真的感觉自己挺失败的,代理服务器第二次被人家盗用, 都怪自己不小心, 没把服务器的防火墙加到开机启动, 同时squid的也没有去加密码认证
感觉还是要细心, 运维就是要小心细心, 于是今中午抽出点时间给squid设定下密码这样以后即使防火墙忘记关闭,也不至于被人家白白盗用去干坏事
squid的配置如下:
# Recommended minimum configuration: # # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed visible_hostname ad1 acl ip1 myip 192.168.1.50 tcp_outgoing_address 192.168.1.50 ip1 # Squid normally listens to port 3128 http_port 192.168.1.50:54321 # Uncomment and adjust the following to add a disk cache directory. request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/libexec/passwd acl auth_user proxy_auth REQUIRED http_access allow auth_user |
当然这个squid是自己编译安装的,网上的都是使用yum 要么是apt-get install 安装的 所以路径不同,我们的 auth_param 路径实在/usr/local/squid/libexec 中
后面的用户名认证文件我们使用httpd-tools 工具生成的 在centos上可以使用
yum -y install httpd-tools |
然后:
接着生成密码文件:
htpasswd -c /usr/local/squid/libexec/passwd user1 |
接下来输入二次密码,确认。
最后就ok了 , 以后做任何事情一定要小心,要细心; 相信自己随着时间 会慢慢老练起来!
原文:https://blog.4u45.com/?p=663
--
Posted By GFW BLOG 功夫网与翻墙 to GFW BLOG(功夫网与翻墙) at 4/07/2013 04:25:00 PM --
--
1、翻墙利器赛风3下载地址: http://dld.bz/caonima326 ,http://dld.bz/caonima745/
2、我们的订阅地址:http://feeds2.feedburner.com/chinagfwblog
3、停止订阅,请发邮件到
gfw-blog+unsubscribe@googlegroups.com
翻越防火长城,你可以到达世界上的每一个角落。(Across the Great Firewall, you can reach every corner in the world.)
---
您收到此邮件是因为您订阅了 Google 网上论坛的"GFW Blog"论坛。
要退订此论坛并停止接收此论坛的电子邮件,请发送电子邮件到 gfw-blog+unsubscribe@googlegroups.com。
要查看更多选项,请访问 https://groups.google.com/groups/opt_out。
没有评论:
发表评论