Proxy
Proxy Auto Config
Beispiel:
TU-Chemnitz Firefox Proxy
http://www.tu-chemnitz.de/misc/proxy.proxy
// Proxy Konfig fuer TU Chemnitz // fischer, kapet, fri, 2000-10-30 // 2004-05 fri: Richtiges Behandeln von :Port // Dok: http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html function FindProxyForURL(url, host) { var lcurl=url.toLowerCase(); var lchost=host.toLowerCase(); var uri_array = lcurl.split("://", 2); var protocol = uri_array[0]; // Verwaltung immer via Proxy, falls nicht im eigenen Subnetz if (isInNet(myIpAddress(), "134.109.220.0", "255.255.254.0")) { if (isInNet(host, "134.109.0.0", "255.255.0.0")) { return "DIRECT"; } return "PROXY www-cache.tu-chemnitz.de:8080"; } // if (isInNet(myIpAddress(), "134.109.200.0", "255.255.254.0")) { // if (isInNet(host, "134.109.0.0", "255.255.0.0")) { // return "DIRECT"; // } // return "PROXY www-cache.tu-chemnitz.de:8080"; // } if (isInNet(myIpAddress(), "134.109.78.0", "255.255.255.224")) { return "PROXY www-cache.tu-chemnitz.de:8080"; } return "DIRECT"; }
- latency and reverse proxy
- performance
Squid
/etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow all http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all http_port 3128 cache_peer 172.24.228.3 sibling 3128 3130 cache_peer 145.228.130.12 sibling 3128 3130 cache_peer 172.24.228.44 sibling 3128 3130 hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin cache deny QUERY cache_mem 256 MB maximum_object_size_in_memory 512 KB cache_dir diskd /var/cache/squid 4000 16 256 Q1=72 Q2=64 maximum_object_size 72500 KB access_log /var/log/squid/access.log squid buffered_logs on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache announce_period 1 day coredump_dir /var/cache/squid pipeline_prefetch on
Hilfreich ist die Konfiguration per Webmin
2011-10-05
acl CONNECT method CONNECT acl SSL_ports port 443 acl SSL_ports port 563 acl SSL_ports port 873 acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 21 # ftp acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 443 # https acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 70 # gopher acl Safe_ports port 777 # multiling http acl Safe_ports port 80 # http acl Safe_ports port 873 # Rsync acl Safe_ports port 901 # SWAT acl localhost src 127.0.0.1/32 acl localnet src 192.168.1.0/24 # RFC1918 possible internal network acl localnet src 192.168.178.0/24 # RFC1918 possible internal network acl manager proto cache_object acl purge method PURGE acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 buffered_logs on cache_dir ufs /var/cache/squid 4500 32 256 cache_effective_group squid cache_effective_user squid cache_mem 256 MB cache_mgr root cache_replacement_policy heap LFUDA cachemgr_passwd secret all coredump_dir /var/cache/squid delay_access 1 allow all delay_class 1 2 delay_initial_bucket_level 100 delay_parameters 1 -1/-1 -1/-1 delay_pools 1 dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4 192.168.178.1 forwarded_for delete half_closed_clients off hierarchy_stoplist cgi-bin ? htcp_access allow localnet htcp_access deny all http_access allow localhost http_access allow localnet http_access allow manager localhost localnet http_access allow purge localhost localnet http_access deny all http_access deny manager http_access deny purge http_port 3128 icp_access allow localnet icp_access deny all maximum_object_size 830 MB maximum_object_size_in_memory 512 KB memory_replacement_policy heap GDSF pipeline_prefetch on read_ahead_gap 256 KB refresh_pattern -i . 1 50% 129600 refresh_pattern -i .asp$ 0 50% 0 refresh_pattern -i .bin$ 10080 60% 525600 override-expire refresh_pattern -i .bz2$ 10080 60% 525600 override-expire refresh_pattern -i .css$ 1440 70% 525600 refresh_pattern -i .dmg$ 10080 60% 525600 override-expire refresh_pattern -i .gif$ 4320 75% 525600 override-expire refresh_pattern -i .gz$ 10080 60% 525600 override-expire refresh_pattern -i .hqx$ 10080 60% 525600 override-expire refresh_pattern -i .htm$ 0 50% 129600 refresh_pattern -i .html$ 0 50% 129600 refresh_pattern -i .img$ 10080 60% 525600 override-expire refresh_pattern -i .iso$ 10080 60% 525600 override-expire refresh_pattern -i .jpg$ 4320 75% 525600 override-expire refresh_pattern -i .js$ 1440 70% 525600 refresh_pattern -i .jsp$ 0 50% 0 refresh_pattern -i .pdf$ 60 30% 525600 refresh_pattern -i .php$ 0 50% 0 refresh_pattern -i .pkg$ 10080 60% 525600 override-expire refresh_pattern -i .pl$ 0 50% 0 refresh_pattern -i .png$ 4320 75% 525600 override-expire refresh_pattern -i .shtml$ 0 50% 10080 refresh_pattern -i .sit$ 10080 60% 525600 override-expire refresh_pattern -i .tar$ 10080 60% 525600 override-expire refresh_pattern -i .tgz$ 10080 60% 525600 override-expire refresh_pattern -i .txt$ 10080 60% 525600 override-expire refresh_pattern -i .woa$ 0 50% 0 refresh_pattern -i .zip$ 10080 60% 525600 override-expire refresh_pattern -i ^ftp: 0 30% 525600 override-expire refresh_pattern -i ^gopher: 4320 0% 20160 refresh_pattern -i ^http: 0 50% 129600 refresh_pattern -i ^https: 0 50% 43200 refresh_pattern -i ax.phobos.apple.com.edgesuite.net 0 50% 1440 refresh_pattern -i storeFront$ 0 50% 0 refresh_pattern -i swcdn.apple.com 1440 50% 525600 override-expire refresh_pattern -i swdownload.apple.com 60 50% 1440 refresh_pattern -i swquery.apple.com 60 50% 1440 refresh_pattern -i swscan.apple.com 60 50% 1440 shutdown_lifetime 3 seconds sleep_after_fork 0 uri_whitespace encode visible_hostname proxy #reply_body_max_size 0 deny all
grep -iv ^# /etc/squid/squid.conf | grep -iv ^[.]*$ | sort
WWWoffle
Fiddler Webdeveloper Proxy
Elite Proxy anonymisierende Proxies