I-squid 3.5.15 kunye ne-squidGuard CentOS 7 (https kunye ne-ACL)

Kuhle kuhle. Apha ndikuzisela i-squid 3.5 (ezinzile) kwi-CentOS, ah wow!!!Ewe, bandixelele ukuba kufuneka ndithethe ngeCentOS kunye Abafundi bam bandixelele ukuba squid 3.5 ayisahluzwa https y Umntu undibhalele i-imeyile ecela ukuhluza ngokwamaqela kunye nomxholo. Ngoko ke ndikuzisela uphononongo ukuze ubone ukuba ndiyenze njani kwaye uzenzele ngokwakho.

Ok izinto zokuqala kuqala, uya kwazi njani ukuba i-squid kwi-CentOS ikuyiphi inguqulelo? 3.3.8, iphelelwe lixesha, kodwa iyasebenza. Nangona kunjalo, kwabo bathanda ukuhlala ngoku, into yokuqala kukudibanisa indawo yokugcina i-squid (ewe, unokukhuphela i-tar.gz kwaye uyiqokelele, kodwa, hey, asizuphinda siqalise ivili apha, umntu sele eyiqulunqe kwiphakheji ye-rpm, hahaha). Kwi-Debian inothotho lweebugs, kubandakanya ukuhluza kwaye kufuneka basebenzise i-Stretch repositories

Njengamaxesha onke, andikuxeleli ukuba ufake i-malware, le ivela kwi-squid wiki esemthethweni, yijonge. LAPHA

vi /etc/yum.repo.d/squid.repo

[squid] name=Irepo yeskwidi ye-CentOS Linux – $basearch
#IL isipili
baseurl=http://www1.ngtech.co.il/repo/centos/$releasever/$basearch/
#baseurl=http://www1.ngtech.co.il/repo/centos/7/$basearch/
failovermethod = okuphambili
inikwe amandla = 1
gpgcheck = 0

yum update

yum install squid3

Ngoku, ukuba ufunde ezinye izithuba zam, ukuqwalasela iSquid akuyi kuba yingxaki. Ngoko isishwankathelo LAPHA kunye ne-cache LAPHA. Ngaba ezinye izinto ziyatshintsha?Kulungile, njengazo zonke iLinux, ezinye iifayile zilapha kwaye azikho phaya, kodwa ubumbeko luyafana. Kodwa ke awutsho ukuba ndingumntu okhohlakeleyo, le yeyona nto incinci ekufuneka uyibeke

acl localnet src 172.16.0.0/21 #RFC1918 inethiwekhi enokwenzeka yangaphakathi

http_access vumela i-localnet

http_port 172.16.5.110: 3128

sebenzisa lo myalelo ulandelayo ukwenza isithuba sakho se-cache

squid -z

Emva koko oku kulandelayo ukuqinisekisa ukuba ifayile yoqwalaselo ichanekile

squid -k parse

ekugqibeleni siqalisa kwakhona inkonzo

systemctl squid restart

Ngoku ekubeni sihluza i-http kunye ne-https, kwaye senze ii-acls ezilula, impendulo ithi--> Isikwidigu, le ndoda isihluzi somxholo kunye nomlawuli wetrafikhi, ngeli xesha kukho inani elikhulu labantu abakhetha i-dansguardian, oku akusiyo imeko yam. Nangona i-squidguard ingasaphuhliswanga nguye nabani na othile, igcinwa ngonikezelo olufanayo kwaye andinalo nofifi lokuba nawuphi na umbutho othile uzinikele kule phakheji, nangona kunjalo, inyaniso kukuba iyasebenza kwaye isagcinwa.

yum install squidGuard

Njengoko benditshilo, ngesquidguard ungahluza itrafikhi ngoluhlu olumnyama okanye uvumele ngoluhlu olumhlophe.

Kufuneka wongeze le migca ilandelayo kwisquid.conf:

Oku kubonisa ukuba yeyiphi inkqubo eya kuba noxanduva lokucoca itrafikhi, apho i-binary kunye nefayile yoqwalaselo ibekwe khona.

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Oku kubonisa ukuba bangaphi na abalawuli ngokutsha abaya kubakho (i-150) abaza kuhoya izicelo, bangaphi na abo bancinane abaqala ngeskwidi (120), bangaphi abaya kugcinwa kwindawo yogcino (1), ukuba banokuzimasa ngaphezu kwesicelo esinye ngaxeshanye. (1)

url_rewrite_children 150 startup=120 engasebenziyo=1 concurrency=0

Ukuba akukho nolawulo olukhoyo, umntu akayi kukwazi ukukhangela, eyona nto ifanelekileyo, asifuni nabani na ukuba akhangele ngokukhululekileyo. Ilog iya kuthetha impazamo xa oku kusenzeka kwaye kufuneka uvavanye ukwandisa inani labaqondisi kwakhona.

url_rewrite_bypass off

Indlela yokwenza i-ACL kunye nokucoca?

