Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_http_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
сервис_http_proxy [2009/06/22 13:12]
val 		сервис_http_proxy [2010/08/27 09:31]
val
Line 5: Line 5:
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
-[gX:~] # pkg_add -r squid +[gate:~] # pkg_add -r squid 
-[gX:~] # rehash+[gate:~] # rehash
  
-[gX:~] # cd /​usr/​local/​etc/​squid/​+[gate:~] # cd /​usr/​local/​etc/​squid/​
 </​code>​ </​code>​
  
 ==== Ubuntu ==== ==== Ubuntu ====
 <​code>​ <​code>​
-root@gX:~# apt-get install squid+root@gate:~# apt-get install squid
  
-root@gX:~# /​etc/​init.d/​squid stop+root@gate:~# /​etc/​init.d/​squid stop
  
-root@gX:~# cd /etc/squid/+root@gate:~# cd /etc/squid/
 </​code>​ </​code>​
  
 ==== FreeBSD/​Ubuntu ==== ==== FreeBSD/​Ubuntu ====
 <​code>​ <​code>​
-gX# cat squid.conf+gate# cat squid.conf
 ... ...
 #​http_access allow localnet #​http_access allow localnet
Line 31: Line 31:
 ... ...
  
-gX# squid -k parse+gate# squid -k parse
  
-gX# squid -z+gate# squid -z
 </​code>​ </​code>​
  
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
-[gX:~] # cat /​etc/​rc.conf+[gate:~] # cat /​etc/​rc.conf
 ... ...
 squid_enable=yes squid_enable=yes
 ... ...
  
-[gX:~] # /​usr/​local/​etc/​rc.d/​squid start+[gate:~] # /​usr/​local/​etc/​rc.d/​squid start
  
-[gX:~] # tail -f /usr/local/​squid/​logs/​access.log+[gate:~] # tail -f /var/​squid/​logs/​access.log
 </​code>​ </​code>​
  
 ==== Ubuntu ==== ==== Ubuntu ====
 <​code>​ <​code>​
-root@gX:~# /​etc/​init.d/​squid start+root@gate:~# /​etc/​init.d/​squid start
  
-root@gX:~# tail -f /​var/​log/​squid/​access.log+root@gate:~# tail -f /​var/​log/​squid/​access.log
 </​code>​ </​code>​
 +
 +===== Обработка лог файлов сервера SQUID =====
 +
 +==== Установка,​ настройка и использование пакета SARG ====
 +
 +=== FreeBSD ===
 +<​code>​
 +[gate:~] # pkg_add -r sarg
 + 
 +[gate:~] # cd /​usr/​local/​etc/​sarg/​
 +
 +[gate:​local/​etc/​sarg] # cp sarg.conf.default sarg.conf
 +
 +[gate:​local/​etc/​sarg] # cat sarg.conf
 +...
 +access_log /​var/​squid/​logs/​access.log.0
 +...
 +output_dir /​usr/​local/​www/​apache22/​data/​squid-reports
 +...
 +
 +[gate:~] # squid -k rotate
 +
 +[gate:~] # sarg
 +SARG: Records in file: 23, reading: 0.00%
 +SARG: Successful report generated on /​usr/​local/​www/​data/​squid-reports/​2006Jun28-2006Jun28
 +</​code>​
 +
 +==== Автоматизация процесса построения отчета (FreeBSD) ====
 +
 +на постоянно работающем сервере:​
 +<​code>​
 +[gate:~] # cat /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh
 +#!/bin/sh
 +echo Generate Squid Access Report
 +/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -exec rm -r {} \;
 +/​usr/​local/​sbin/​squid -k rotate
 +/​usr/​local/​bin/​sarg
 +
 +[gate:~] # chmod +x /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh ​
 +</​code>​
 +
 +на сервере работающем в течении рабочего дня:
 +<​code>​
 +[gate:~] # cat /​usr/​local/​etc/​rc.d/​sarg.sh
 +#!/bin/sh
 +echo Generate Squid Access Report
 +/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -delete
 +/​usr/​local/​sbin/​squid -k rotate
 +/​usr/​local/​bin/​sarg
 +
 +[gate:~] # chmod +x /​usr/​local/​etc/​rc.d/​sarg.sh ​
 +</​code>​
 +
 +=== Ubuntu ===
 +<​code>​
 +root@gate:​~#​ apt-get install sarg
 +
 +root@gate:​~#​ /​etc/​cron.daily/​sarg
 +Результаты на следующий день
 +</​code>​
 +
 +Проверка:​
 +Наберите в MSIE http://​gate.corpX.un/​squid-reports/​
  
