{
  "version": "https://jsonfeed.org/version/1", 
  "title": "Squid", 
  "description": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.", 
  "home_page_url": "https://www.v2ex.com/go/squid", 
  "feed_url": "https://www.v2ex.com/feed/squid.json", 
  "icon": "https://cdn.v2ex.com/navatar/15de/21c6/555_large.png?m=1361089638", 
  "favicon": "https://cdn.v2ex.com/navatar/15de/21c6/555_normal.png?m=1361089638", 
  "items": [
    {
      "author": {
        "url": "https://www.v2ex.com/member/LeviMarvin", 
        "name": "LeviMarvin", 
        "avatar": "https://cdn.v2ex.com/avatar/2426/6c4f/526568_large.png?m=1773377792"
      }, 
      "url": "https://www.v2ex.com/t/950157", 
      "title": "\u840c\u65b0\u5165\u5751\u6c42\u6307\u6559", 
      "id": "https://www.v2ex.com/t/950157", 
      "date_published": "2023-06-19T19:25:40+00:00", 
      "content_html": "<p>\u76ee\u524d\u60f3\u505a\u9ad8\u533f\u670d\u52a1\uff0c\u4e86\u89e3\u5230 squid \uff0c\u88c5\u597d\u540e\u4ed6\u7684\u914d\u7f6e\u6587\u4ef6\u592a\u957f\u592a\u591a\u4e86\uff0c\u60f3\u8981\u8bbe\u7f6e\u90fd\u5f97\u67e5\u8be2\u3001\u8df3\u8dc3\u597d\u591a\u6b21\u3002\u8bf7\u95ee\u6709\u6ca1\u6709\u6781\u81f4\u7cbe\u7b80\u7248\u7684\u5462\uff1f\n\u76ee\u524d\u8bbe\u8ba1\u7684\u7ed3\u6784\uff1a\nWWW &lt;-&gt; Server [Squid \u7aef &lt;-&gt; Gost \u7aef] &lt;-&gt; [Gost \u7aef &lt;-&gt; Client] END\n\u4e2d\u62ec\u53f7\u8868\u793a\u62ec\u53f7\u5185\u4e0d\u540c\u670d\u52a1\u90e8\u7f72\u5728\u540c\u4e00\u7aef\u3002</p>\n"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/yazoox", 
        "name": "yazoox", 
        "avatar": "https://cdn.v2ex.com/avatar/7b39/2690/111562_large.png?m=1635297358"
      }, 
      "url": "https://www.v2ex.com/t/804686", 
      "title": "(Squid) is not configured to allow SSL tunnel to port 80", 
      "id": "https://www.v2ex.com/t/804686", 
      "date_published": "2021-09-27T10:10:07+00:00", 
      "content_html": "<p>\u56e0\u4e3a\u4e00\u4e2a\u7ec4\u4ef6\u9700\u8981\u8bbf\u95ee dropbox \u7684 API,\u6240\u4ee5\uff0c\u4e34\u65f6\u642d\u4e00\u4e2a proxy\uff0c\u501f\u7528\u7f8e\u56fd\u540c\u4e8b\u7684\u673a\u5668\u3002</p>\n<p>\u6211\u7528\u7684\u8fd9\u4e2a docker image, <br/>\ndocker run --name squid -d -p 8010:3128 Datadog/squid</p>\n<p>\u5728 chrome \u91cc\u9762\uff0c\u8bbe\u7f6e\u4e86 switchy omega \u5230\u8be5\u673a\u5668\u7684\u5730\u5740\u7aef\u53e3\uff0c\u80fd\u591f\u6b63\u5e38\u5de5\u4f5c\uff0c\u6253\u5f00\u6cb9\u7ba1\u5565\u7684, etc.</p>\n<p>\u5982\u679c\u6211\u7528 proxifier, protocol \u8bbe\u7f6e http \u6a21\u5f0f\uff0ccheck \u90fd\u901a\u8fc7\uff0c\u4f46\u662f\u8bbe\u7f6e\u6210 https\uff0c\u5c31\u4f1a\u62a5\u9519\u3002</p>\n<pre><code>\n[43:29] Testing Started.\n\tProxy Server\n\tAddress:\t10.35.35.87:8010\n\tProtocol:\tHTTPS\n\tAuthentication: NO\n\n[43:29] Starting: Test 1: Connection to the Proxy Server\n[43:29] IP Address: 10.35.35.87\n[43:29] Connection established\n[43:29] Test passed.