squid的安装方法

squid的安装⽅法
⼀．安装说明
1．版本信息：Squid Cache: Version 2.6.STABLE13
2．配置信息：
configure options: '--prefix=/usr/local/squid' '--enable-gnuregex'
'--enable-async-io=80' '--enable-icmp' '--enable-kill-parent-hack'
'--enable-snmp' '--disable-ident-lookups' '--enable-cahce-digests'
'--enable-err-language=Simplify_Chinese'
'--enable-default-err-languages=Simplify_Chinese'
'--enable-poll' '--enable-linux-netfilter' '--enable-underscore'
'--enable-arp-acl'
3．对cache⽬录进⾏初始化
#/usr/local/squid/sbin/squid –z
4．⽤户认证
⽤户/密码认证为Squid管理提供了更多便利，最常⽤的认证⽅式是NCSA。

NCSA认证包含在了basic中，⽽⾮以前单独的认证模块。

实现认证的具体操作：
“make install”以后，需要将“helpers/basic_auth/NCSA/ncsa_auth”拷贝到⽤户可执⾏⽬录中/usr/bin
（如果在该⽬录中找不到这个执⾏⽂件，在编译时请使⽤make all⽽不是make，或者直接在该⽬录中执⾏make），然后需要借助Apache的密码管理程序htpasswd来⽣成⽤户名/密码对应的⽂件，就像下⾯这⾏代码：
htpasswd -c /var/squid/etc/password guest
在输⼊两遍guest⽤户的密码后，⼀个guest⽤户就⽣成了。

如果以后需要添加⽤户，把上⾯的命令去掉-c参数再运⾏即可。

⼆．管理、使⽤说明
（⼀）服务管理
1．SQUID根⽬录
/usr/local/squid/
2．启动SQUID服务
#/usr/loca/squid/bin/RunCache &
3．停⽌SQUID服务
#/usr/local/squid/sbin/squid -k shutdown
（需要运⾏两次）
4．configure file
/usr/local/squid/etc/squid.conf
重新加载配置⽂件：
#/usr/local/squid/sbin/squid –k reconfigure
(需要运⾏两次)
（⼆）⽤户管理
1．账户⽂件
/usr/local/squid/etc/password
2．初始添加⽤户
#htpasswd -c /usr/local/squid/etc/password username
3．添加⽤户
#htpasswd /usr/local/squid/etc/password username
（三）权限管理
1．MAC地址列表
acl DONGLE arp 00:07:E9:56:08:F5
acl WANGMENGYI arp 00:07:E9:74:BF:DB
acl WANGJING arp 00:07:E9:84:93:FF
acl LIDUAN arp 00:16:96:0C:D4:6F
acl YUWENHUA arp 00:07:E9:74:B7:83
acl LURUIJUAN arp 00:16:96:0C:E2:43
acl JINJUFANG arp 00:07:E9:84:8F:9C
acl YANGRUI arp 00:07:E9:55:FD:E6
acl LIXINYING arp 00:07:E9:84:B1:3E
acl ZHOUWEI arp 00:0D:61:9C:84:B6
acl PUBLIC_ INTERNET arp 00:0D:61:97:04:F9
acl bp_auth proxy_auth REQUIRED
acl white_list dstdomain "/usr/local/squid/etc/white_list"
2．⽤户访问控制列表
<1>修改squid.conf中的认证⽅式，配置需要使⽤到的相关功能。

#指定password⽂件位置
auth_param basic program /usr/bin/ncsa_auth /usr/local/squid/etc/password
#指定认证程序的进程数
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
<2>以MAC地址限制相应主机需经过认证后可以访问’white_list’中的站点。

http_access allow DONGLE bp_auth white_list
http_access allow WANGMENGYI bp_auth white_list
http_access allow WANGJING bp_auth white_list
http_access allow LIDUAN bp_auth white_list
http_access allow YUWENHUA bp_auth white_list
http_access allow LURUIJUAN bp_auth white_list
http_access allow JINJUFANG bp_auth white_list
http_access allow YANGRUI bp_auth white_list
http_access allow LIXINYING bp_auth white_list
http_access allow ZHOUWEI bp_auth white_list
http_access allow PUBLIC_INTERNET bp_auth white_list
3．white-list如下
/usr/local/squid/etc/white_list
www.pronets.co.jp
.pronets.co.jp
（四）⽇志管理
1．log⽬录
usr/local/squid/var/logs/
2．crontab每⽇更新log⽂件
00 1 * * * /usr/local/squid/var/squid_log_rotate.sh
3．squid_log_rotate.sh脚本
/usr/local/squid/etc/squid_log_rotate.sh
#!/bin/sh
cd /usr/local/squid/var/logs/
set -e
yesterday_secs=`perl -e 'print time -43200'`
yesterday_date=`date -r access.log +%Y%m%d`
# rename the current log file without interrupting the logging process
mv access.log access.log.$yesterday_date.txt
# tell Squid to close the current logs and open new ones
/usr/local/squid/sbin/squid -k rotate
4．修改log格式
#logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#liqidong
logformat squid %tl %>a %un %rm %ru
1. >a 客户端的IP地址
2. >A 客户端的正式域名
3. >p 客户端的端⼝号
4. <A Server IP address or peer name
5. la 本地IP 地址（http_port）
6. lp 本地端⼝号（http_port）
7. ts Seconds since epoch从新纪元到现在的秒数
8. tu subsecond time (milliseconds)
9. tl 本地时间，缺省是：⽇/⽉/年：⼩时：分：秒时区
10. tg 格林尼治标准时间，缺省是：⽇/⽉/年：⼩时：分：秒时区
11. tr Response time (milliseconds)响应时间（毫秒）
12. >h Request header. Optional header name argument on the format header[:[separator]element]
13. <h Reply header. Optional header name argument as for >h
14. un User name⽤户名
15. ul User login
16. ui User ident
17. us User SSL⽤户使⽤的SSL
18. ue User external acl⽤户外部的acl
19. Hs HTTP status code
20. Ss Squid request status (TCP_MISS etc)
21. Sh Squid hierarchy status (DEFAULT_PARENT etc)
22. mt MIME content type
23. rm Request method (GET/POST etc) 请求的⽅法
24. ru Request URL请求的URL
25. rv Request protocol version请求的协议版本
26. ea Log string returned by external acl 外部acl返回的log字符串
27. <st Reply size including HTTP headers
28. >st Request size including HTTP headers
29. st Request+Reply size including HTTP headers
30. % a literal % character
# >a Client source IP address
# >A Client FQDN
# >p Client source port
# <A Server IP address or peer name
# la Local IP address (http_port)
# lp Local port number (http_port)
# ts Seconds since epoch
# tu subsecond time (milliseconds)
# tl Local time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tg GMT time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tr Response time (milliseconds)
# >h Request header. Optional header name argument
# on the format header[:[separator]element]
# <h Reply header. Optional header name argument # as for >h
# un User name
# ul User login
# ui User ident
# us User SSL
# ue User external acl
# Hs HTTP status code
# Ss Squid request status (TCP_MISS etc)
# Sh Squid hierarchy status (DEFAULT_PARENT etc) # mt MIME content type
# rm Request method (GET/POST etc)
# ru Request URL
# rv Request protocol version
# ea Log string returned by external acl
# <st Reply size including HTTP headers
# >st Request size including HTTP headers
# st Request+Reply size including HTTP headers
# % a literal % character。