 ===== Антивирусная защита web трафика ===== ===== Антивирусная защита web трафика =====
Line 61: Line 124:
 === FreeBSD === === FreeBSD ===
 <​code>​ <​code>​
-[gX:~] # cat /​etc/​rc.conf+[gate:~] # cat /​etc/​rc.conf
 ... ...
 clamav_clamd_enable="​YES"​ clamav_clamd_enable="​YES"​
  
-[gX:~] # /​usr/​local/​etc/​rc.d/​clamav-clamd start+[gate:~] # /​usr/​local/​etc/​rc.d/​clamav-clamd start
  
-[gX:~] # ls -l /​var/​run/​clamav/​clamd.sock+[gate:~] # ls -l /​var/​run/​clamav/​clamd.sock
 </​code>​ </​code>​
  
 === Ubuntu === === Ubuntu ===
 <​code>​ <​code>​
-root@gX:~# /​etc/​init.d/​clamav-daemon start+root@gate:~# /​etc/​init.d/​clamav-daemon start
  
-root@gX:~# ls -l /​var/​run/​clamav/​clamd.ctl+root@gate:~# ls -l /​var/​run/​clamav/​clamd.ctl
 </​code>​ </​code>​
  
 === FreeBSD/​Ubuntu === === FreeBSD/​Ubuntu ===
 <​code>​ <​code>​
-gX# clamdscan virus.zip+gate# clamdscan virus.zip
 </​code>​ </​code>​
  
Line 86: Line 149:
 === FreeBSD === === FreeBSD ===
 <​code>​ <​code>​
-[gX:~] # pkg_add -r squidclamav+[gate:~] # pkg_add -r squidclamav
 </​code>​ </​code>​
 или или
 <​code>​ <​code>​
 [gate:~] # cd /​usr/​ports/​security/​squidclamav [gate:~] # cd /​usr/​ports/​security/​squidclamav
-[gate:​ports/​security/​squidclamav] # make package ​clean+[gate:​ports/​security/​squidclamav] # make install ​clean
 </​code>​ </​code>​
  
 <​code>​ <​code>​
-[gX:~] # cat /​usr/​local/​etc/​squidclamav.conf+[gate:~] # cat /​usr/​local/​etc/​squidclamav.conf
 proxy http://​127.0.0.1:​3128/​ proxy http://​127.0.0.1:​3128/​
 logfile /​var/​log/​squidclamav.log logfile /​var/​log/​squidclamav.log
-redirect http://gX.dX.class/​cgi-bin/​test-cgi+redirect http://gate.corpX.un/​cgi-bin/​test-cgi
 clamd_local /​var/​run/​clamav/​clamd.sock clamd_local /​var/​run/​clamav/​clamd.sock
  
-[gX:~] # touch /​var/​log/​squidclamav.log+[gate:~] # touch /​var/​log/​squidclamav.log
  
-[gX:~] # chown squid /​var/​log/​squidclamav.log+[gate:~] # chown squid /​var/​log/​squidclamav.log
 </​code>​ </​code>​
  
 === Ubuntu === === Ubuntu ===
 <​code>​ <​code>​
-root@gX:~# apt-get install libcurl4-openssl-dev+root@gate:~# apt-get install libcurl4-openssl-dev
  
-root@gX:~# wget http://​www.darold.net/​projects/​squidclamav/​squidclamav-4.0.tar.gz+root@gate:~# wget http://​www.darold.net/​projects/​squidclamav/​squidclamav-4.0.tar.gz
  
-root@gX:~# tar -xvf squidclamav-4.0.tar.gz+root@gate:~# tar -xvf squidclamav-4.0.tar.gz
  
-root@gX:~# cd squidclamav-4.0+root@gate:~# cd squidclamav-4.0
  
-root@gX:​~/​squidclamav-4.0#​ ./configure --prefix=/​usr/​local/​+root@gate:​~/​squidclamav-4.0#​ ./configure --prefix=/​usr/​local/​
  
-root@gX:​~/​squidclamav-4.0#​ make && make install+root@gate:​~/​squidclamav-4.0#​ make && make install
  
-root@gX:​~/​squidclamav-4.0#​ mkdir /​usr/​local/​etc+root@gate:​~/​squidclamav-4.0#​ mkdir /​usr/​local/​etc
  
-root@gX:​~/​squidclamav-4.0#​ cp squidclamav.conf.dist /​usr/​local/​etc/​squidclamav.conf+root@gate:​~/​squidclamav-4.0#​ cp squidclamav.conf.dist /​usr/​local/​etc/​squidclamav.conf
  
