真的感觉自己挺失败的,代理服务器第二次被人家盗用, 都怪自己不小心, 没把服务器的防火墙加到开机启动, 同时squid的也没有去加密码认证
感觉还是要细心, 运维就是要小心细心, 于是今中午抽出点时间给squid设定下密码这样以后即使防火墙忘记关闭,也不至于被人家白白盗用去干坏事
squid的配置如下:
# Recommended minimum configuration: # # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed visible_hostname ad1 acl ip1 myip 192.168.1.50 tcp_outgoing_address 192.168.1.50 ip1 # Squid normally listens to port 3128 http_port 192.168.1.50:54321 # Uncomment and adjust the following to add a disk cache directory. request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/libexec/passwd acl auth_user proxy_auth REQUIRED http_access allow auth_user
|
当然这个squid是自己编译安装的,网上的都是使用yum 要么是apt-get install 安装的 所以路径不同,我们的 auth_param 路径实在/usr/local/squid/libexec 中
后面的用户名认证文件我们使用httpd-tools 工具生成的 在centos上可以使用
yum -y install httpd-tools
|
然后:
接着生成密码文件:
htpasswd -c /usr/local/squid/libexec/passwd user1
|
接下来输入二次密码,确认。
最后就ok了 , 以后做任何事情一定要小心,要细心; 相信自己随着时间 会慢慢老练起来!
原文:https://blog.4u45.com/?p=663
via 细节的力量 https://xijie.wordpress.com/2013/04/08/%e7%bb%99squid%e4%bb%a3%e7%90%86%e6%9c%8d%e5%8a%a1%e5%99%a8%e5%8a%a0%e4%b8%8a%e5%af%86%e7%a0%81/
No comments:
Post a Comment