Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_http_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
сервис_http_proxy [2010/08/27 09:31]
val 		сервис_http_proxy [2013/05/22 13:50]
127.0.0.1 внешнее изменение
Line 1: Line 1:
 ====== Сервис HTTP Proxy ====== ====== Сервис HTTP Proxy ======
  
-===== Установка,​ настройка минимальной конфигурации,​ инициализация кэша и запуск пакета ​squid =====+[[Установка,​ настройка и запуск пакета ​SQUID]]
  
-==== FreeBSD ==== +[[Обработка лог файлов сервера SQUID]]
-<​code>​ +
-[gate:~] # pkg_add -r squid +
-[gate:~# rehash+
  
-[gate:~# cd /​usr/​local/​etc/​squid/​ +[[Антивирусная защита web трафика SQUID]]
-</​code>​+
  
-==== Ubuntu ==== +[[Аутентификация доступа к SQUID]]
-<​code>​ +
-root@gate:​~#​ apt-get install squid+
  
-root@gate:​~#​ /​etc/​init.d/​squid stop+[[Авторизация доступа к ресурсам через SQUID]]
  
-root@gate:​~#​ cd /​etc/​squid/​ +[[Автоматизация использования SQUID]]
-</​code>​ +
- +
-==== FreeBSD/​Ubuntu ==== +
-<​code>​ +
-gate# cat squid.conf +
-... +
-#​http_access allow localnet +
-acl our_networks src 192.168.X.0/​24 +
-http_access allow our_networks +
-... +
-cache_dir ufs /​usr/​local/​squid/​cache 200 16 256 +
-... +
- +
-gate# squid -k parse +
- +
-gate# squid -z +
-</​code>​ +
- +
-==== FreeBSD ==== +
-<​code>​ +
-[gate:~] # cat /​etc/​rc.conf +
-... +
-squid_enable=yes +
-... +
- +
-[gate:~] # /​usr/​local/​etc/​rc.d/​squid start +
- +
-[gate:~] # tail -f /​var/​squid/​logs/​access.log +
-</​code>​ +
- +
-==== Ubuntu ==== +
-<​code>​ +
-root@gate:​~#​ /​etc/​init.d/​squid start +
- +
-root@gate:​~#​ tail -f /​var/​log/​squid/​access.log +
-</​code>​ +
- +
-===== Обработка лог файлов сервера SQUID ===== +
- +
-==== Установка,​ настройка и использование пакета SARG ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~] # pkg_add -r sarg +
-  +
-[gate:~] # cd /​usr/​local/​etc/​sarg/​ +
- +
-[gate:​local/​etc/​sarg] # cp sarg.conf.default sarg.conf +
- +
-[gate:​local/​etc/​sarg] # cat sarg.conf +
-... +
-access_log /​var/​squid/​logs/​access.log.0 +
-... +
-output_dir /​usr/​local/​www/​apache22/​data/​squid-reports +
-... +
- +
-[gate:~] # squid -k rotate +
- +
-[gate:~] # sarg +
-SARG: Records in file: 23, reading: 0.00% +
-SARG: Successful report generated on /​usr/​local/​www/​data/​squid-reports/​2006Jun28-2006Jun28 +
-</​code>​ +
- +
-==== Автоматизация ​процесса построения отчета (FreeBSD) ==== +
- +
-на постоянно работающем сервере:​ +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -exec rm -r {} \; +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gate:~] # chmod +x /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh  +
-</​code>​ +
- +
-на сервере работающем в течении рабочего дня: +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​rc.d/​sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -delete +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gate:~] # chmod +x /​usr/​local/​etc/​rc.d/​sarg.sh  +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ apt-get install sarg +
- +
-root@gate:​~#​ /​etc/​cron.daily/​sarg +
-Результаты на следующий день +
-</​code>​ +
- +
-Проверка:​ +
-Наберите в MSIE http://​gate.corpX.un/​squid-reports/​ +
- +
-===== Антивирусная защита web трафика ===== +
- +
-==== Запуск демона антивируса ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~] # cat /​etc/​rc.conf +
-... +
-clamav_clamd_enable="​YES"​ +
- +
-[gate:~] # /​usr/​local/​etc/​rc.d/​clamav-clamd start +
- +
-[gate:~] # ls -l /​var/​run/​clamav/​clamd.sock +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ /​etc/​init.d/​clamav-daemon start +
- +
-root@gate:​~#​ ls -l /​var/​run/​clamav/​clamd.ctl +
-</​code>​ +
- +
-=== FreeBSD/​Ubuntu === +
-<​code>​ +
-gate# clamdscan virus.zip +
-</​code>​ +
- +
-==== Установка и настройка пакета для связи squid и clamav (squidclamav) ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~] # pkg_add -r squidclamav +
-</​code>​ +
-или +
-<​code>​ +
-[gate:~] # cd /​usr/​ports/​security/​squidclamav +
-[gate:​ports/​security/​squidclamav] # make install clean +
-</​code>​ +
- +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​squidclamav.conf +
-proxy http://​127.0.0.1:​3128/​ +
-logfile /​var/​log/​squidclamav.log +
-redirect http://​gate.corpX.un/​cgi-bin/​test-cgi +
-clamd_local /​var/​run/​clamav/​clamd.sock +
- +