Into yokuqala kukukhuphela uluhlu olumnyama olupheleleyo ukuqala kwakhona. LAPHA, ungenza kwakhona kwaye ndiya kuchaza ukuba njani, decompress kwi /var/squidGuard/ oku ngokungagqibekanga kwi centos, kodwa kwabanye ngu /var/lib/squidguard/

tar -xvzf bigblacklist.tar.gz /var/squidGuard/

chown -R  squid. /var/squidGuard/

Kufuneka ufake squidguard.conf:

Xela ukuba ziphi izintlu kunye nalapho iilogi ziya kugcinwa khona.

dbhome /var/squidGuard/blacklists

logdir /var/log/squidGuard/

Ngoku unogada weskwidi uphathwa ngeethegi ezi-3 src, dest, acl.

Masithi ndifuna ukwenza iqela "elilinganiselweyo" kwi-src, ndiyabhengeza iqela ngokwalo kunye nazo zonke ii-IP zelo qela.

src lilinganiselwe {
ip 172.168.128.10 # pepito perez informatica
ip 172.168.128.13 # andrea perez informatica
ip 172.168.128.20 # carolina perez informatica
}

Ngoku ze yenza kwaye ubhengeze uluhlu, Ikunye neyona tag. Kubalulekile!, kufuneka uqonde ukuba ungabhloka njani iphepha

• -Ngokomzekelo wesizinda: facebook.com, i-domain yonke iya kuvalwa
• -Ngokomzekelo urllist: facebook.com/juegos oku kuthetha ukuba kuphela le url ivaliwe kwaye abanye ndiyakwazi ukukhangela yonke Facebook
• -Ekugqibeleni umzekelo woluhlu lwe-facebook, ngoko naliphi na iphepha eline-facebook elibhaliweyo kuyo, nokuba liphepha leendaba elibhekiselele kwinqaku kwaye likhankanya i-facebook emzimbeni walo, liya kuvalelwa.

eyona porn {
i-domainlist porn/domains
urllist porn/urls
Uluhlu lokubonisa amanyala / intetho
}

Ngoku sibhengeza ukuba uya kuvala okanye hayi kwaye leliphi inyathelo oya kulithatha xa lisenzeka. Konke kuqala ngeleyibhile ACL, ngaphakathi kukho 'n' inani lamaqela. Ukuqhubela phambili ngomzekelo "olinganiselweyo", ithegi yokupasa ukwenza iireferensi kuluhlu kunye netrafikhi, ukuba igama elingundoqo line uphawu lwesikhuzo (!) ekuqaleni lubhekisa kwinto engavumelekanga, kungenjalo ewe, nokuba ikuluhlu olwaliwe ngaphambili.

Kulo mzekelo, sineqela elilinganiselweyo, apho kukho uluhlu olumhlophe ukuvumela i-traffic ethile mhlawumbi ivaliwe kolunye uluhlu lwabamnyama (!), Emva koko isivakalisi siphela nge «ikhona»ukubonisa ukuba ayihambelani nalo naluphi na uluhlu ngoko ivumela loo traffic. Ukuba iphelile ngethegi «nanye»ayiyi kuvumela loo traffic. Ekugqibeleni ileyibhile ezingo-, ukubonisa ukuba leliphi inyathelo ekufuneka lithathwe xa uvala iphepha, kulo mzekelo silithumela kuGoogle.

Nanku umzekelo, ndibeka uluhlu oluninzi oluvaliweyo, kodwa khumbula ukuba kufuneka zibhengezwe kwi-dest, kananjalo ayilulo lonke uluhlu olunoluhlu lwe-urllist, i-expressionlist okanye uluhlu lwesizinda ngoko kufuneka ujonge ngononophelo.

i-acl {
umda {
dlula whitelist !porn !omdala !umntu omdala !proxy !spyware !malware !ixube !desktopsillies !imfundo yezesondo !ubundlobongela !remote-control !jobsearch !iselula !ecommerce !beerliquorsale !radio !socialnetworking !social_networking !uthumo lwangoko !incoko !umyalezo-umyalezo!ividiyo!sportsport!ividiyo!sportsport! !imfonomfono-mfono !lingerie !magazines !manga !arjel !icuba !frencheducation !osaziwayo !bitcoin !blog nayiphi na
phinda uqondise http://google.com?
} #isiphelo silinganiselwe
} #end acl

Siphinda silayishe zonke izintlu

squidGuard -b -C ALL

Ukuba kwilog, i-squidguard elungele isicelo ibonakala, ngoko sikulungele ukuqala

systemctl squid restart

Enkosi ngayo yonke into, ndiyathemba ukuba uqhubeka nokubhala kwizimvo, kwaye ubeke ingqalelo kuzo zonke izithuba zam.