-root@gX:~# cat /​usr/​local/​etc/​squidclamav.conf+root@gate:~# cat /​usr/​local/​etc/​squidclamav.conf
 squid_ip 127.0.0.1 squid_ip 127.0.0.1
 squid_port 3128 squid_port 3128
 logfile /​var/​log/​squidclamav.log logfile /​var/​log/​squidclamav.log
-redirect http://gX.dX.class/​cgi-bin/​test-cgi+redirect http://gate.corpX.un/​cgi-bin/​test-cgi
 clamd_local /​var/​run/​clamav/​clamd.ctl clamd_local /​var/​run/​clamav/​clamd.ctl
 content ^.*\/.*$ content ^.*\/.*$
  
-root@gX:~# touch /​var/​log/​squidclamav.log+root@gate:~# touch /​var/​log/​squidclamav.log
  
-root@gX:~# chown proxy:proxy /​var/​log/​squidclamav.log+root@gate:~# chown proxy:proxy /​var/​log/​squidclamav.log
 </​code>​ </​code>​
  
 ==== Настройка squid на использование squidclamav ==== ==== Настройка squid на использование squidclamav ====
 <​code>​ <​code>​
-gX# cat squid.conf+gate# cat squid.conf
 ... ...
 redirector_access deny localhost redirector_access deny localhost
-acl localnet ​src 192.168.X.0/​24 127.0.0.1+acl our_networks ​src 192.168.X.0/​24 127.0.0.1
 ... ...
 url_rewrite_program /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf url_rewrite_program /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf
Line 150: Line 213:
 ==== Отладка ==== ==== Отладка ====
 <​code>​ <​code>​
-gX# /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf+gate# /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf
 SquidClamav running as UID 0: writing logs to stderr SquidClamav running as UID 0: writing logs to stderr
 Thu Dec  4 16:06:14 2008 LOG Reading configuration from /​usr/​local/​etc/​squidclamav.conf Thu Dec  4 16:06:14 2008 LOG Reading configuration from /​usr/​local/​etc/​squidclamav.conf
 Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started
-</​code><​code>​http://​g50.class/​virus.zip ​10.5.1.50 squid GET</​code><​code>​ +</​code><​code>​http://​val.bmstu.ru/​virus.zip ​195.19.32.14 squid GET</​code><​code>​ 
-Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://ya.ru?​url=http://​g50.class/​virus.zip&​source=10.5.1.50&​user=squid&​virus=stream:​+Worm.Sober.U-3+FOUND +Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/​cgi-bin/​test-cgi?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=squid&​virus=stream:​+Worm.Sober.U-3+FOUND 
-http://gX.class/​cgi-bin/​printenv?​url=http://​g50.class/​virus.zip&​source=10.5.1.50&​user=mylog&​virus=stream:​+Worm.Sober.U-3+FOUND ​10.5.1.50 squid GET+http://gate.corpX.un/​cgi-bin/​printenv?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=mylog&​virus=stream:​+Worm.Sober.U-3+FOUND ​195.19.32.14 squid GET
 </​code>​ </​code>​
  
Line 163: Line 226:
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
-[gX:~] # cd /​usr/​local/​etc/​squid/​+[gate:~] # cd /​usr/​local/​etc/​squid/​
 </​code>​ </​code>​
  
 ==== Ubuntu ==== ==== Ubuntu ====
 <​code>​ <​code>​
-root@gX:~# cd /etc/squid/+root@gate:~# cd /etc/squid/
 </​code>​ </​code>​
  
 ==== FreeBSD/​Ubuntu ==== ==== FreeBSD/​Ubuntu ====
 <​code>​ <​code>​
-gX# cat deny_hosts.txt+gate# cat deny_hosts.txt
 .*odnok.* .*odnok.*
 .*com\/.* .*com\/.*
  
-gX# cat squid.conf+gate# cat squid.conf
 ... ...
 acl our_networks src 192.168.100+X.0/​24 ​ acl our_networks src 192.168.100+X.0/​24 ​
-acl full_access src 192.168.100+X.127.0.0.1+acl full_access src 192.168.100+X.100 127.0.0.1
  
 #For FreeBSD #For FreeBSD
Line 191: Line 254:
 ... ...
  
