This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_http_proxy [2009/06/22 13:20] val |
сервис_http_proxy [2010/08/27 09:30] val |
||
---|---|---|---|
Line 5: | Line 5: | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gX:~] # pkg_add -r squid | + | [gate:~] # pkg_add -r squid |
- | [gX:~] # rehash | + | [gate:~] # rehash |
- | [gX:~] # cd /usr/local/etc/squid/ | + | [gate:~] # cd /usr/local/etc/squid/ |
</code> | </code> | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@gX:~# apt-get install squid | + | root@gate:~# apt-get install squid |
- | root@gX:~# /etc/init.d/squid stop | + | root@gate:~# /etc/init.d/squid stop |
- | root@gX:~# cd /etc/squid/ | + | root@gate:~# cd /etc/squid/ |
</code> | </code> | ||
==== FreeBSD/Ubuntu ==== | ==== FreeBSD/Ubuntu ==== | ||
<code> | <code> | ||
- | gX# cat squid.conf | + | gate# cat squid.conf |
... | ... | ||
#http_access allow localnet | #http_access allow localnet | ||
Line 31: | Line 31: | ||
... | ... | ||
- | gX# squid -k parse | + | gate# squid -k parse |
- | gX# squid -z | + | gate# squid -z |
</code> | </code> | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gX:~] # cat /etc/rc.conf | + | [gate:~] # cat /etc/rc.conf |
... | ... | ||
squid_enable=yes | squid_enable=yes | ||
... | ... | ||
- | [gX:~] # /usr/local/etc/rc.d/squid start | + | [gate:~] # /usr/local/etc/rc.d/squid start |
- | [gX:~] # tail -f /usr/local/squid/logs/access.log | + | [gate:~] # tail -f /var/squid/logs/access.log |
</code> | </code> | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@gX:~# /etc/init.d/squid start | + | root@gate:~# /etc/init.d/squid start |
- | root@gX:~# tail -f /var/log/squid/access.log | + | root@gate:~# tail -f /var/log/squid/access.log |
</code> | </code> | ||
+ | |||
+ | ===== Обработка лог файлов сервера SQUID ===== | ||
+ | |||
+ | ==== Установка, настройка и использование пакета SARG ==== | ||
+ | |||
+ | === FreeBSD === | ||
+ | <code> | ||
+ | [gate:~] # pkg_add -r sarg | ||
+ | |||
+ | [gate:~] # cd /usr/local/etc/sarg/ | ||
+ | |||
+ | [gate:local/etc/sarg] # cp sarg.conf.default sarg.conf | ||
+ | |||
+ | [gate:local/etc/sarg] # cat sarg.conf | ||
+ | ... | ||
+ | access_log /usr/local/squid/logs/access.log.0 | ||
+ | ... | ||
+ | output_dir /usr/local/www/apache22/data/squid-reports | ||
+ | ... | ||
+ | |||
+ | [gate:~] # squid -k rotate | ||
+ | |||
+ | [gate:~] # sarg | ||
+ | SARG: Records in file: 23, reading: 0.00% | ||
+ | SARG: Successful report generated on /usr/local/www/data/squid-reports/2006Jun28-2006Jun28 | ||
+ | </code> | ||
+ | |||
+ | ==== Автоматизация процесса построения отчета (FreeBSD) ==== | ||
+ | |||
+ | на постоянно работающем сервере: | ||
+ | <code> | ||
+ | [gate:~] # cat /usr/local/etc/periodic/daily/100.sarg.sh | ||
+ | #!/bin/sh | ||
+ | echo Generate Squid Access Report | ||
+ | /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -exec rm -r {} \; | ||
+ | /usr/local/sbin/squid -k rotate | ||
+ | /usr/local/bin/sarg | ||
+ | |||
+ | [gate:~] # chmod +x /usr/local/etc/periodic/daily/100.sarg.sh | ||
+ | </code> | ||
+ | |||
+ | на сервере работающем в течении рабочего дня: | ||
+ | <code> | ||
+ | [gate:~] # cat /usr/local/etc/rc.d/sarg.sh | ||
+ | #!/bin/sh | ||
+ | echo Generate Squid Access Report | ||
+ | /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -delete | ||