\n[43:29] Starting: Test 2: Connection through the Proxy Server\n\tError: the proxy server (Squid) is not configured to allow SSL tunnel to port 80.\n\tTo fix the problem please find and comment the following line in the Squid\n\tconfiguration file (squid.conf):\n\t\thttp_access deny CONNECT !SSL_ports\n\tThe proxy server reply header is:\n\t\tHTTP/1.1 403 Forbidden\n\t\tServer: squid/3.5.12\n\t\tMime-Version: 1.0\n\t\tDate: Mon, 27 Sep 2021 09:43:32 GMT\n\t\tContent-Type: text/html;charset=utf-8\n\t\tContent-Length: 3441\n\t\tX-Squid-Error: ERR_ACCESS_DENIED 0\n\t\tVary: Accept-Language\n\t\tContent-Language: en\n\t\tX-Cache: MISS from cf3b7970725b\n\t\tX-Cache-Lookup: NONE from cf3b7970725b:3128\n\t\tVia: 1.1 cf3b7970725b (squid/3.5.12)\n\t\tConnection: keep-alive\n[43:29] Test failed.\n[43:29] Testing Finished.\n</code></pre>\n<p>\u63d0\u793a\u6211\u628a\u8fd9\u53e5\u914d\u7f6e\u6ce8\u91ca\u6389 <br/>\n\"http_access deny CONNECT !SSL_ports\" </p>\n<p>\u4e8e\u662f \uff0c\u6211\u53bb <a href=\"https://gist.github.com/sritchie/1357652\" rel=\"nofollow\">https://gist.github.com/sritchie/1357652</a> \u4e0b\u8f7d\u4e86\u4e00\u4e2a\u6837\u672c\uff0c\u628a\u201c\u5934\u201d\u90a3\u90e8\u5206\u5220\u9664\u6389\u4e86\u3002\n\u7136\u540e\u628a\u8fd9\u53e5\u7ed9#\u6ce8\u91ca\u6389\u4e86\u3002</p>\n<p>\u4f46\u662f\u8c8c\u4f3c\u6ca1\u6709\u5565\u7528\u3002\u4e0d\u77e5\u9053\u662f\u4e0d\u662f\u8fd9\u4e2a.conf \u592a\u8001\u4e86\uff0c\u6216\u8005\u6709\u592a\u591a\u4e0d\u9700\u8981\u7684\u914d\u7f6e\u4e86\uff0c\u8fd8\u662f\u8bf4\uff0c\u8981\u8d70 https \u7684 protocol\uff0c\u5f97\u914d\u7f6e\u76f8\u5173\u7684 cert\uff0c\u7b49\u7b49?  </p>\n<p>\u4e0d\u77e5\u9053\u6709\u6ca1\u6709 squid \u4e13\u5bb6\uff0c\u6307\u70b9\u4e00\u4e0b</p>\n<p>\u8c22\u8c22\uff01</p>\n"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/aibangjuxin", 
        "name": "aibangjuxin", 
        "avatar": "https://cdn.v2ex.com/gravatar/599230211525c8bbc4d241cdb091073d?s=73&d=retro"
      }, 
      "url": "https://www.v2ex.com/t/760716", 
      "title": "squid \u6b63\u5411\u4ee3\u7406\u95ee\u9898", 
      "id": "https://www.v2ex.com/t/760716", 
      "date_published": "2021-03-11T07:41:16+00:00", 
      "content_html": "\u8bf7\u6559\u4e0b\u5404\u4f4d\uff1a\u6700\u8fd1\u88ab\u8fd9\u4e2a\u95ee\u9898\u6298\u817e\u7684\u5934\u5927<br />CentOS 7 10.211.55.3 \u76f4\u63a5 yum \u5b89\u88c5<br /># yum -y install squid<br />\u67e5\u770b\u7248\u672c\uff1a<br /># squid -v<br />Squid Cache: Version 3.5.20<br />\u4e00\u4e2a\u7b80\u5316\u7684\u914d\u7f6e<br />sslproxy_cert_error allow all<br />sslproxy_flags DONT_VERIFY_PEER<br />sslproxy_version 4<br />sslproxy_options ALL<br />http_port 3127<br />http_port 3128 transparent<br />https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/1_www.snsyr.com_bundle.crt key=/etc/squid/2_www.snsyr.com.key<br /># SSL