giovedì, Marzo 28, 2024

Squid 2.6 transparent proxy

Introduzione

Dato che ho fatto fatica a creare una configurazione funzionante per squid che comprenda solo il proxyng (no caching) ed il monitoring tramite snmp, la posto qui come riferimento per me e gli altri.

Requisiti

  • Squid 2.6
  • snmp-tools (solo se si vuole abilitare il monitoring tramite snmp)
  • snmpd (solo se si vuole abilitare il monitoring tramite snmp)
  • mrtg (solo se si vuole abilitare il monitoring tramite snmp)

Configurazione

  • /etc/squid.conf
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
dns_nameservers 213.140.2.12 208.67.222.222 193.205.245.66
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access allow localhost
acl lan src 192.168.1.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
  • /etc/mrtg/mrtg.conf

La mib SQUID_MIB.txt (che io ho rinominato per comodita’) la si trova sotto /usr/share/squid/mib.txt

#
LoadMIBS: /usr/share/snmp/mibs/SQUID_MIB.txt
#
#
Target[proxy-hit]: cacheHttpHits&cacheServerRequests:[email protected]:3401
# If you are using Squid 2.6 or later, uncomment the following line
RouterName[proxy-hit]: cacheUniqName
MaxBytes[proxy-hit]: 100000
Title[proxy-hit]: HTTP Hits
Suppress[proxy-hit]: y
LegendI[proxy-hit]:  HTTP hits
LegendO[proxy-hit]:  HTTP requests
Legend1[proxy-hit]:  HTTP hits
Legend2[proxy-hit]:  HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero 
#
Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:[email protected]:3401
# If you are using Squid 2.6 or later, uncomment the following line
RouterName[proxy-srvkbinout]: cacheUniqName
MaxBytes[proxy-srvkbinout]: 76800
Title[proxy-srvkbinout]: Cache Server Traffic In/Out
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]:  Traffic In
LegendO[proxy-srvkbinout]:  Traffic Out
Legend1[proxy-srvkbinout]:  Traffic In
Legend2[proxy-srvkbinout]:  Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute, unknaszero

Articoli correlati

Non perdere il lancio online della Community GDPR Day: 26 marzo 2024

La sicurezza dei dati e delle informazioni non è più un'opzione, ma una necessità imprescindibile. Lo dimostrano i tanti attacchi informatici che, con frequenza...

Digital Transformation


 

Noleggia una Tesla per il tuo evento ICT!

Categorie