client , Check the access
[[email protected]_server ~]#tail -f /usr/local/squid/var/logs/access.log
1635941728.519 31737 192.168.10.85 TCP_TUNNEL/200 6844 CONNECT cp601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941729.950 28933 192.168.10.85 TCP_TUNNEL/200 6842 CONNECT cp601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941766.747 69937 192.168.10.85 TCP_TUNNEL/200 6591 CONNECT disc601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941822.746 133072 192.168.10.85 TCP_TUNNEL/200 6617 CONNECT geover.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/104.85.33.217 -
1635941886.914 1612 192.168.10.85 TCP_TUNNEL/200 4900 CONNECT v10.events.data.microsoft.com:443 - HIER_DIRECT/20.42.73.25 -
1635941897.422 476 192.168.10.85 TCP_TUNNEL/200 3968 CONNECT settings-win.data.microsoft.com:443 - HIER_DIRECT/40.119.249.228 -
1635941899.775 446 192.168.10.85 TCP_TUNNEL/200 4017 CONNECT settings-win.data.microsoft.com:443 - HIER_DIRECT/40.119.249.228 -
1635941912.755 11406 192.168.10.85 TCP_TUNNEL/200 4901 CONNECT v10.events.data.microsoft.com:443 - HIER_DIRECT/20.42.73.25 -
1635944385.775 0 192.168.10.20 TCP_MISS/403 4076 GET http://www.msftconnecttest.com/connecttest.txt - HIER_NONE/- text/html
1635944385.775 49 192.168.10.85 TCP_MISS/403 4137 GET http://www.msftconnecttest.com/connecttest.txt - ORIGINAL_DST/192.168.10.20 text/html
1635944910.531 3 192.168.10.85 TCP_MISS/403 5244 GET http://10.0.0.200/ - ORIGINAL_DST/10.0.0.200 text/html
1635944910.611 2 192.168.10.85 TCP_MISS/200 5405 GET http://10.0.0.200/noindex/css/open-sans.css - ORIGINAL_DST/10.0.0.200 text/css
1635944910.611 3 192.168.10.85 TCP_MISS/200 19666 GET http://10.0.0.200/noindex/css/bootstrap.min.css - ORIGINAL_DST/10.0.0.200 text/css
1635944910.649 1 192.168.10.85 TCP_MISS/200 4280 GET http://10.0.0.200/images/poweredby.png - ORIGINAL_DST/10.0.0.200 image/png
1635944910.649 1 192.168.10.85 TCP_MISS/200 2650 GET http://10.0.0.200/images/apache_pb.gif - ORIGINAL_DST/10.0.0.200 image/gif
1635944910.729 0 192.168.10.85 TCP_MISS/404 494 GET http://10.0.0.200/noindex/css/fonts/Bold/OpenSans-Bold.woff - ORIGINAL_DST/10.0.0.200 text/html
1635944910.730 0 192.168.10.85 TCP_MISS/404 496 GET http://10.0.0.200/noindex/css/fonts/Light/OpenSans-Light.woff - ORIGINAL_DST/10.0.0.200 text/html
1635944910.854 0 192.168.10.85 TCP_MISS/404 495 GET http://10.0.0.200/noindex/css/fonts/Light/OpenSans-Light.ttf - ORIGINAL_DST/10.0.0.200 text/html
1635944910.854 1 192.168.10.85 TCP_MISS/404 493 GET http://10.0.0.200/noindex/css/fonts/Bold/OpenSans-Bold.ttf - ORIGINAL_DST/10.0.0.200 text/html
1635944910.879 1 192.168.10.85 TCP_MISS/404 464 GET http://10.0.0.200/favicon.ico - ORIGINAL_DST/10.0.0.200 text/html You can see that the previous visits are slow , Fast in the back , Because the following access directly returns squid Cached data in the server , The response speed of the client has been greatly improved .
see Web New record of access log (10.0.0.200)
[[email protected]_server ~]#tail -f /var/log/httpd/access_log
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1" 404 241 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1" 404 239 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1" 404 238 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1" 404 241 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1" 404 239 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1" 404 238 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40" Access records from squid The external network card of the proxy server , The external network port of the proxy server replaces the client in accessing , bring web The server cannot know the truth of the customer IP.
Publisher : Full stack programmer stack length , Reprint please indicate the source :https://javaforall.cn/126268.html Link to the original text :https://javaforall.cn
边栏推荐
- 剑指 Offer II 115. 重建序列 : 拓扑排序构造题
- SharedPreferences data storage
- Details of task switching
- 2022蓝帽杯初赛wp
- 数字化转型时代的企业数据新基建 | 爱分析报告
- Bean Validation起源篇----01
- Redis key has no expiration time set. Why was it actively deleted
- [cloud native] continuous integration and deployment (Jenkins)
- Governance and network security of modern commercial codeless development platform
- 【云原生】持续集成和部署(Jenkins)
猜你喜欢
First hello of SOC_ World experiment
(Zset) how is the underlying layer of redis stored with a hop table
MySQL - master-slave replication
2022 the most NB JVM foundation to tuning notes, thoroughly understand Alibaba P6 small case
SharedPreferences data storage
Cloud native (11) | kubernetes chapter kubernetes principle and installation
![[suctf 2018]multisql (MySQL precompiled)](/img/ae/501b7f9c6d8259c3c799e4ff0b568b.png)
[suctf 2018]multisql (MySQL precompiled)
Bean Validation核心組件篇----04
CA数字证书
Day14 function module
随机推荐
Google Earth Engine——影像统计过程中出现的空值问题
中年危机,35岁被退休,打工人拿什么来抗衡资本家?
Who is responsible for the problems of virtual anchor and idol endorsement products? Lawyer analysis
Cover - computer knowledge guide
es6把多个class方法合并在一起
Bubble sort - just read one
云原生(十一) | Kubernetes篇之Kubernetes原理与安装
nport串口服务器原理,MOXA串口服务器NPORT-5130详细配置
数字化转型时代的企业数据新基建 | 爱分析报告
Packaging and use of alamofire framework
牛客-TOP101-BM35
AC自动机和Fail树
MySQL soul 16 ask, how many questions can you hold on to?
Flutter | 指定页面回传值的类型
ICML 2022 | 稀疏双下降:网络剪枝也能加剧模型过拟合?
反转链表画图演示
Reproduce various counter attack methods
1060 Are They Equal
Mysql—六大日志
不想dto套dto可以这样写