User Tools

Site Tools


сервис_http_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
сервис_http_proxy [2010/02/03 11:51]
val
сервис_http_proxy [2014/02/20 17:33] (current)
val
Line 1: Line 1:
 ====== Сервис HTTP Proxy ====== ====== Сервис HTTP Proxy ======
  
-===== Установка,​ настройка минимальной конфигурации,​ инициализация кэша и запуск пакета ​squid ===== +  * [[Установка,​ настройка и запуск пакета ​SQUID]] 
- +  ​* ​[[Обработка лог файлов сервера SQUID]] 
-==== FreeBSD ==== +  * [[Антивирусная защита web трафика ​SQUID]] 
-<​code>​ +  * [[Аутентификация доступа к SQUID]] 
-[gate:~# pkg_add -r squid +  ​* ​[[Авторизация доступа к ресурсам через SQUID]] 
-[gate:~# rehash +  ​* ​[[Автоматизация ​использования SQUID]]
- +
-[gate:~] # cd /​usr/​local/​etc/​squid/​ +
-</​code>​ +
- +
-==== Ubuntu ==== +
-<​code>​ +
-root@gate:​~#​ apt-get install squid +
- +
-root@gate:​~#​ /​etc/​init.d/​squid stop +
- +
-root@gate:​~#​ cd /​etc/​squid/​ +
-</​code>​ +
- +
-==== FreeBSD/​Ubuntu ==== +
-<​code>​ +
-gate# cat squid.conf +
-... +
-#​http_access allow localnet +
-acl our_networks src 192.168.X.0/​24 +
-http_access allow our_networks +
-... +
-cache_dir ufs /​usr/​local/​squid/​cache 200 16 256 +
-... +
- +
-gate# squid -k parse +
- +
-gate# squid -z +
-</​code>​ +
- +
-==== FreeBSD ==== +
-<​code>​ +
-[gate:~] # cat /​etc/​rc.conf +
-... +
-squid_enable=yes +
-... +
- +
-[gate:~] # /​usr/​local/​etc/​rc.d/​squid start +
- +
-[gate:~] # tail -f /​usr/​local/​squid/​logs/​access.log +
-</​code>​ +
- +
-==== Ubuntu ==== +
-<​code>​ +
-root@gate:​~#​ /​etc/​init.d/​squid start +
- +
-root@gate:​~#​ tail -f /​var/​log/​squid/​access.log +
-</​code>​ +
- +
-===== Обработка лог файлов сервера SQUID ===== +
- +
-==== Установка,​ настройка и использование пакета SARG ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~# pkg_add -r sarg +
-  +
-[gate:~# cd /​usr/​local/​etc/​sarg/​ +
- +
-[gate:​local/​etc/​sarg] # cp sarg.conf.default sarg.conf +
- +
-[gate:​local/​etc/​sarg] # cat sarg.conf +
-... +
-access_log /​usr/​local/​squid/​logs/​access.log.0 +
-... +
-output_dir /​usr/​local/​www/​apache22/​data/​squid-reports +
-... +
- +
-[gate:~] # squid -k rotate +
- +
-[gate:~] # sarg +
-SARG: Records in file: 23, reading: 0.00% +
-SARG: Successful report generated on /​usr/​local/​www/​data/​squid-reports/​2006Jun28-2006Jun28 +
-</​code>​ +
- +
-==== Автоматизация процесса построения отчета (FreeBSD) ==== +
- +
-на постоянно работающем сервере:​ +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '*-*' -exec rm -r {} \; +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gate:~] # chmod +x /​usr/​local/​etc/​periodic/​daily/​100.sarg.sh  +
-</​code>​ +
- +
-на сервере работающем в течении рабочего дня: +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​rc.d/​sarg.sh +
-#!/bin/sh +
-echo Generate Squid Access Report +
-/​usr/​bin/​find /​usr/​local/​www/​data/​squid-reports/​ -maxdepth 1 -mtime +60 -type d -name '​*-*'​ -delete +
-/​usr/​local/​sbin/​squid -k rotate +
-/​usr/​local/​bin/​sarg +
- +
-[gate:~] # chmod +x /​usr/​local/​etc/​rc.d/​sarg.sh  +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ apt-get install sarg +
- +
-root@gate:​~#​ /​etc/​cron.daily/​sarg +
-Результаты на следующий день +
-</​code>​ +
- +
-Проверка:​ +
-Наберите в MSIE http://​gate.corpX.un/​squid-reports/​ +
- +
-===== Антивирусная защита web трафика ​===== +
- +
-==== Запуск демона антивируса ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~] # cat /​etc/​rc.conf +
-... +
-clamav_clamd_enable="​YES"​ +
- +
-[gate:~] # /​usr/​local/​etc/​rc.d/​clamav-clamd start +
- +
-[gate:~] # ls -l /​var/​run/​clamav/​clamd.sock +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ /​etc/​init.d/​clamav-daemon start +
- +
-root@gate:​~#​ ls -l /​var/​run/​clamav/​clamd.ctl +
-</​code>​ +
- +
-=== FreeBSD/​Ubuntu === +
-<​code>​ +
-gate# clamdscan virus.zip +
-</​code>​ +
- +
-==== Установка и настройка ​пакета для связи squid и clamav (squidclamav) ==== +
- +
-=== FreeBSD === +
-<​code>​ +
-[gate:~# pkg_add -r squidclamav +
-</​code>​ +
-или +
-<​code>​ +
-[gate:~# cd /​usr/​ports/​security/​squidclamav +
-[gate:​ports/​security/​squidclamav] # make install clean +
-</​code>​ +
- +
-<​code>​ +
-[gate:~] # cat /​usr/​local/​etc/​squidclamav.conf +
-proxy http://​127.0.0.1:​3128/​ +
-logfile /​var/​log/​squidclamav.log +
-redirect http://​gate.corpX.un/​cgi-bin/​test-cgi +
-clamd_local /​var/​run/​clamav/​clamd.sock +
- +
-[gate:~] # touch /​var/​log/​squidclamav.log +
- +
-[gate:~] # chown squid /​var/​log/​squidclamav.log +
-</​code>​ +
- +
-=== Ubuntu === +
-<​code>​ +
-root@gate:​~#​ apt-get install libcurl4-openssl-dev +
- +
-root@gate:​~#​ wget http://​www.darold.net/​projects/​squidclamav/​squidclamav-4.0.tar.gz +
- +
-root@gate:​~#​ tar -xvf squidclamav-4.0.tar.gz +
- +
-root@gate:​~#​ cd squidclamav-4.0 +
- +
-root@gate:​~/​squidclamav-4.0#​ ./configure --prefix=/​usr/​local/​ +
- +
-root@gate:​~/​squidclamav-4.0#​ make && make install +
- +
-root@gate:​~/​squidclamav-4.0#​ mkdir /​usr/​local/​etc +
- +
-root@gate:​~/​squidclamav-4.0#​ cp squidclamav.conf.dist /​usr/​local/​etc/​squidclamav.conf +
- +
-root@gate:​~#​ cat /​usr/​local/​etc/​squidclamav.conf +
-squid_ip 127.0.0.1 +
-squid_port 3128 +
-logfile /​var/​log/​squidclamav.log +
-redirect http://​gate.corpX.un/​cgi-bin/​test-cgi +
-clamd_local /​var/​run/​clamav/​clamd.ctl +
-content ^.*\/.*$ +
- +
-root@gate:​~#​ touch /​var/​log/​squidclamav.log +
- +
-root@gate:​~#​ chown proxy:proxy /​var/​log/​squidclamav.log +
-</​code>​ +
- +
-==== Настройка squid на использование squidclamav ==== +
-<​code>​ +
-gate# cat squid.conf +
-... +
-redirector_access deny localhost +
-acl our_networks src 192.168.X.0/​24 127.0.0.1 +
-... +
-url_rewrite_program /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf +
-... +
-</​code>​ +
- +
-==== Отладка ==== +
-<​code>​ +
-gate# /​usr/​local/​bin/​squidclamav /​usr/​local/​etc/​squidclamav.conf +
-SquidClamav running as UID 0: writing logs to stderr +
-Thu Dec  4 16:06:14 2008 LOG Reading configuration from /​usr/​local/​etc/​squidclamav.conf +
-Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started +
-</​code><​code>​http://​val.bmstu.ru/​virus.zip 195.19.32.14 squid GET</​code><​code>​ +
-Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://​gate.corpX.un/​cgi-bin/​test-cgi?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=squid&​virus=stream:​+Worm.Sober.U-3+FOUND +
-http://​gate.corpX.un/​cgi-bin/​printenv?​url=http://​val.bmstu.ru/​virus.zip&​source=195.19.32.14&​user=mylog&​virus=stream:​+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET +
-</​code>​ +
- +
-===== Ограничение ​доступа к ресурсам ​===== +
- +
-==== FreeBSD ==== +
-<​code>​ +
-[gate:~] # cd /​usr/​local/​etc/​squid/​ +
-</​code>​ +
- +
-==== Ubuntu ==== +
-<​code>​ +
-root@gate:​~#​ cd /​etc/​squid/​ +
-</​code>​ +
- +
-==== FreeBSD/​Ubuntu ==== +
-<​code>​ +
-gate# cat deny_hosts.txt +
-.*odnok.* +
-.*com\/.* +
- +
-gate# cat squid.conf +
-... +
-acl our_networks src 192.168.100+X.0/​24  +
-acl full_access src 192.168.100+X.100 127.0.0.1 +
- +
-#For FreeBSD +
-acl deny_hosts url_regex "/​usr/​local/​etc/​squid/​deny_hosts.txt"​ +
-#For Ubuntu +
-acl deny_hosts url_regex "/​etc/​squid/​deny_hosts.txt"​ +
- +
-http_access allow full_access +
-http_access allow our_networks !deny_hosts +
-... +
- +
-gate# squid -k check +
-gate# squid -k reconfigure +
-</​code>​ +
- +
-===== Настройка "​прозрачного"​ (transparent) http proxy ===== +
- +
-==== С использованием WPAD (Web Proxy Auto-Discovery) ==== +
-<​code>​ +
-# cat /​etc/​namedb/​master/​corpX.un +
-... +
-wpad    A       ​192.168.X.1  +
-proxy   ​A ​      ​192.168.X.1 +
-... +
- +
-# cat /​usr/​local/​www/​data/​wpad.dat +
-function FindProxyForURL(url,​host) +
-+
-        return "PROXY proxy.corpX.un:​3128";​ +
-+
-</​code>​ +
- +
-==== С использованием перенаправления пакетов ==== +
- +
-=== Настойка ​SQUID === +
-<​code>​ +
-gate# diff squid.conf.default squid.conf +
-... +
-1127c1127 +
-< http_port 3128 +
---- +
-> http_port 3128 transparent +
-... +
- +
-gate# squid -k check +
- +
-gate# squid -k reconfigure +
-</​code>​ +
- +
-=== Настойка FreeBSD (pf) === +
-<​code>​ +
-[gate:~# cat /​etc/​pf.conf +
-... +
-rdr proto tcp from 192.168.X/​24 to any port 80 -> 127.0.0.1 port 3128 +
-... +
- +
-[gate:~] # /​etc/​rc.d/​pf reload +
-</​code>​ +
- +
-=== Настойка Ubuntu (iptables) === +
-<​code>​ +
-root@gate:​~#​ iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/​24 --dport 80 -j REDIRECT --to-port 3128 +
-</​code>​ +
- +
-=== Мониторинг === +
-<​code>​ +
-gate# tail -f access.log +
-</​code>​ +
-==== С использованием групповых политик ==== +
- +
-[[Основы Windows]] +
сервис_http_proxy.1265187093.txt.gz · Last modified: 2013/05/22 13:50 (external edit)