我需要使用 squid 缓存服务器缓存来自匿名代理的 html 响应。但是我的要求是给定的:
从客户端机器我需要使用凭据 IP 和端口连接到匿名代理。我的所有请求都通过本地 squid 代理服务器路由。
我尝试在 squid 上使用给定的配置,但在连接到源时无法缓存响应,如下所示:
squidclinet -h <IP-Anonymous_Proxy> -p <Port> -u <username> -w <Password> <https://www.example.com>
但是我可以使用以下方法进行缓存:
squidclient -h <IP-squid_proxy> -p <Port> -u <username> -w <Password>
我的 squid.conf 文件
# General
http_port 3128
visible_hostname Proxy
forwarded_for delete
via off
# Log
logformat squid %tg.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
access_log /var/log/squid/access.log squid
# Cache
cache_dir aufs /var/cache/squid 1024 16 256
coredump_dir /var/spool/squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
# Network ACL
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
# Port ACL
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rync
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
###Cache Peer
cache_peer <Anonymous-Proxy> parent <Port> 0 no-query default login=username:password
never_direct allow all
http_access allow all
icp_access allow all
#always_direct allow all
# Request Headers Forcing
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
# Response Headers Spoofing
reply_header_access Via deny all
reply_header_access X-Cache deny all
reply_header_access X-Cache-Lookup deny all
您无法缓存 HTTPS,因为它已加密。
Squid 只是一个 HTTP 缓存。
浏览器等客户端的 HTTPS 查询,
wget
或者curl
只能通过 Squid 使用该CONNECT
方法进行路由但不能缓存在那里。虽然该
ssl bump
方法支持缓存,但它涉及生成假 SSL 证书并在客户端上安装假 CA 证书。这构成了中间人攻击。虽然这是可能的,但除非在特殊情况下证明这种方法的合理性,否则不建议这样做。
单独缓存的目的并不能证明使用该
ssl bump
方法是合理的。