sabato, Ottobre 1, 2022

Squid 2.6 transparent proxy

Introduzione

Dato che ho fatto fatica a creare una configurazione funzionante per squid che comprenda solo il proxyng (no caching) ed il monitoring tramite snmp, la posto qui come riferimento per me e gli altri.

Requisiti

  • Squid 2.6
  • snmp-tools (solo se si vuole abilitare il monitoring tramite snmp)
  • snmpd (solo se si vuole abilitare il monitoring tramite snmp)
  • mrtg (solo se si vuole abilitare il monitoring tramite snmp)

Configurazione

  • /etc/squid.conf
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
dns_nameservers 213.140.2.12 208.67.222.222 193.205.245.66
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access allow localhost
acl lan src 192.168.1.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
  • /etc/mrtg/mrtg.conf

La mib SQUID_MIB.txt (che io ho rinominato per comodita’) la si trova sotto /usr/share/squid/mib.txt

#
LoadMIBS: /usr/share/snmp/mibs/SQUID_MIB.txt
#
#
Target[proxy-hit]: cacheHttpHits&cacheServerRequests:[email protected]:3401
# If you are using Squid 2.6 or later, uncomment the following line
RouterName[proxy-hit]: cacheUniqName
MaxBytes[proxy-hit]: 100000
Title[proxy-hit]: HTTP Hits
Suppress[proxy-hit]: y
LegendI[proxy-hit]:  HTTP hits
LegendO[proxy-hit]:  HTTP requests
Legend1[proxy-hit]:  HTTP hits
Legend2[proxy-hit]:  HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero 
#
Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:[email protected]:3401
# If you are using Squid 2.6 or later, uncomment the following line
RouterName[proxy-srvkbinout]: cacheUniqName
MaxBytes[proxy-srvkbinout]: 76800
Title[proxy-srvkbinout]: Cache Server Traffic In/Out
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]:  Traffic In
LegendO[proxy-srvkbinout]:  Traffic Out
Legend1[proxy-srvkbinout]:  Traffic In
Legend2[proxy-srvkbinout]:  Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute, unknaszero

Articoli correlati

Netwrix acquisisce MATESO ampliando la propria offerta di soluzioni per la protezione delle identità

La soluzione di gestione delle password di MATESO consente l'accesso sicuro alle risorse aziendali e alle password personali da qualsiasi luogo. Netwrix, fornitore di sicurezza...

Digital Transformation


 

Noleggia una Tesla per il tuo evento ICT!

Categorie