Bump Config<br />ssl_bump stare all<br />ssl_bump bump all<br />\u8bf4\u660e\u53ca\u8981\u6c42\uff1a<br />\u8fd9\u4e2a\u4e3b\u673a\u4e0d\u80fd\u5f00\u542f /proc/sys/net/ipv4/ip_forward<br />\u5176\u5b9e\u5982\u679c\u53ef\u4ee5\u5f00\u542f\u8fd9\u4e2a\u53c2\u6570\uff0c\u4e14 iptables \u914d\u7f6e nat \u7684\u60c5\u51b5\u4e0b\u3002\u5c40\u57df\u7f51\u5176\u4ed6\u4e3b\u673a\u5c06\u7f51\u5173\u6307\u5230\u8fd9\u4e2a squid \u6240\u5728\u7684\u670d\u52a1\uff0c\u90a3\u4e48\u662f\u53ef\u4ee5\u4ee3\u7406\u5c40\u57df\u7f51\u4e3b\u673a\u4e0a\u7f51\u7684\u3002<br />\u73b0\u5728\u7684\u8981\u6c42\u662f\uff1a<br />\u5c40\u57df\u7f51\u4e3b\u673a 10.211.55.7 \u6bd4\u5982\uff1a<br /># cat /etc/hosts|grep baidu<br />10.211.55.3 <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a><br />\u5728\u8fd9\u4e2a\u4e3b\u673a\uff1a\u5bf9 443 \u7684\u8bf7\u6c42\u8f6c\u53d1\u5230 3129<br />iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 3129<br /><br />\u73b0\u5728\u7684\u95ee\u9898\u5ba2\u6237\u7aef\u8bbf\u95ee\u767e\u5ea6\u62a5 503<br />node2 root@node2:~# curl -klv <a target=\"_blank\" href=\"https://www.baidu.com\" rel=\"nofollow noopener\">https://www.baidu.com</a> -svo /dev/null<br />* About to connect() to <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a> port 443 (#0)<br />*   Trying 10.211.55.3...<br />* Connected to <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a> (10.211.55.3) port 443 (#0)<br />* Initializing NSS with certpath: sql:/etc/pki/nssdb<br />* skipping SSL peer certificate verification<br />* SSL connection using TLS_RSA_WITH_AES_256_GCM_SHA384<br />* Server certificate:<br />* \tsubject: CN=<a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a><br />* \tstart date: Oct 23 00:00:00 2020 GMT<br />* \texpire date: Oct 22 23:59:59 2021 GMT<br />* \tcommon name: <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a><br />* \tissuer: CN=<a target=\"_blank\" href=\"http://www.snsyr.com\" rel=\"nofollow noopener\">www.snsyr.com</a><br />&gt; GET / HTTP/1.1<br />&gt; User-Agent: curl/7.29.0<br />&gt; Host: <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a><br />&gt; Accept: */*<br />&gt;<br />&lt; HTTP/1.1 503 Service Unavailable<br />&lt; Server: squid/3.5.20<br />&lt; Mime-Version: 1.0<br />&lt; Date: Thu, 11 Mar 2021 06:31:53 GMT<br />&lt; Content-Type: text/html;charset=utf-8<br />&lt; Content-Length: 3486<br />&lt; X-Squid-Error: ERR_CONNECT_FAIL 111<br />&lt; Vary: Accept-Language<br />&lt; Content-Language: en<br />&lt; X-Cache: MISS from parallels<br />&lt; X-Cache-Lookup: NONE from parallels:3127<br />&lt; Via: 1.1 parallels (squid/3.5.20)<br />&lt; Connection: close<br />&lt;<br />{ [data not shown]<br />* Closing connection 0<br /><br />\u8bf4\u660e\u6211\u7528 nginx \u5b9e\u73b0\u7c7b\u4f3c\u529f\u80fd\u7684\u65f6\u5019\uff1a<br />\u5f53\u6211\u7528 nginx \u5b9e\u73b0\u7684\u65f6\u5019\u5982\u4e0b\u65e5\u5fd7\uff1a<br />node2 root@node2:~# curl -lv <a target=\"_blank\" href=\"https://www.baidu.com\" rel=\"nofollow noopener\">https://www.baidu.com</a> -svo /dev/null<br />* About to connect() to <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a> port 443 (#0)<br />*   Trying 10.211.55.3...<br />* Connected to <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a> (10.211.55.3) port 443 (#0)<br />* Initializing NSS with certpath: sql:/etc/pki/nssdb<br />*   CAfile: /etc/pki/tls/certs/ca-bundle.crt<br />  CApath: none<br />* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<br />* Server certificate:<br />* \tsubject: CN=<a target=\"_blank\" href=\"http://baidu.com\" rel=\"nofollow noopener\">baidu.com</a>,O=\"Beijing Baidu Netcom Science Technology Co., Ltd\",OU=service operation department,L=beijing,ST=beijing,C=CN<br />* \tstart date: Apr 02 07:04:58 2020 GMT<br />* \texpire date: Jul 26 05:31:02 2021 GMT<br />* \tcommon name: <a target=\"_blank\" href=\"http://baidu.com\" rel=\"nofollow noopener\">baidu.com</a><br />* \tissuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE<br />&gt; GET / HTTP/1.1<br />&gt; User-Agent: curl/7.29.0<br />&gt; Host: <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a><br />&gt; Accept: */*<br />&gt;<br />&lt; HTTP/1.1 200 OK<br />&lt; Accept-Ranges: bytes<br />&lt; Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform<br />&lt; Connection: keep-alive<br />&lt; Content-Length: 2443<br />&lt; Content-Type: text/html<br />&lt; Date: Thu, 11 Mar 2021 05:53:43 GMT<br />&lt; Etag: \"58860402-98b\"<br />&lt; Last-Modified: Mon, 23 Jan 2017 13:24:18 GMT<br />&lt; Pragma: no-cache<br />&lt; Server: bfe/1.0.8.18<br />&lt; Set-Cookie: BDORZ=27315; max-age=86400; domain=.baidu.com; path=/<br />&lt;<br />{ [data not shown]<br />* Connection #0 to host <a target=\"_blank\" href=\"http://www.baidu.com\" rel=\"nofollow noopener\">www.baidu.com</a> left intact<br /><br />\u73b0\u5728\u5c31\u662f\u60f3\u8981 squid \u80fd\u5b9e\u73b0 nginx \u7684\u8fd9\u79cd\u529f\u80fd<br /><br />\u5173\u4e8e nginx \u914d\u7f6e\u53ef\u4ee5\u53c2\u8003<br /><a target=\"_blank\" href=\"https://www.alibabacloud.com/blog/how-to-use-nginx-as-an-https-forward-proxy-server_595799\" rel=\"nofollow noopener\">https://www.alibabacloud.com/blog/how-to-use-nginx-as-an-https-forward-proxy-server_595799</a>"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/z888888cn", 
        "name": "z888888cn", 
        "avatar": "https://cdn.v2ex.com/gravatar/79a5d0827b1bf0e6d51fe04e8d497c77?s=73&d=retro"
      }, 
      "url": "https://www.v2ex.com/t/637312", 
      "title": "Squid \u914d\u7f6e\u4e86 cache_peer \uff0c\u4e3a\u5565\u4e0d\u751f\u6548\uff1f", 
      "id": "https://www.v2ex.com/t/637312", 
      "date_published": "2020-01-12T13:12:46+00:00", 