+ | /usr/local/sbin/squid -k rotate | ||
+ | /usr/local/bin/sarg | ||
+ | |||
+ | [gate:~] # chmod +x /usr/local/etc/rc.d/sarg.sh | ||
+ | </code> | ||
+ | |||
+ | === Ubuntu === | ||
+ | <code> | ||
+ | root@gate:~# apt-get install sarg | ||
+ | |||
+ | root@gate:~# /etc/cron.daily/sarg | ||
+ | Результаты на следующий день | ||
+ | </code> | ||
+ | |||
+ | Проверка: | ||
+ | Наберите в MSIE http://gate.corpX.un/squid-reports/ | ||
===== Антивирусная защита web трафика ===== | ===== Антивирусная защита web трафика ===== | ||
Line 61: | Line 124: | ||
=== FreeBSD === | === FreeBSD === | ||
<code> | <code> | ||
- | [gX:~] # cat /etc/rc.conf | + | [gate:~] # cat /etc/rc.conf |
... | ... | ||
clamav_clamd_enable="YES" | clamav_clamd_enable="YES" | ||
- | [gX:~] # /usr/local/etc/rc.d/clamav-clamd start | + | [gate:~] # /usr/local/etc/rc.d/clamav-clamd start |
- | [gX:~] # ls -l /var/run/clamav/clamd.sock | + | [gate:~] # ls -l /var/run/clamav/clamd.sock |
</code> | </code> | ||
=== Ubuntu === | === Ubuntu === | ||
<code> | <code> | ||
- | root@gX:~# /etc/init.d/clamav-daemon start | + | root@gate:~# /etc/init.d/clamav-daemon start |
- | root@gX:~# ls -l /var/run/clamav/clamd.ctl | + | root@gate:~# ls -l /var/run/clamav/clamd.ctl |
</code> | </code> | ||
=== FreeBSD/Ubuntu === | === FreeBSD/Ubuntu === | ||
<code> | <code> | ||
- | gX# clamdscan virus.zip | + | gate# clamdscan virus.zip |
</code> | </code> | ||
Line 86: | Line 149: | ||
=== FreeBSD === | === FreeBSD === | ||
<code> | <code> | ||
- | [gX:~] # pkg_add -r squidclamav | + | [gate:~] # pkg_add -r squidclamav |
</code> | </code> | ||
или | или | ||
Line 95: | Line 158: | ||
<code> | <code> | ||
- | [gX:~] # cat /usr/local/etc/squidclamav.conf | + | [gate:~] # cat /usr/local/etc/squidclamav.conf |
proxy http://127.0.0.1:3128/ | proxy http://127.0.0.1:3128/ | ||
logfile /var/log/squidclamav.log | logfile /var/log/squidclamav.log | ||
- | redirect http://gX.dX.class/cgi-bin/test-cgi | + | redirect http://gate.corpX.un/cgi-bin/test-cgi |
clamd_local /var/run/clamav/clamd.sock | clamd_local /var/run/clamav/clamd.sock | ||
- | [gX:~] # touch /var/log/squidclamav.log | + | [gate:~] # touch /var/log/squidclamav.log |
- | [gX:~] # chown squid /var/log/squidclamav.log | + | [gate:~] # chown squid /var/log/squidclamav.log |
</code> | </code> | ||
=== Ubuntu === | === Ubuntu === | ||
<code> | <code> | ||
- | root@gX:~# apt-get install libcurl4-openssl-dev | + | root@gate:~# apt-get install libcurl4-openssl-dev |
- | root@gX:~# wget http://www.darold.net/projects/squidclamav/squidclamav-4.0.tar.gz | + | root@gate:~# wget http://www.darold.net/projects/squidclamav/squidclamav-4.0.tar.gz |
- | root@gX:~# tar -xvf squidclamav-4.0.tar.gz | + | root@gate:~# tar -xvf squidclamav-4.0.tar.gz |
- | root@gX:~# cd squidclamav-4.0 | + | root@gate:~# cd squidclamav-4.0 |
- | root@gX:~/squidclamav-4.0# ./configure --prefix=/usr/local/ | + | root@gate:~/squidclamav-4.0# ./configure --prefix=/usr/local/ |
- | root@gX:~/squidclamav-4.0# make && make install | + | root@gate:~/squidclamav-4.0# make && make install |
- | root@gX:~/squidclamav-4.0# mkdir /usr/local/etc | + | root@gate:~/squidclamav-4.0# mkdir /usr/local/etc |
