Let's summarize Squid

squid.conf#

squid.conf Explanation
http_port port number
visible_hostname hostname
hierarchy_stoplist Character string that does not use cache
maximum_object_size Maximum cacheable size
minimun_object_size Minimum cacheable size
maximum_object_size_in_memory Maximum file size in memory
ipcache_size Number of IP addresses to cache
cache_dir Parameters such as directory and capacity to store the cache
cache_mem Cache size in memory
cache_access_log Client access log
cache_log Cache log
ftp_user Password for anonymous FTP access
ftp_passive FTP passive mode
reference_age Cache retention period
request_header_max_size Maximum size of HTTP request header
request_body_max_size Maximum size of HTTP request body
reply_body_max_size Maximum size of response
acl Access control list settings
http_access Access control list control

Access control

acl##

Perform an access control list on a set of hosts and protocols.

Format: acl ACL name ACL type string or file name

ACL type Explanation
src Client-side IP
dst IP of the surrogate access server
srcdomain Client domain name
dstdomain Domain name of the surrogate access server
port Proxy access server port number
myport Client port number
arp MAC address
proto protocol
method HTTP method
time Valid time

http_access##

Use http_access to control the access control list.

Format: http_access allow | deny ACL name

Access control setting example

In the following example, access from 192.168.0.0/24 is prohibited.

squid.conf


acl test src 192.168.0.0/255.255.255.0
http_access deny test

Try it (Amazon Linux 2)

On AWS, well, you could use a NAT gateway. .. ..

Preparation

Allows clients to execute yum etc. via a proxy.

--Subnet --piblic-subnet (proxy server) --private-subnet (client)

--Security group

Proxy server settings

Part 1

Describe the CIDR of the target IP address or subnet directly in the Squid configuration file.

squid.conf


acl private-subnet src <CIDR for private subnets>
http_access allow private-subnet

Part 2

Describe the private IP address of the server you want to go through the proxy or CIDR of the subnet in /etc/squid/acl/whitelist.txt.

squid.conf


acl Whitelist dstdomain "/etc/squid/acl/Whitelist.txt"
http_access allow Whitelist
http_access deny all

Client side settings

/etc/yum.conf


proxy=http://<proxy private IP>:3128

/etc/wgetrc.


http_proxy=http://<proxy private IP>:3128
https_proxy=http://<proxy private IP>:3128

~/.curlrc


proxy=http://<proxy private IP>:3128

HTTP server and proxy server link

Summary of Apache Let's summarize Nginx

Recommended Posts

Let's summarize Squid
Let's summarize Apache
Let's summarize Chainer's reporting function
Let's briefly summarize LPIC level 1 (102)
Let's briefly summarize LPIC level 1 (101 editions)
Summarize Doc2Vec
Let's summarize the Python coding standard PEP8 (1)
Let's summarize the Python coding standard PEP8 (2)
Let's summarize the construction of NFS server
Let's summarize what you want to do.