squid-2.6之Web反向代理加速实做/防盗链/防盗用/防爬虫

wwtest137#configure --prefix=/usr/local/squid --enable-dlmalloc --with-pthreads --enable-poll --disable-internal-dns --enable-stacktrace --enable-removal-policies="heap,lru" --enable-delay-pools --enable-storeio="aufs,coss,diskd,ufs" --with-maxfd=65536

这个--with-maxfd参数是增大squid文件描述符到65536
wwwtest137#make
wwwtest137#make install

配置apache
将httpd.conf中 Listen 80
改成Listen 127.0.0.1：80

配置squid.conf
清空默认配置文件
> squid.conf
将下面配置copy到squid.conf

http_port 222.18.63.37:80 vhost vport

#防止天涯盗链，转嫁给百度
acl tianya referer_regex -i tianya
http_access deny tianya
deny_info tianya
#阻止baidu蜘蛛
acl baidu req_header User-Agent Baiduspider
http_access deny baidu
#限制同一IP客户端的最大连接数
acl OverConnLimit maxconn 128
http_access deny OverConnLimit

#防止被人利用为HTTP代理，设置允许访问的IP地址
acl myip dst 222.18.63.37
http_access deny !myip

#允许本地管理
acl Manager proto cache_object
acl Localhost src 127.0.0.1 222.18.63.37
http_access allow Manager Localhost
cachemgr_passwd 53034338 all
http_access deny Manager

#仅仅允许80端口的代理
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80 # http
http_access deny !Safe_ports
http_access allow all

#Squid信息设置
visible_hostname happy.swjtu.edu.cn
cache_mgr  cifan.h@gmail.com

#基本设置
cache_effective_user squid
cache_effective_group squid
tcp_recv_bufsize 65535 bytes

#2.6的反向代理加速配置
cache_peer 127.0.0.1 parent 80 0 no-query originserver

#错误文档
error_directory /usr/local/squid/share/errors/Simplify_Chinese

#单台使用，不使用该功能
icp_port 0

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \? .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache


refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

cache_store_log none
pid_filename /usr/local/squid/var/logs/squid.pid
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
cache_log /usr/local/squid/var/logs/cache.log
access_log /usr/local/squid/var/logs/access.log combined
coredump_dir /usr/local/squid/var/cache
cache_dir ufs /usr/local/squid/var/cache 10000 16 256

dns_children 32
hosts_file /etc/hosts

cache_mem 400 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 32768 KB
maximum_object_size_in_memory 4096 KB
emulate_httpd_log on


#防止盗链
acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$
acl mystie1 referer_regex -i happy.swjtu.edu.cn
http_access allow mystie1 picurl
acl nullref referer_regex -i ^$
http_access allow nullref
acl hasref referer_regex -i .+
http_access deny hasref picurl




chown -R squid.squid  /usr/local/squid/var/


首次运行squid要先建立缓存

/usr/local/squid/sbin/squid -z

启动squid

echo "65535" > /proc/sys/fs/file-max
ulimit -HSn 65535
/usr/local/squid/sbin/squid

大家最好把这几句话放到squid启动脚本里面，这样才会获得65536文件描述符

最好还编辑/etc/hosts 文件
添加以下内容

xx.xx.xx.xx aaa.com www.aaa.com bbb.com www.bbb.com

这样免去查询DNS，速度也快一些


现在大家肯定急着要打开浏览器访问你的网站看看效果吧，其实没啥变化，要等到有流量访问，squid把文件都装到内存后，效果才明显。可以用top命令观察squid的内存使用情况或者用

cat /var/log/squid/access.log |grep TCP_MEM_HIT
参考文章


http://bbs.chinaunix.net/viewthr ... p%3Bfilter%3Ddigest


http://bbs.chinaunix.net/viewthr ... 3Ddigest&page=1