- | root@gX:~/squidclamav-4.0# cp squidclamav.conf.dist /usr/local/etc/squidclamav.conf | + | root@gate:~/squidclamav-4.0# cp squidclamav.conf.dist /usr/local/etc/squidclamav.conf |
- | root@gX:~# cat /usr/local/etc/squidclamav.conf | + | root@gate:~# cat /usr/local/etc/squidclamav.conf |
squid_ip 127.0.0.1 | squid_ip 127.0.0.1 | ||
squid_port 3128 | squid_port 3128 | ||
logfile /var/log/squidclamav.log | logfile /var/log/squidclamav.log | ||
- | redirect http://gX.dX.class/cgi-bin/test-cgi | + | redirect http://gate.corpX.un/cgi-bin/test-cgi |
clamd_local /var/run/clamav/clamd.ctl | clamd_local /var/run/clamav/clamd.ctl | ||
content ^.*\/.*$ | content ^.*\/.*$ | ||
- | root@gX:~# touch /var/log/squidclamav.log | + | root@gate:~# touch /var/log/squidclamav.log |
- | root@gX:~# chown proxy:proxy /var/log/squidclamav.log | + | root@gate:~# chown proxy:proxy /var/log/squidclamav.log |
</code> | </code> | ||
==== Настройка squid на использование squidclamav ==== | ==== Настройка squid на использование squidclamav ==== | ||
<code> | <code> | ||
- | gX# cat squid.conf | + | gate# cat squid.conf |
... | ... | ||
redirector_access deny localhost | redirector_access deny localhost | ||
Line 150: | Line 213: | ||
==== Отладка ==== | ==== Отладка ==== | ||
<code> | <code> | ||
- | gX# /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf | + | gate# /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf |
SquidClamav running as UID 0: writing logs to stderr | SquidClamav running as UID 0: writing logs to stderr | ||
Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf | Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf | ||
Line 163: | Line 226: | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gX:~] # cd /usr/local/etc/squid/ | + | [gate:~] # cd /usr/local/etc/squid/ |
</code> | </code> | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@gX:~# cd /etc/squid/ | + | root@gate:~# cd /etc/squid/ |
</code> | </code> | ||
==== FreeBSD/Ubuntu ==== | ==== FreeBSD/Ubuntu ==== | ||
<code> | <code> | ||
- | gX# cat deny_hosts.txt | + | gate# cat deny_hosts.txt |
.*odnok.* | .*odnok.* | ||
.*com\/.* | .*com\/.* | ||
- | gX# cat squid.conf | + | gate# cat squid.conf |
... | ... | ||
acl our_networks src 192.168.100+X.0/24 | acl our_networks src 192.168.100+X.0/24 | ||
- | acl full_access src 192.168.100+X.2 127.0.0.1 | + | acl full_access src 192.168.100+X.100 127.0.0.1 |
#For FreeBSD | #For FreeBSD | ||
Line 191: | Line 254: | ||
... | ... | ||
- | [gX:local/etc/squid] # squid -k check | + | gate# squid -k check |
- | [gX:local/etc/squid] # squid -k reconfigure | + | gate# squid -k reconfigure |
</code> | </code> | ||
- | ===== Обработка лог файлов сервера SQUID ===== | + | ===== Настройка "прозрачного" (transparent) http proxy ===== |
- | ==== Установка, настройка и использование пакета SARG ==== | + | ==== С использованием WPAD (Web Proxy Auto-Discovery) ==== |
- | + | ||
- | === FreeBSD === | + | |
<code> | <code> | ||
- | [gX:~] # pkg_add -r sarg | + | # cat /etc/namedb/master/corpX.un |
- | + | ||
- | [gX:~] # cd /usr/local/etc/sarg/ | + | |
- | + | ||
- | [gX:local/etc/sarg] # cp sarg.conf.default sarg.conf | + | |
- | + | ||
- | [gX:local/etc/sarg] # cat sarg.conf | + | |
... | ... | ||
- | access_log /usr/local/squid/logs/access.log.0 | + | wpad A 192.168.X.1 |
- | ... | + | proxy A 192.168.X.1 |
- | output_dir /usr/local/www/data/squid-reports | + | |
