I will give you a little basic knowledge first. A proxy server software is based on the TCP/IP protocol. It monitors a special port such as 3128. A computer who runs a proxy server software is called a proxy server. If other computer want to connect to Internet through the proxy server, it should know the proxy server's IP address and proxy port such as 3128, which is used to config the communication software such as IE and ICQ.
The main function of proxy server is:
The proxy server can cache the website content that the clients visited, which can speed up the second visit.
The proxy server can give you access to the forbidden site. For example, the LAN administrator forbid your access to my-proxy.com, but you can also visit it through a proxy.
The proxy server can control the accesses of its clients. I will tell you more about it below.
Maybe you know another Linux software IPchains, which can also used as a access control tool. But the problem is that IPchains doesn't support DNS parsing. You have to list all the IP address of the websites you want to control. However it's different for Squid, you can simply forbid the access to the domain whose suffix is .tw or .cn by Squid while the DNS parsing is the work of ISP.
Now I will give you a example. We use a PC which has two network cards as our proxy server. The first network (eth0) connects to local area network (LAN) and the second one (eth1) connects to Internet. We use the RedHat Linux 8.0 and Squid (which comes with the OS).
Just like other Linux software, Squid works according to its config files. Its default config file is /etc /squid /squid.conf. It is more than ten pages and contains the config specification. However there are only a small part of them we will use, I list the most important options below. Most of them are open-and-shut.
http_port 3128
#the port that the proxy server monitors
cache_dir /var/cache/squid 100 16 32
#cache dir size(MB), the number of first level subdir, the number of second level subdir
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
acl all src 0.0.0.0/0.0.0.0
acl head src 192.168.0.2/255.255.255.255 192.168.0.3/255.255.255.255
acl normal src 192.168.0.21-192.168.0.99/255.255.255.255
acl denysite dstdomain tw cn
acl denyip dst 61.136.135.04/255.255.255.255
acl dnsport port 53
http_access allow head
http_access deny denysite
http_access deny denyip
http_access allow normal
http_access deny dnsport
We can know from the config file that:
Squid will monitor the port 3128
The cache dir is /var/cache/squid and its size is 100MB
The users 192.168.0.2 and 192.168.0.3 can access all the websites
The users 192.168.0.21-192.168.0.99 can't visit the website whose domain suffix is .tw or .cn
The users 192.168.0.21-192.168.0.99 can not visit the website whose IP is 61.136.135.4
Other users can not connect to server whose port is 53
It's obvious that the config file use keyword "acl" to define user groups & destination groups and use "http_access" to control the access of the groups. There different keywords after "acl" such as "src","dst","proto","port" and "dstdomain". You can also use "acl
3 comments:
[B]NZBsRus.com[/B]
Lose Sluggish Downloads Using NZB Files You Can Rapidly Search HD Movies, Games, Music, Applications & Download Them @ Electric Rates
[URL=http://www.nzbsrus.com][B]Newsgroup Search[/B][/URL]
It isn't hard at all to start making money online in the undercover world of [URL=http://www.www.blackhatmoneymaker.com]blackhat tools[/URL], Don’t feel silly if you have no clue about blackhat marketing. Blackhat marketing uses little-known or misunderstood ways to generate an income online.
top [url=http://www.xgambling.org/]free casino bonus[/url] check the latest [url=http://www.casinolasvegass.com/]casino games[/url] unshackled no store perk at the leading [url=http://www.baywatchcasino.com/]charitable casino games
[/url].
Post a Comment