-[gX:​local/​etc/​squid] ​# squid -k check +gate# squid -k check 
-[gX:​local/​etc/​squid] ​# squid -k reconfigure+gate# squid -k reconfigure
 </​code>​ </​code>​
  
-===== Обработка ​лог файлов сервера SQUID =====+===== Настройка "прозрачного"​ (transparent) http proxy =====
  
-==== Установка,​ настройка и использование ​пакета SARG ==== +==== С использованием WPAD (Web Proxy Auto-Discovery) ​====
- +
-==FreeBSD ​===+
 <​code>​ <​code>​
-[gX:​~] ​pkg_add -r sarg +cat /etc/namedb/master/corpX.un
-  +
-[gX:~] # cd /usr/local/etc/sarg/ +
- +
-[gX:local/etc/sarg] # cp sarg.conf.default sarg.conf +
- +
-[gX:​local/​etc/​sarg] # cat sarg.conf+
 ... ...
-access_log /​usr/​local/​squid/​logs/​access.log.0 +wpad    A       192.168.X.1  
-... +proxy   ​A ​      192.168.X.1
-output_dir /​usr/​local/​www/​data/​squid-reports+
 ... ...
  
-[gX:​~] ​squid -k rotate +cat /​usr/​local/​www/​data/​wpad.dat 
- +function FindProxyForURL(url,​host) 
-[gX:~] # sarg +
-SARG: Records in file: 23, reading: 0.00% +        return "PROXY proxy.corpX.un:​3128";​ 
-SARG: Successful report generated on /​usr/​local/​www/​data/​squid-reports/​2006Jun28-2006Jun28+}
 </​code>​ </​code>​
 +==== С использованием перенаправления пакетов ====
  
-=== Ubuntu ​===+=== Настойка SQUID ===
 <​code>​ <​code>​
-root@g13:~# apt-get install sarg +gate# diff squid.conf.default squid.conf
- +
-root@g13:~# /​etc/​cron.daily/​sarg +
-Результаты на следующий день +
-</​code>​ +
- +
-Проверка:​ +
-Наберите в MSIE http://​gX.dX.class/​squid-reports/​ +
- +
-==== Автоматизация процесса построения отчета (FreeBSD) ==== +
- +
-на постоянно работающем сервере:​ +
-<​code>​ +
-[gX:~] # cat /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -exec rm -r {} \; +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gX:~] # chmod +x /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh  +
-</​code>​ +
- +
-на сервере работающем в течении рабочего дня: +
-<​code>​ +
-[gX:~] # cat /​usr/​local/​etc/​rc.d/​sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -delete +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gX:~] # chmod +x /​usr/​local/​etc/​rc.d/​sarg.sh  +
-</​code>​ +
- +
-===== Настройка "​прозрачного"​ (transparent) http proxy ===== +
-  +
-==== Настойка SQUID ==== +
-<​code>​ +
-[gX:​local/​etc/​squid] ​# diff squid.conf.default squid.conf+
 ... ...
-938c938+1127c1127
 < http_port 3128 < http_port 3128
 --- ---
Line 270: Line 286:
 ... ...
  
-[gX:​local/​etc/​squid] ​# squid -k check+gate# squid -k check
  
-[gX:​local/​etc/​squid] ​# squid -k reconfigure+gate# squid -k reconfigure
 </​code>​ </​code>​
  
-==== Настойка FreeBSD (pf) ====+=== Настойка FreeBSD (pf) ===
 <​code>​ <​code>​
-[gX:~] # cat /​etc/​pf.conf+[gate:~] # cat /​etc/​pf.conf
 ... ...
 rdr proto tcp from 192.168.X/​24 to any port 80 -> 127.0.0.1 port 3128 rdr proto tcp from 192.168.X/​24 to any port 80 -> 127.0.0.1 port 3128
 ... ...
  
-[gX:~] # /​etc/​rc.d/​pf reload+[gate:~] # /​etc/​rc.d/​pf reload
 </​code>​ </​code>​
  
-==== Настойка Ubuntu (iptables) ====+=== Настойка Ubuntu (iptables) === 
 +[[Сервис NAT]]
 <​code>​ <​code>​
-root@gX:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/​24 --dport 80 -j REDIRECT --to-port 3128+root@gate:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/​24 --dport 80 -j REDIRECT --to-port 3128
 </​code>​ </​code>​
  
-==== Мониторинг ​====+=== Мониторинг ===
 <​code>​ <​code>​
-gX# tail -f access.log+gate# tail -f access.log
 </​code>​ </​code>​
  
 +==== С использованием групповых политик ====
 +
 +[[Основы Windows]]
сервис_http_proxy.txt · Last modified: 2014/02/20 17:33 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki