Squid Sarg log, ACL access control, reverse proxy

Experimental environment

squid server ens33:192.168.13.184
                                        ens36:192.168.10.1 (host mode only)
web server 192.168.13.151
 client 192.168.10.10 (host mode only)

I. ACL access control

1. Modify the configuration file on the squid server

[root@squid ~]# vim /etc/squid.conf  ##Modify profile
# should be allowed
acl hostlocal src 192.168.10.10/32  ##Host controlling hostlocal10.10
# Deny requests to certain unsafe ports
http_access deny hostlocal  ##access denied
[root@squid ~]# service squid reload   ##Restart the squid service

2. Visit the web page on the tester

Second, sarg log

1. Install sarg on the squid server

[root@squid ~]# mount.cifs //192.168.100.3/LNMP-C7 /mnt / × mount
Password for root@//192.168.100.3/LNMP-C7:  
[root@squid ~]# cd /mnt/
[root@squid mnt]# tar zxvf sarg-2.3.7.tar.gz -C /opt/   ##decompression
[root@squid mnt]# cd /opt/sarg-2.3.7/
[root@squid sarg-2.3.7]# yum install gd gd-devel -y  ##Install gd Library
[root@squid sarg-2.3.7]# ./configure --prefix=/usr/local/sarg \  ##Installation path
> --sysconfdir=/etc/sarg \   ##configuration file
> --enable-extraprotection  ##Turn on safety protection
[root@squid sarg-2.3.7]# make && make install  ##Compilation and installation

2. Modify sarg configuration file

[root@squid sarg-2.3.7]# vim /etc/sarg/sarg.conf  ##Modify sarg profile
##Turn on the following module modification
access_log /usr/local/squid/var/logs/access.log  ##Specify access log file
title "Squid User Access Reports"  ##Page title
output_dir /var/www/html/squid-reports  ##Report output directory
user_ip no  ##Display with user name
exclude_hosts /usr/local/sarg/noreport  ##Site list files not counted in sorting
topuser_sort_field connect reverse  
##In top sorting, there are connection times, access bytes, descending order, and ascending order is normal
overwrite_report no  ##Whether to overwrite the log with the same name
mail_utility mailq.postfix  ##Send mail report command
charset UTF-8  ##Use character set
weekdays 0-6  ##Time period of top ranking
hours 0-23  ##Time period of top ranking
www_document_root /var/www/html  ##Page root
[root@squid ~]# sarg   ##Generate report
SARG: Record in file: 91, reading: 100.00%
SARG: Successfully generated report on /var/www/html/squid-reports/2019Dec11-2019Dec12
[root@squid sarg-2.3.7]# cd /var/www/html/squid-reports/  ##Switch to html directory
[root@squid squid-reports]# ls
2019Dec11-2019Dec12   images  index.html
[root@squid squid-reports]# yum install httpd -y  ##Install httpd service
[root@squid squid-reports]# systemctl start httpd.service  ##Open service
[root@squid squid-reports]# systemctl stop firewalld.service   ##Turn off firewall
[root@squid squid-reports]# setenforce 0

3. Use the tester to visit the webpage to view the visit records

##Periodic scheduled task execution generates report crontab every day
sarg -l /usr/local/squid/var/logs/access.log -o /var/www/html/squid-reports/ -z -d $(date -d "1 day ago" +%d/%m/%Y)-$(date +%d/%m/%Y)

Third, squid reverse agent

squid server ens33:192.168.13.184
                                        ens36:192.168.10.1 (host mode only)
web1 server 192.168.13.151
 web2 server 192.168.13.185
 client 192.168.10.10 (host mode only)

1. Edit a web page content on the web1 server

[root@web ~]# cd /var/www/html/
[root@web html]# vim index.html  ##Edit page content
<h1>this is test web!</h1>

2. Visit the web page on the tester

3. Edit a web page content on the web2 server

[root@web2 ~]# systemctl stop firewalld.service   ##Turn off firewall
[root@web2 ~]# setenforce 0
[root@web2 ~]# yum install httpd -y   ##Install httpd service
[root@web2 ~]# cd /var/www/html/   ##Create web content
[root@web2 html]# vim index.html
<h1>this is test2 web!</h1>
[root@web2 html]# systemctl start httpd.service

4. Configure the reverse proxy on the squid service

[root@localhost squid]# vim /etc/squid.conf
# Squid normally listens to port 3128
http_port 192.168.13.184:80 accel vhost vport ##Monitor local port 80
cache_peer 192.168.13.151 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
##Node server 1 maximum access 30, weight 1, alias web1
cache_peer 192.168.13.185 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
cache_peer_domain web1 web2 www.yun.com  ##Visit yun.com to match web1 and web2 nodes
[root@localhost squid]# service squid restart  ##Restart the squid service

5. Configure the domain name address resolution under the admin user of the test machine, and set the proxy

Thank you for reading!

Posted by madsporkmurderer on Tue, 17 Dec 2019 07:29:40 -0800

Programmer Group

Squid Sarg log, ACL access control, reverse proxy

Experimental environment

I. ACL access control

1. Modify the configuration file on the squid server

2. Visit the web page on the tester

Second, sarg log

1. Install sarg on the squid server

2. Modify sarg configuration file

3. Use the tester to visit the webpage to view the visit records

Third, squid reverse agent

1. Edit a web page content on the web1 server

2. Visit the web page on the tester

3. Edit a web page content on the web2 server

4. Configure the reverse proxy on the squid service

5. Configure the domain name address resolution under the admin user of the test machine, and set the proxy

Thank you for reading!

Hot Keywords