      "content_html": "<p>\u914d\u7f6e\u5982\u4e0b\uff1a</p>\n<pre><code class=\"language-shell\"># Squid normally listens to port 3128\nalways_direct allow all\nssl_bump bump all\nsslproxy_cert_error allow all\nhttp_port 3128 ssl-bump cert=/etc/squid/squid.pem key=/etc/squid/squid.pem generate-host-certificates=on options=NO_SSLv2\n#http_port 3128\n\ncache_peer 127.0.0.1 parent 10809 0 no-query\nnever_direct allow all\n</code></pre>\n<p>\u6211\u6d4b\u8bd5\u4e86\u4e00\u4e0b\uff0c\u5b83\u5e76\u6ca1\u6709\u901a\u8fc7 127.0.0.1:10809  \u4e0a\u7f51\uff1f\u4f46\u662f\u8ba9\u6211\u6539\u6210\u5982\u4e0b\u65f6\uff0c\u5374\u751f\u6548\u4e86\u3002</p>\n<pre><code class=\"language-shell\">http_port 3128\n\ncache_peer 127.0.0.1 parent 10809 0 no-query\nnever_direct allow all\n</code></pre>\n<p>\u8fd9\u662f\u4e3a\u4ec0\u4e48\uff1f</p>\n<p>\u5b8c\u6574\u914d\u7f6e</p>\n<pre><code class=\"language-shell\">#\n# Recommended minimum configuration:\n#\n\n# Example rule allowing access from your local networks.\n# Adapt to list your (internal) IP networks from where browsing\n# should be allowed\nacl localnet src 10.0.0.0/8\t# RFC1918 possible internal network\nacl localnet src 172.16.0.0/12\t# RFC1918 possible internal network\nacl localnet src 192.168.0.0/16\t# RFC1918 possible internal network\nacl localnet src fc00::/7       # RFC 4193 local private network range\nacl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines\n\nacl SSL_ports port 443\nacl Safe_ports port 80\t\t# http\nacl Safe_ports port 21\t\t# ftp\nacl Safe_ports port 443\t\t# https\nacl Safe_ports port 70\t\t# gopher\nacl Safe_ports port 210\t\t# wais\nacl Safe_ports port 1025-65535\t# unregistered ports\nacl Safe_ports port 280\t\t# http-mgmt\nacl Safe_ports port 488\t\t# gss-http\nacl Safe_ports port 591\t\t# filemaker\nacl Safe_ports port 777\t\t# multiling http\nacl CONNECT method CONNECT\n\n#\n# Recommended minimum Access Permission configuration:\n#\n# Deny requests to certain unsafe ports\nhttp_access deny !Safe_ports\n\n# Deny CONNECT to other than secure SSL ports\nhttp_access deny CONNECT !SSL_ports\n\n# Only allow cachemgr access from localhost\nhttp_access allow localhost manager\nhttp_access deny manager\n\n# We strongly recommend the following be uncommented to protect innocent\n# web applications running on the proxy server who think the only\n# one who can access services on \"localhost\" is a local user\n#http_access deny to_localhost\n\n#\n# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS\n#\n\n# Example rule allowing access from your local networks.\n# Adapt localnet in the ACL section to list your (internal) IP networks\n# from where browsing should be allowed\nhttp_access allow localnet\nhttp_access allow localhost\n\n# And finally deny all other access to this proxy\nhttp_access deny all\n\n# Squid normally listens to port 3128\nalways_direct allow all\nssl_bump bump all\nsslproxy_cert_error allow all\nhttp_port 3128 ssl-bump cert=/etc/squid/squid.pem key=/etc/squid/squid.pem generate-host-certificates=on options=NO_SSLv2\n#http_port 3128\n\ncache_peer 127.0.0.1 parent 10809 0 no-query\nnever_direct allow all\n\n# Uncomment and adjust the following to add a disk cache directory.