informatica:linux:proxy
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
informatica:linux:proxy [2009/11/05 07:47] – editor externo 127.0.0.1 | informatica:linux:proxy [2015/04/13 20:19] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | 1. Mediante variables de entorno (Por probar) | + | ====== Proxy ====== |
- | 1.1 export http_proxy=" | + | squid proxy |
- | 1.2 export ftp_proxy=" | + | Squid es un proxy que sirve entre otras cosas para filtrar conexiones a internet |
- | 1.3 apt-setup | + | ===== Instalación ===== |
- | 2. Mediante la creación del fichero / | + | aptitude update && aptitude safe-upgrade |
- | 2.1 Crear ese fichero | + | ===== Configuración ===== |
- | 2.2 Editarlo | + | En este ejemplo vamos a configurar squid para que solicite usuario |
- | Acquire | + | 1. Crear el archivo con las contraseñas: |
- | { | + | Si es la primera vez creamos el archivo con ' |
- | | + | |
- | { | + | |
- | Proxy "http://usuario: | + | |
- | }; | + | |
- | ftp | + | |
- | { | + | |
- | Proxy "http:// | + | |
- | }; | + | |
- | } | + | Subsiguientes usos: |
+ | htpasswd / | ||
+ | |||
+ | Teclear dos veces la contraseña. | ||
+ | |||
+ | 2. Copiar el archivo de configuración original: | ||
+ | |||
+ | mv / | ||
+ | |||
+ | 3. Crear un nuevo archivo de configuración: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | Con el siguiente contenido: | ||
+ | |||
+ | < | ||
+ | auth_param basic program / | ||
+ | auth_param basic children 5 | ||
+ | auth_param basic realm Proxy del nodo Biedmas | ||
+ | auth_param basic credentialsttl 2 hours | ||
+ | auth_param basic casesensitive off | ||
+ | |||
+ | acl all src all | ||
+ | acl manager proto cache_object | ||
+ | acl localhost src 127.0.0.1/ | ||
+ | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 | ||
+ | #acl localnet src 10.0.0.0/ | ||
+ | #acl localnet src 172.16.0.0/ | ||
+ | #acl localnet src 192.168.0.0/ | ||
+ | #acl localnet src 192.168.0.0/ | ||
+ | acl guifi src 10.228.172.0/ | ||
+ | acl autorizados proxy_auth REQUIRED | ||
+ | acl SSL_ports port 443 # https | ||
+ | acl SSL_ports port 563 # snews | ||
+ | acl SSL_ports port 873 # rsync | ||
+ | acl Safe_ports port 80 # http | ||
+ | acl Safe_ports port 21 # ftp | ||
+ | acl Safe_ports port 443 # https | ||
+ | acl Safe_ports port 70 # gopher | ||
+ | acl Safe_ports port 210 # wais | ||
+ | acl Safe_ports port 1025-65535 | ||
+ | acl Safe_ports port 280 # http-mgmt | ||
+ | acl Safe_ports port 488 # gss-http | ||
+ | acl Safe_ports port 591 # filemaker | ||
+ | acl Safe_ports port 777 # multiling http | ||
+ | acl Safe_ports port 631 # cups | ||
+ | acl Safe_ports port 873 # rsync | ||
+ | acl Safe_ports port 901 # SWAT | ||
+ | acl purge method PURGE | ||
+ | acl CONNECT method CONNECT | ||
+ | |||
+ | http_access allow autorizados guifi | ||
+ | |||
+ | http_access allow manager localhost | ||
+ | http_access deny manager | ||
+ | http_access allow purge localhost | ||
+ | http_access deny purge | ||
+ | http_access deny !Safe_ports | ||
+ | http_access deny CONNECT !SSL_ports | ||
+ | http_access allow localhost | ||
+ | http_access deny all | ||
+ | |||
+ | #icp_access allow localnet | ||
+ | #icp_access deny all | ||
+ | |||
+ | http_port 3128 | ||
+ | hierarchy_stoplist cgi-bin ? | ||
+ | access_log / | ||
+ | refresh_pattern ^ftp: | ||
+ | refresh_pattern ^gopher: | ||
+ | refresh_pattern -i (/ | ||
+ | refresh_pattern (Release|Package(.gz)*)$ | ||
+ | refresh_pattern . | ||
+ | |||
+ | acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] | ||
+ | |||
+ | upgrade_http0.9 deny shoutcast | ||
+ | |||
+ | acl apache rep_header Server ^Apache | ||
+ | |||
+ | broken_vary_encoding allow apache | ||
+ | |||
+ | extension_methods REPORT MERGE MKACTIVITY CHECKOUT | ||
+ | |||
+ | hosts_file /etc/hosts | ||
+ | |||
+ | coredump_dir / | ||
+ | </ | ||
+ | |||
+ | 4. Reiniciar squid: | ||
+ | |||
+ | / | ||
+ | |||
+ | Para solo recargar la configuración: | ||
+ | |||
+ | / | ||
+ | |||
+ | ===== Limitar el ancho de banda ===== | ||
+ | |||
+ | Un ejemplo patillero para limitar el ancho de banda de TODAS las conexiones. | ||
+ | |||
+ | 1. Editar: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | Y añadir el siguiente contenido: | ||
+ | |||
+ | < | ||
+ | ####################### | ||
+ | delay_pools 1 | ||
+ | delay_class 1 1 | ||
+ | delay_access 1 allow all | ||
+ | delay_parameters 1 300000/ | ||
+ | </ | ||
+ | |||
+ | 2. Grabar y salir | ||
+ | |||
+ | 3. Recargar la configuración de squid: | ||
+ | |||
+ | squid force-reload | ||
+ | |||
+ | ===== Formato de log ===== | ||
+ | |||
+ | Por defecto en '/ | ||
+ | |||
+ | 1. Editar: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | Y añadir el siguiente contenido: | ||
+ | |||
+ | < | ||
+ | ######################### | ||
+ | |||
+ | # Nuevo formato | ||
+ | logformat formato1 %tg %03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt | ||
+ | access_log / | ||
+ | |||
+ | # Quito el registro de lo que añade/ | ||
+ | cache_store_log none | ||
+ | </ | ||
+ | |||
+ | 2. Grabar y salir | ||
+ | |||
+ | 3. Recargar la configuración de squid: | ||
+ | |||
+ | squid force-reload |
informatica/linux/proxy.1257407274.txt.gz · Last modified: 2015/04/13 20:19 (external edit)