... | ... | ||
- | [gX:~] # squid -k rotate | + | # cat /usr/local/www/data/wpad.dat |
- | + | function FindProxyForURL(url,host) | |
- | [gX:~] # sarg | + | { |
- | SARG: Records in file: 23, reading: 0.00% | + | return "PROXY proxy.corpX.un:3128"; |
- | SARG: Successful report generated on /usr/local/www/data/squid-reports/2006Jun28-2006Jun28 | + | } |
</code> | </code> | ||
+ | ==== С использованием перенаправления пакетов ==== | ||
- | === Ubuntu === | + | === Настойка SQUID === |
<code> | <code> | ||
- | root@g13:~# apt-get install sarg | + | gate# diff squid.conf.default squid.conf |
- | + | ||
- | root@g13:~# /etc/cron.daily/sarg | + | |
- | Результаты на следующий день | + | |
- | </code> | + | |
- | + | ||
- | Проверка: | + | |
- | Наберите в MSIE http://gX.dX.class/squid-reports/ | + | |
- | + | ||
- | ==== Автоматизация процесса построения отчета (FreeBSD) ==== | + | |
- | + | ||
- | на постоянно работающем сервере: | + | |
- | <code> | + | |
- | [gX:~] # cat /usr/local/etc/periodic/daily/100.sarg.sh | + | |
- | #!/bin/sh | + | |
- | echo Generate Squid Access Report | + | |
- | /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -exec rm -r {} \; | + | |
- | /usr/local/sbin/squid -k rotate | + | |
- | /usr/local/bin/sarg | + | |
- | + | ||
- | [gX:~] # chmod +x /usr/local/etc/periodic/daily/100.sarg.sh | + | |
- | </code> | + | |
- | + | ||
- | на сервере работающем в течении рабочего дня: | + | |
- | <code> | + | |
- | [gX:~] # cat /usr/local/etc/rc.d/sarg.sh | + | |
- | #!/bin/sh | + | |
- | echo Generate Squid Access Report | + | |
- | /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -delete | + | |
- | /usr/local/sbin/squid -k rotate | + | |
- | /usr/local/bin/sarg | + | |
- | + | ||
- | [gX:~] # chmod +x /usr/local/etc/rc.d/sarg.sh | + | |
- | </code> | + | |
- | + | ||
- | ===== Настройка "прозрачного" (transparent) http proxy ===== | + | |
- | + | ||
- | ==== Настойка SQUID ==== | + | |
- | <code> | + | |
- | [gX:local/etc/squid] # diff squid.conf.default squid.conf | + | |
... | ... | ||
- | 938c938 | + | 1127c1127 |
< http_port 3128 | < http_port 3128 | ||
--- | --- | ||
Line 270: | Line 286: | ||
... | ... | ||
- | [gX:local/etc/squid] # squid -k check | + | gate# squid -k check |
- | [gX:local/etc/squid] # squid -k reconfigure | + | gate# squid -k reconfigure |
</code> | </code> | ||
- | ==== Настойка FreeBSD (pf) ==== | + | === Настойка FreeBSD (pf) === |
<code> | <code> | ||
- | [gX:~] # cat /etc/pf.conf | + | [gate:~] # cat /etc/pf.conf |
... | ... | ||
rdr proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | rdr proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | ||
... | ... | ||
- | [gX:~] # /etc/rc.d/pf reload | + | [gate:~] # /etc/rc.d/pf reload |
</code> | </code> | ||
- | ==== Настойка Ubuntu (iptables) ==== | + | === Настойка Ubuntu (iptables) === |
+ | [[Сервис NAT]] | ||
<code> | <code> | ||
- | root@gX:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128 | + | root@gate:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128 |
</code> | </code> | ||
- | ==== Мониторинг ==== | + | === Мониторинг === |
<code> | <code> | ||
- | gX# tail -f access.log | + | gate# tail -f access.log |
</code> | </code> | ||
+ | ==== С использованием групповых политик ==== | ||
+ | |||
+ | [[Основы Windows]] |