某部門同事Request希望中國5區部份個同事可以瀏覽到google.com及shutterstock.com, 利用現有的MPLS加Proxy Script, 使他們只瀏覽這兩個網頁時才使用透過香港上網, 其餘Data使用當地Gateway
Proxy Script Link: http://192.168.0.150/Proxy.pac
apt-get install squid3
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
vi /etc/squid3/squid.conf
# 909 acl Safe_ports port 21 # ftp
# 911 acl Safe_ports port 70 # gopher
# 912 acl Safe_ports port 210 # wais
# 913 acl Safe_ports port 1025-65535 # unregistered ports
# 914 acl Safe_ports port 280 # http-mgmt
# 915 acl Safe_ports port 488 # gss-http
# 916 acl Safe_ports port 591 # filemaker
# 917 acl Safe_ports port 777 # multiling http
acl Safe_web url_regex google.com
acl Safe_web url_regex google.com.hk
acl Safe_web url_regex shutterstock.com
acl Safe_web url_regex picdn.net
acl Safe_net src 192.168.0.16
acl Safe_net src "/etc/squid3/Panyu"
acl Safe_net src "/etc/squid3/Beijing"
http_access deny !Safe_web
http_access deny !Safe_ports
http_access allow Safe_net
apt-get install nginx
vi /usr/share/nginx/html/proxy.pac
function FindProxyForURL(url,host){
if(
dnsDomainIs(host,"google.com") ||
dnsDomainIs(host,"google.com.hk") ||
dnsDomainIs(host,"shutterstock.com") ||
dnsDomainIs(host,"picdn.net")
){
return "PROXY 192.168.0.150:3128" ;
}
return "DIRECT";
}
vi /etc/nginx/mime.types
application/x-ns-proxy-autoconfig .pac
route add -net 192.168.20.0/24 gw 192.168.0.252
