Ubuntu Squid Proxy

某部門同事Request希望中國5區部份個同事可以瀏覽到google.com及shutterstock.com, 利用現有的MPLS加Proxy Script, 使他們只瀏覽這兩個網頁時才使用透過香港上網, 其餘Data使用當地Gateway

Proxy Script  Link: http://192.168.0.150/Proxy.pac

apt-get install squid3
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

vi /etc/squid3/squid.conf
# 909 acl Safe_ports port 21          # ftp
# 911 acl Safe_ports port 70          # gopher
# 912 acl Safe_ports port 210         # wais
# 913 acl Safe_ports port 1025-65535  # unregistered ports
# 914 acl Safe_ports port 280         # http-mgmt
# 915 acl Safe_ports port 488         # gss-http
# 916 acl Safe_ports port 591         # filemaker
# 917 acl Safe_ports port 777         # multiling http

acl Safe_web url_regex google.com
acl Safe_web url_regex google.com.hk
acl Safe_web url_regex shutterstock.com
acl Safe_web url_regex picdn.net

acl Safe_net src 192.168.0.16
acl Safe_net src "/etc/squid3/Panyu"
acl Safe_net src "/etc/squid3/Beijing"

http_access deny !Safe_web
http_access deny !Safe_ports
http_access allow Safe_net

apt-get install nginx
vi /usr/share/nginx/html/proxy.pac
function FindProxyForURL(url,host){
if(
dnsDomainIs(host,"google.com") ||
dnsDomainIs(host,"google.com.hk") ||
dnsDomainIs(host,"shutterstock.com") ||
dnsDomainIs(host,"picdn.net")
){
return "PROXY 192.168.0.150:3128" ;
}
return "DIRECT";
}

vi /etc/nginx/mime.types
application/x-ns-proxy-autoconfig .pac

route add -net 192.168.20.0/24 gw 192.168.0.252

發佈留言

*