-[gate:~] # touch /​var/​log/​squidclamav.log +
- +
-[gate:~] # chown squid /​var/​log/​squidclamav.log +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ apt-get install libcurl4-openssl-dev +
- +
-root@gate:​~#​ wget http://​www.darold.net/​projects/​squidclamav/​squidclamav-4.0.tar.gz +
- +
-root@gate:​~#​ tar -xvf squidclamav-4.0.tar.gz +
- +
-root@gate:​~#​ cd squidclamav-4.0 +
- +
-root@gate:​~/​squidclamav-4.0#​ ./configure --prefix=/​usr/​local/​ +
- +
-root@gate:​~/​squidclamav-4.0#​ make && make install +
- +
-root@gate:​~/​squidclamav-4.0#​ mkdir /​usr/​local/​etc +
- +
-root@gate:​~/​squidclamav-4.0#​ cp squidclamav.conf.dist /​usr/​local/​etc/​squidclamav.conf +
- +
-root@gate:​~#​ cat /​usr/​local/​etc/​squidclamav.conf +
-squid_ip 127.0.0.1 +
-squid_port 3128 +
-logfile /​var/​log/​squidclamav.log +
-redirect http://​gate.corpX.un/​cgi-bin/​test-cgi +
-clamd_local /​var/​run/​clamav/​clamd.ctl +
-content ^.*\/.*$ +
- +
-root@gate:​~#​ touch /​var/​log/​squidclamav.log +
- +
-root@gate:​~#​ chown proxy:proxy /​var/​log/​squidclamav.log +
-</​code>​ +
- +
-==== Настройка squid на использование squidclamav ==== +
-<​code>​ +
-gate# cat squid.conf +
-... +
-redirector_access deny localhost +
-acl our_networks src 192.168.X.0/​24 127.0.0.1 +
-... +
-url_rewrite_program /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf +
-... +
-</​code>​ +
- +
-==== Отладка ==== +
-<​code>​ +
-gate# /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf +
-SquidClamav running as UID 0: writing logs to stderr +
-Thu Dec  4 16:06:14 2008 LOG Reading configuration from /​usr/​local/​etc/​squidclamav.conf +
-Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started +
-</​code><​code>​http://​val.bmstu.ru/​virus.zip 195.19.32.14 squid GET</​code><​code>​ +
-Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://​gate.corpX.un/​cgi-bin/​test-cgi?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=squid&​virus=stream:​+Worm.Sober.U-3+FOUND +
-http://​gate.corpX.un/​cgi-bin/​printenv?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=mylog&​virus=stream:​+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET +
-</​code>​ +
- +
-===== Ограничение доступа к ресурсам ===== +
- +
-==== FreeBSD ==== +
-<​code>​ +
-[gate:~] # cd /​usr/​local/​etc/​squid/​ +
-</​code>​ +
- +
-==== Ubuntu ==== +
-<​code>​ +
-root@gate:​~#​ cd /​etc/​squid/​ +
-</​code>​ +
- +
-==== FreeBSD/​Ubuntu ==== +
-<​code>​ +
-gate# cat deny_hosts.txt +
-.*odnok.* +
-.*com\/.* +
- +
-gate# cat squid.conf +
-... +
-acl our_networks src 192.168.100+X.0/​24  +
-acl full_access src 192.168.100+X.100 127.0.0.1 +
- +
-#For FreeBSD +
-acl deny_hosts url_regex "/​usr/​local/​etc/​squid/​deny_hosts.txt"​ +
-#For Ubuntu +
-acl deny_hosts url_regex "/​etc/​squid/​deny_hosts.txt"​ +
- +
-http_access allow full_access +
-http_access allow our_networks !deny_hosts +
-... +
- +
-gate# squid -k check +
-gate# squid -k reconfigure +
-</​code>​ +
- +
-===== Настройка "​прозрачного"​ (transparent) http proxy ===== +
- +
-==== С использованием WPAD (Web Proxy Auto-Discovery) ==== +
-<​code>​ +
-# cat /​etc/​namedb/​master/​corpX.un +
-... +
-wpad    A       ​192.168.X.1  +
-proxy   ​A ​      ​192.168.X.1 +
-... +
- +
-# cat /​usr/​local/​www/​data/​wpad.dat +
-function FindProxyForURL(url,​host) +
-+
-        return "PROXY proxy.corpX.un:​3128";​ +
-+
-</​code>​ +
-==== С использованием перенаправления ​пакетов ==== +
- +
-=== Настойка ​SQUID === +
-<​code>​ +
-gate# diff squid.conf.default squid.conf +
-... +
-1127c1127 +
-< http_port 3128 +
---- +
-> http_port 3128 transparent +
-... +
- +
-gate# squid -k check +
- +
-gate# squid -k reconfigure +
-</​code>​ +
- +
-=== Настойка FreeBSD (pf) === +
-<​code>​ +
-[gate:~] # cat /​etc/​pf.conf +
-... +
-rdr proto tcp from 192.168.X/​24 to any port 80 -> 127.0.0.1 port 3128 +
-... +
- +
-[gate:~] # /​etc/​rc.d/​pf reload +
-</​code>​ +
- +
-=== Настойка Ubuntu (iptables) === +
-[[Сервис NAT]] +
-<​code>​ +
-root@gate:​~#​ iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/​24 --dport 80 -j REDIRECT --to-port 3128 +
-</​code>​ +
- +
-=== Мониторинг === +
-<​code>​ +
-gate# tail -f access.log +
-</​code>​ +
- +
-==== С использованием групповых политик ==== +
- +
-[[Основы Windows]]+
сервис_http_proxy.txt · Last modified: 2014/02/20 17:33 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki