Squid 3.5.15 da squidGuard CentOS 7 (https da ACL)

Kyakkyawan kyau. Anan na kawo muku Squid 3.5 (barga) akan CentOS, yauwa !!!, idan sun gaya mani cewa dole ne inyi magana game da CentOS kuma masu karatu sun fada min squid 3.5 bai kara zube ba https y wani ya rubuto min imel yana neman tacewa ta kungiyoyi da abun ciki. Don haka na kawo muku sharhi don ku ga yadda na yi shi kuma za ku iya yi.

ok abubuwa na farko farko, ta yaya squid zai sani a cikin CentOS wannan sigar menene? 3.3.8, da ɗan ɗan lokaci, amma yana aiki. Koyaya ga waɗanda suke son rayuwa a halin yanzu, abu na farko shine a ƙara matattarar squid (ee, zaku iya zazzage tar.gz kuma ku tattara shi, amma hey ba za mu sake motsa motar ba a nan, wani ya riga ya tattara shi a cikin kunshin rpm, hahaha). A cikin Debian yana da jerin kwari, daga cikinsu ana tacewa kuma dole ne suyi amfani da wuraren adana Stretch

Kamar koyaushe, bana gaya muku cewa ku girka malware, wannan daga wiki ne na hukuma, duba NAN

vi /etc/yum.repo.d/squid.repo

[squid] suna = Squid repo na CentOS Linux - $ basearch
#IL madubi
baseurl = http: //www1.ngtech.co.il/repo/centos/$releasever/$basearch/
# baseurl = http: //www1.ngtech.co.il/repo/centos/7/$basearch/
failovermethod = fifiko
sa = 1
gpgcheck = 0

yum update

yum install squid3

Yanzu, idan kun karanta wasu sakonnin nawa masu daidaita squid ba matsala. Don haka a takaice NAN kuma zuwa ajiya NAN. Shin wasu abubuwa suna canzawa? Da kyau, kamar kowane Linux, wasu fayiloli suna nan kuma basa nan, amma saitunan iri ɗaya ne. Amma don kar ku ce ni mugu ne, wannan shine mafi ƙarancin abin da ya kamata ku saka

acl localnet src 172.16.0.0/21 # RFC1918 mai yiwuwa cibiyar sadarwar cikin gida

http_access bada izinin localnet

http_port 172.16.5.110: 3128

gudu da wadannan umarni don ƙirƙirar cache sarari

squid -z

Sannan na gaba don tabbatar da cewa fayil ɗin daidaitawa daidai ne

squid -k parse

a ƙarshe mun sake farawa sabis ɗin

systemctl squid restart

Yanzu tunda muna tace http da https, kuma munada sauki acls, amsar itace ---> SquidGuard. Kodayake, ba kowa ya inganta squidguard ba, ta hanyar rarrabawa iri ɗaya kuma ana kiyaye ta kuma ba ni da wata 'yar karamar ma'ana idan wani takamaiman ƙungiyar ta keɓe ga wannan kunshin, amma, gaskiyar ita ce tana aiki kuma ana ci gaba da kiyaye ta kullum ana sabunta shi.

yum install squidGuard

Kamar yadda na fada, tare da squidguard zaka iya tace zirga-zirga ta jerin sunayen bakar fata (jerin sunayen baki) ko kuma bada izini ta cikin jerin fararen (jerin sunayen)

Dole ne ku ƙara waɗannan layukan masu zuwa squid.conf:

Wannan yana nuna wane shirin ne zai kasance mai kula da zirga-zirgar ababen hawa, inda binary da fayil ɗin sanyi suke.

url_rewrite_program / usr / bin / squidGuard -c /etc/squid/squidGuard.conf

Wannan yana nuna yawan matsakaita masu juyawa zasu wanzu (150) don halartar buƙatun, ƙarami nawa suka fara da squid (120), nawa za a ajiye su (1), idan za su iya halartar fiye da buƙata 1 a lokaci guda (0)

url_rewrite_children farawa 150 = 120 mara aiki = daidaituwa 1 = 0

Idan har ba a samu ko da rediyo ba, mutumin ba zai iya kewayawa ba, wanda hakan ya dace, ba ma son kowa ya yi ta yawo cikin sauki. A cikin log ɗin zai faɗi kuskure lokacin da wannan ya faru kuma yakamata ku kimanta ƙara adadin masu turawa.

url_rewrite_mafita kashe

Yaya akeyin Acl da tacewa?

Abu na farko shine zazzage cikakken jerin sunayen baƙi don farawa daga NAN, zaka iya kirkirar kuma zanyi bayanin yadda, kasa kwancewa a / var / squidGuard / wannan ta tsoho a centos, amma a wasu kuma shine / var / lib / squidguard /

tar -xvzf bigblacklist.tar.gz /var/squidGuard/

chown -R  squid. /var/squidGuard/

Dole ne ku shiga squidguard.conf:

Bayyana inda jerin sunayen suke da kuma inda za'a adana rajistan ayyukan.

dbhome / var / squidGuard / jerin sunayen waƙoƙi

logdir / var / log / squidGuard /

Yanzu ana kula da squid guard tare da 3 tags src, dest, acl.

A ce ina son ƙirƙirar rukunin "iyakantacce" a cikin src, na bayyana ƙungiyar kanta da duk ip ɗin da ke cikin wannan rukunin

Src iyakance {
ip 172.168.128.10 # pepito perez bayanai
ip 172.168.128.13 # andrea perez bayanai
ip 172.168.128.20 # carolina perez bayanai
}

Yanzu ga - kirkira da bayyana jerin, yana tare da alamar ƙaddara Mai mahimmanci!, Dole ne ku fahimci yadda zaku iya toshe shafi

  • -Da misali yanki: facebook.com, za a toshe duk yankin
  • -Misali urlist: facebook.com/juegos wannan yana nufin cewa kawai url an toshe shi daga sauran zan iya zagaya duk facebook
  • -Na karshe jerin sunayen misali facebook, to duk wani shafi da yake da facebook an rubuta, koda kuwa shafin labarai ne wanda yake magana akan wani labarin kuma ya ambaci facebook a jikinshi to zai toshe shi.

lalata batsa {
yankin yanki batsa / yankuna
urlist batsa / urls
jerin sunayen batsa / maganganu
}

Yanzu mun bayyana cewa zaku toshe ko a'a kuma wane mataki zaku dauka idan hakan ta faru. Duk yana farawa tare da lakabi ACL, a ciki akwai adadin 'n' ƙungiyoyi. Ci gaba da misali "iyakantacce", alamar wucewa don komawa zuwa jerin abubuwa da zirga-zirga, idan kalmar mahimmanci tana da alamar motsin rai (!) a farkon tana nufin cewa ba a yarda da shi ba, in ba haka ba ee, koda kuwa yana cikin jerin da aka musanta a baya.

A cikin wannan misalin, muna da iyakantaccen rukuni, wanda a ciki akwai mai saiti ko jerin farare don ba da izinin wasu zirga-zirgar da za a iya toshe su a cikin sauran jerin sunayen baƙin (!), Sannan a gama jumla da «wani»Don nuna cewa idan bai dace da kowane jeri ba to ya ba da izinin wannan zirga-zirgar. Idan ya ƙare tare da lakabin «m»Ba zai ba da izinin wannan zirga-zirgar ba. A ƙarshe lakabin sake turawa, don nuna wane mataki za a ɗauka yayin toshe shafi a wannan yanayin sai mu aika shi zuwa google.

Ga misali na sanya jerin sunayen da aka toshe da yawa, amma ku tuna cewa dole ne a bayyana su a cikin lalacewa, haka nan ba duk jerin sunayen suna da urlist, listlist ko yanki ba saboda haka ya kamata ku duba da kyau.

acl {ku
iyakance {
wuce wurin nunawa! batsa! babba! jima'i! wakili! spyware! malware! hacking! mixed_adult! naturism! darikar! ! desktopsillies! lalata, tarzoma, m-sarrafawa! neman aiki! wayoyin salula! ! Labarai! mujallu! manga! arjel! taba! frencheducation! fitacce! bitcoin!
turawa http://google.com?
} #fin iyaka
} #karshen acl

Muna sake shigar da dukkan jerin

squidGuard -b -C ALL

Idan squidguard a shirye don buƙata ta bayyana a cikin log, to muna shirye don farawa da

systemctl squid restart

Na gode da komai, Ina fata za ku ci gaba da rubuce-rubuce a cikin tsokaci, kuma ku mai da hankali ga duk sakonnin na.

 


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

8 comments, bar naka

Bar tsokaci

Your email address ba za a buga.

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   yilin m

    kun yi ƙoƙarin ƙaryatãwa game da hotunan batsa da duk maganganun da ke cikin https kuma musamman lokacin bincike tare da google

  2.   edgar m

    lokacin da sarg manual zai dace da na squid

  3.   edgar m

    lokacin da sarg manual don taimaka squid,

  4.   snklb m

    Shin yayi muku aiki da https?

  5.   warwarewarwuin m

    Hannuna Ina buƙatar taimakon ku, lokacin da zaku iya rubuto min Pedroza

  6.   m m

    SHIN WANNAN SHIRI NE NA HANYAR SHIRYA KO TA TAFIYA?

  7.   JULY m

    SHIN WANNAN SHIRI NE NA HANYAR SHIRYA KO TA TAFIYA?

  8.   sassan Linux m

    Yaushe kuka sanya squidguard !!!!