Proxy
Zur Navigation springen
Zur Suche springen
see also Proxy+UPS
Proxy Auto Config
Beispiel:
TU-Chemnitz Firefox Proxy
[1]
// Proxy Konfig fuer TU Chemnitz // fischer, kapet, fri, 2000-10-30 // 2004-05 fri: Richtiges Behandeln von :Port // Dok: http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html function FindProxyForURL(url, host) { var lcurl=url.toLowerCase(); var lchost=host.toLowerCase(); var uri_array = lcurl.split("://", 2); var protocol = uri_array[0]; // Verwaltung immer via Proxy, falls nicht im eigenen Subnetz if (isInNet(myIpAddress(), "134.109.220.0", "255.255.254.0")) { if (isInNet(host, "134.109.0.0", "255.255.0.0")) { return "DIRECT"; } return "PROXY www-cache.tu-chemnitz.de:8080"; } // if (isInNet(myIpAddress(), "134.109.200.0", "255.255.254.0")) { // if (isInNet(host, "134.109.0.0", "255.255.0.0")) { // return "DIRECT"; // } // return "PROXY www-cache.tu-chemnitz.de:8080"; // } if (isInNet(myIpAddress(), "134.109.78.0", "255.255.255.224")) { return "PROXY www-cache.tu-chemnitz.de:8080"; } return "DIRECT"; }
- latency and reverse proxy
- performance
Squid
/etc/squid/squid.conf - 2013-01-31
acl CONNECT method CONNECT acl SSL_ports port 443 # http ssl acl SSL_ports port 563 acl SSL_ports port 873 # rsync ssl acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 21 # ftp acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 443 # https acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 70 # gopher acl Safe_ports port 777 # multiling http acl Safe_ports port 80 # http acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl manager proto cache_object acl purge method PURGE always_direct allow all announce_period 1 day balance_on_multiple_ip on cache_dir aufs /var/cache/squid 40000 64 512 cache_mem 2048 MB cache_peer 145.228.130.10 sibling 3128 3130 round-robin multicast-responder cache_peer 145.228.130.12 sibling 3128 3130 round-robin multicast-responder cache_peer 145.228.172.23 sibling 80 3130 round-robin multicast-responder cache_peer 145.228.172.253 sibling 80 3130 round-robin multicast-responder cache_peer 145.228.172.4 sibling 80 3130 round-robin multicast-responder cache_peer 145.228.172.7 sibling 80 3130 round-robin multicast-responder cache_peer 172.24.228.25 sibling 3128 3130 round-robin multicast-responder default cache_peer 172.24.228.3 parent 3128 3130 round-robin multicast-responder cache_replacement_policy heap LFUDA check_hostnames off delay_access 1 allow all delay_class 1 2 delay_initial_bucket_level 100 delay_parameters 1 -1/-1 -1/-1 delay_pools 1 dns_defnames on dns_nameservers 127.0.0.1 145.228.172.22 145.228.172.7 172.24.228.25 145.228.130.22 172.24.229.26 172.24.229.28 172.24.228.4 8.8.8.8 8.8.4.4 dns_v4_first on htcp_access deny all http_access allow all http_access allow manager http_access allow purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny manager http_access deny purge http_port 3128 http_reply_access allow all icp_port 3130 maximum_object_size 96 MB maximum_object_size_in_memory 2048 KB memory_replacement_policy heap GDSF negative_ttl 0 seconds pipeline_prefetch on query_icmp on quick_abort_max 2048 KB quick_abort_min 1024 KB quick_abort_pct 90 refresh_pattern -i . 1 50% 129600 refresh_pattern -i .asp$ 0 50% 0 refresh_pattern -i .bin$ 10080 60% 525600 override-expire refresh_pattern -i .bz2$ 10080 60% 525600 override-expire refresh_pattern -i .css$ 1440 70% 525600 refresh_pattern -i .dmg$ 10080 60% 525600 override-expire refresh_pattern -i .gif$ 4320 75% 525600 override-expire refresh_pattern -i .gz$ 10080 60% 525600 override-expire refresh_pattern -i .hqx$ 10080 60% 525600 override-expire refresh_pattern -i .htm$ 0 50% 129600 refresh_pattern -i .html$ 0 50% 129600 refresh_pattern -i .img$ 10080 60% 525600 override-expire refresh_pattern -i .iso$ 10080 60% 525600 override-expire refresh_pattern -i .jpg$ 4320 75% 525600 override-expire refresh_pattern -i .js$ 1440 70% 525600 refresh_pattern -i .jsp$ 0 50% 0 refresh_pattern -i .pdf$ 60 30% 525600 refresh_pattern -i .php$ 0 50% 0 refresh_pattern -i .pkg$ 10080 60% 525600 override-expire refresh_pattern -i .pl$ 0 50% 0 refresh_pattern -i .png$ 4320 75% 525600 refresh_pattern -i .shtml$ 0 50% 10080 refresh_pattern -i .sit$ 10080 60% 525600 override-expire refresh_pattern -i .tar$ 10080 60% 525600 override-expire refresh_pattern -i .tgz$ 10080 60% 525600 override-expire refresh_pattern -i .txt$ 10080 60% 525600 override-expire refresh_pattern -i .woa$ 0 50% 0 refresh_pattern -i .zip$ 10080 60% 525600 override-expire refresh_pattern -i ^ftp: 0 30% 525600 override-expire refresh_pattern -i ^gopher: 4320 0% 20160 refresh_pattern -i ^http: 0 50% 129600 refresh_pattern -i ^http:\/\/www\.bing\.com\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate refresh_pattern -i ^http:\/\/www\.bing\.de\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate refresh_pattern -i ^http:\/\/www\.google\.com\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate refresh_pattern -i ^http:\/\/www\.google\.de\/$ 0 20% 360 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store reload-into-ims ignore-must-revalidate refresh_pattern -i ^https: 0 50% 43200 refresh_pattern -i ax.phobos.apple.com.edgesuite.net 0 50% 1440 refresh_pattern -i storeFront$ 0 50% 0 refresh_pattern -i swcdn.apple.com 1440 50% 525600 override-expire refresh_pattern -i swdownload.apple.com 60 50% 1440 refresh_pattern -i swquery.apple.com 60 50% 1440 refresh_pattern -i swscan.apple.com 60 50% 1440 shutdown_lifetime 3 seconds test_reachability on uri_whitespace encode visible_hostname linux02.ggpmedia.local
/etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow all http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all http_port 3128 cache_peer 172.24.228.3 sibling 3128 3130 cache_peer 145.228.130.12 sibling 3128 3130 cache_peer 172.24.228.44 sibling 3128 3130 hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin cache deny QUERY cache_mem 256 MB maximum_object_size_in_memory 512 KB cache_dir diskd /var/cache/squid 4000 16 256 Q1=72 Q2=64 maximum_object_size 72500 KB access_log /var/log/squid/access.log squid buffered_logs on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache announce_period 1 day coredump_dir /var/cache/squid pipeline_prefetch on
Hilfreich ist die Konfiguration per Webmin
2011-10-05
acl CONNECT method CONNECT acl SSL_ports port 443 acl SSL_ports port 563 acl SSL_ports port 873 acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 21 # ftp acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 443 # https acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 70 # gopher acl Safe_ports port 777 # multiling http acl Safe_ports port 80 # http acl Safe_ports port 873 # Rsync acl Safe_ports port 901 # SWAT acl localhost src 127.0.0.1/32 acl localnet src 192.168.1.0/24 # RFC1918 possible internal network acl localnet src 192.168.178.0/24 # RFC1918 possible internal network acl manager proto cache_object acl purge method PURGE acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 buffered_logs on cache_dir ufs /var/cache/squid 4500 32 256 cache_effective_group squid cache_effective_user squid cache_mem 256 MB cache_mgr root cache_replacement_policy heap LFUDA cachemgr_passwd secret all coredump_dir /var/cache/squid delay_access 1 allow all delay_class 1 2 delay_initial_bucket_level 100 delay_parameters 1 -1/-1 -1/-1 delay_pools 1 dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4 192.168.178.1 forwarded_for delete half_closed_clients off hierarchy_stoplist cgi-bin ? htcp_access allow localnet htcp_access deny all http_access allow localhost http_access allow localnet http_access allow manager localhost localnet http_access allow purge localhost localnet http_access deny all http_access deny manager http_access deny purge http_port 3128 icp_access allow localnet icp_access deny all maximum_object_size 830 MB maximum_object_size_in_memory 512 KB memory_replacement_policy heap GDSF pipeline_prefetch on read_ahead_gap 256 KB refresh_pattern -i . 1 50% 129600 refresh_pattern -i .asp$ 0 50% 0 refresh_pattern -i .bin$ 10080 60% 525600 override-expire refresh_pattern -i .bz2$ 10080 60% 525600 override-expire refresh_pattern -i .css$ 1440 70% 525600 refresh_pattern -i .dmg$ 10080 60% 525600 override-expire refresh_pattern -i .gif$ 4320 75% 525600 override-expire refresh_pattern -i .gz$ 10080 60% 525600 override-expire refresh_pattern -i .hqx$ 10080 60% 525600 override-expire refresh_pattern -i .htm$ 0 50% 129600 refresh_pattern -i .html$ 0 50% 129600 refresh_pattern -i .img$ 10080 60% 525600 override-expire refresh_pattern -i .iso$ 10080 60% 525600 override-expire refresh_pattern -i .jpg$ 4320 75% 525600 override-expire refresh_pattern -i .js$ 1440 70% 525600 refresh_pattern -i .jsp$ 0 50% 0 refresh_pattern -i .pdf$ 60 30% 525600 refresh_pattern -i .php$ 0 50% 0 refresh_pattern -i .pkg$ 10080 60% 525600 override-expire refresh_pattern -i .pl$ 0 50% 0 refresh_pattern -i .png$ 4320 75% 525600 override-expire refresh_pattern -i .shtml$ 0 50% 10080 refresh_pattern -i .sit$ 10080 60% 525600 override-expire refresh_pattern -i .tar$ 10080 60% 525600 override-expire refresh_pattern -i .tgz$ 10080 60% 525600 override-expire refresh_pattern -i .txt$ 10080 60% 525600 override-expire refresh_pattern -i .woa$ 0 50% 0 refresh_pattern -i .zip$ 10080 60% 525600 override-expire refresh_pattern -i ^ftp: 0 30% 525600 override-expire refresh_pattern -i ^gopher: 4320 0% 20160 refresh_pattern -i ^http: 0 50% 129600 refresh_pattern -i ^https: 0 50% 43200 refresh_pattern -i ax.phobos.apple.com.edgesuite.net 0 50% 1440 refresh_pattern -i storeFront$ 0 50% 0 refresh_pattern -i swcdn.apple.com 1440 50% 525600 override-expire refresh_pattern -i swdownload.apple.com 60 50% 1440 refresh_pattern -i swquery.apple.com 60 50% 1440 refresh_pattern -i swscan.apple.com 60 50% 1440 shutdown_lifetime 3 seconds sleep_after_fork 0 uri_whitespace encode visible_hostname proxy #reply_body_max_size 0 deny all
grep -iv ^# /etc/squid/squid.conf | grep -iv ^[.]*$ | sort
WWWoffle
Fiddler Webdeveloper Proxy
Elite Proxy anonymisierende Proxies