2016年9月29日星期四

让自己Squid兼具HTTPS 特性-详细教材

The default installation of Squid on Ubuntu 12.04 does not support SSL. To enable SSL, it must be recompiled. This guide will walk you through compiling Squid on Ubuntu 12.04 to add SSL support. Although we are targeting Ubuntu 12.04, this guide will also work on Ubuntu 14.

Compile Squid

Install dependencies.
cd ~ 
mkdir squid_src 
cd squid_src 
sudo apt-get install build-essential fakeroot devscripts gawk gcc-multilib dpatch 
sudo apt-get build-dep squid3 
sudo apt-get build-dep openssl 
sudo apt-get source squid3 
sudo apt-get install libssl-dev 
sudo apt-get install openssl 
Change the default compiler options to include SSL support.
vi squid3-3.1.19/debian/rules

... add these rules to "DEB_CONFIGURE_EXTRA_FLAGS":

DEB_CONFIGURE_EXTRA_FLAGS := --datadir=/usr/share/squid3 \ 
        --sysconfdir=/etc/squid3 \ 
        --mandir=/usr/share/man \ 
        --with-cppunit-basedir=/usr \ 
        --enable-inline \ 
        --enable-ssl \  
Compile.
cd squid3-3.1.19/ 
debuild -us -uc -b 
Install it. The compiled file exists in the squid_src directory.
cd .. 
sudo dpkg -i squid3_3.1.19-1ubuntu3.12.04.2_amd64.deb squid3-common_3.1.19-1ubuntu3.12.04.2_all.deb squid3-dbg_3.1.19-1ubuntu3.12.04.2_amd64.deb 
Test whether or not the compiled version supports SSL. If you see the “enable – SSL” output, then the compile was successful.
squid3 -v |grep enable-ssl

Configure SSL and start Squid

Generate a self-signed certificate.
openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem 
Move the server certificate to the squid3 configuration directory.
sudo mv cert.pem /etc/squid3/cert.pem
sudo mv key.pem /etc/squid3/key.pem
Enable HTTPS and specify the certificate.
sudo vi /etc/squid3/squid.conf 

... add this line:

https_port 443 cert=/etc/squid3/cert.pem key=/etc/squid3/key.pem 
Verify that the configuration file is formatted properly.
squid3 -k parse 
Run the Squid service.
sudo service squid3 restart
Setup is complete. Squid 3 will now be working with HTTPS. Enjoy.

How do you tell if a string contains another string in Unix shell scripting?

# contains(string, substring)
#
# Returns 0 if the specified string contains the specified substring,
# otherwise returns 1.
contains() {
    string="$1"
    substring="$2"
    if test "${string#*$substring}" != "$string"
    then
        return 0    # $substring is in $string
    else
        return 1    # $substring is not in $string
    fi
}

contains "abcd" "e" || echo "abcd does not contain e"
contains "abcd" "ab" && echo "abcd contains ab"
contains "abcd" "bc" && echo "abcd contains bc"
contains "abcd" "cd" && echo "abcd contains cd"
contains "abcd" "abcd" && echo "abcd contains abcd"
contains "" "" && echo "empty string contains empty string"
contains "a" "" && echo "a contains empty string"
contains "" "a" || echo "empty string does not contain a"
contains "abcd efgh" "cd ef" && echo "abcd efgh contains cd ef"
contains "abcd efgh" " " && echo "abcd efgh contains a space"

2016年5月3日星期二

史上最简单部署squid的方法,支持debian centos ubuntu

特性

1 支持centos、debian等服务器系统
2 自动生成在线PAC地址
3 更智能更简单
4 使用技术squid(高速缓存技术)
wget --no-check-certificate https://git.io/vw9yg
chmod +x vw9yg
./vw9yg
netstat -lntp 查看 25端口是否启动 !
将pac地址加入squidproxy 客户端 即可访问谷歌和youtube

2016年4月9日星期六

Block specific keyword in Squid Proxy squidproxy屏蔽关键字

INTRODUCTION

After learning how to block website using ban list, so now in this short guide I am going to tell you how to restrict any websites based on keywords in squid proxy server.
Blocking keywords in squid proxy server is very helpful for the system administrators in colleges and schools networks.

SOLUTION

Let’s start
Same as we make ban_domains list in my previous article, I will store all keywords in ban_keywords.txt file which you wish to block.
Step 1:
create list:
# vi /etc/squid/ban_keywords.txt
Add keywords
gambling
spyware
bad
Step 2:
Add ACL to block website by reading ban_keywords.txt file.
Edit /etc/squid/squid.conf file:
# vi /etc/squid/squid.conf
ACL:
acl bad_keywords url_regex “/etc/squid/ban_keywords.txt”
http_access deny bad_keywords
Step 3:
Restart Squid
# systemctl restart squid.service
Try to search ban keywords in search engine, you will get squid default blocked message in browser.

linux 命令之屏蔽指定域名



iptables -A OUTPUT -p tcp -m string --string "youtube.com" --algo kmp -j REJECT 

2016年4月8日星期五

轻松愉快部署squid 给你的VPS

安装squid服务

chmod +x cross_os_squid.sh
./cross_os_squid.sh
 1 部署成功会看到squid的25端口已经启动!
 
 2 crontab -e 可以查看到一个检测squid运行状态的计划任务,cron服务将每分钟检测squid 的运行状态! 
 
 3 单独创建了/squid/目录,可以看到3个脚本,cron.sh为计划任务的脚本,restart.sh为squid 服务重启的脚本
 
 start.sh为squid启动脚本,如果squid没启动可以手动执行restart.sh脚本
 
 4 可以将squid 的端口加入finalspeed 的客户端,加速端口为squid 服务的端口比如25,finalspeed 的服务器IP为squid服务器的IP! 

2016年4月5日星期二

检测squid 端口脚本

 #!/bin/bash
 #service monitoring squid3 finalspeed  vpn
 
  /bin/netstat -tulpn | awk '{print $4}' | awk -F: '{print $4}' | grep ^25$ > /dev/null   2>/dev/null
 a=$(echo $?)
 if test $a -ne 0
 then
 /etc/init.d/squid3 restart > /dev/null 2>/dev/null
 else
 sleep 0
 fi