\ncache_dir ufs /var/cache/squid 100 16 256\n\n# Leave coredumps in the first cache dir\ncoredump_dir /var/cache/squid\n\n#\n# Add any of your own refresh_pattern entries above these.\n#\nrefresh_pattern ^ftp:\t\t1440\t20%\t10080\nrefresh_pattern ^gopher:\t1440\t0%\t1440\nrefresh_pattern -i (/cgi-bin/|\\?) 0\t0%\t0\nrefresh_pattern .\t\t0\t20%\t4320\n\ndns_nameservers 8.8.8.8\n</code></pre>\n"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/c0mmand", 
        "name": "c0mmand", 
        "avatar": "https://cdn.v2ex.com/avatar/ce09/fdc5/62165_large.png?m=1757052469"
      }, 
      "url": "https://www.v2ex.com/t/280044", 
      "date_modified": "2016-05-20T07:46:45+00:00", 
      "content_html": "\u6211\u7684\u914d\u7f6e\u5982\u4e0b\uff1a\r<br /><a target=\"_blank\" href=\"http://i.imgur.com/MYit09m.jpg\" target=\"_blank\"><img src=\"http://i.imgur.com/MYit09m.jpg\" border=\"0\" class=\"embedded_image\" /></a><br />\u6545\u969c\u8868\u73b0\u4e3a\u80fd\u8bbf\u95ee\u6240\u6709 https \u7684\u7f51\u7ad9\uff0c\u6bd4\u5982\u73b0\u5728\u53ef\u4ee5\u8bbf\u95ee v2 \uff0c http \u7684\u7f51\u7ad9\u5168\u90e8\u65e0\u6cd5\u8bbf\u95ee\u3002\r<br />\u62a5\u5982\u4e0b\u9519\u8bef\uff1a\r<br /><a target=\"_blank\" href=\"http://i.imgur.com/bj4lCMa.jpg\" target=\"_blank\"><img src=\"http://i.imgur.com/bj4lCMa.jpg\" border=\"0\" class=\"embedded_image\" /></a><br />DNS\u8bbe\u7f6e\u7684\u662f\u672c\u5730\u7535\u4fe1DNS\uff0cnslookup\u53ef\u4ee5\u6b63\u5e38\u89e3\u6790\u3002", 
      "date_published": "2016-05-20T07:45:57+00:00", 
      "title": "squid \u53ea\u80fd\u8bbf\u95ee https \u7684\u7f51\u7ad9\uff0c http \u65e0\u6cd5\u8bbf\u95ee\u3002", 
      "id": "https://www.v2ex.com/t/280044"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/isbase", 
        "name": "isbase", 
        "avatar": "https://cdn.v2ex.com/avatar/d1f2/b9b4/64727_large.png?m=1773251678"
      }, 
      "url": "https://www.v2ex.com/t/250695", 
      "date_modified": "2016-01-14T05:46:08+00:00", 
      "content_html": "<p>\u65b0\u624b\uff0c\u6628\u5929\u642d\u4e86\u4e00\u4e2a squid \uff0c\u51c6\u5907\u53ea\u5141\u8bb8\u81ea\u5df1\u7684 ip \u8fde\u63a5\uff0c\u4f46\u662f\u6ca1\u8bbe\u7f6e\u6210\u529f\uff0c\u4ee5\u4e0b\u662f\u6211\u7684\u914d\u7f6e\u6587\u4ef6\u3002</p>\n\n<p>\u53ea\u5141\u8bb8\u6307\u5b9a ip \u5ba2\u6237\u7aef\u8fde\u63a5\u7684\u6b63\u786e\u65b9\u6cd5\u662f\u600e\u4e48\u8bbe<br>\n\u7f6e\u5462\uff1f</p>\n<div class=\"highlight\"><pre>http_port 3128\nhttp_port 80\n\n# not display IP address\nforwarded_for off\n\n# header\nrequest_header_access Referer deny all\nrequest_header_access X-Forwarded-For deny all\nrequest_header_access Via deny all\nrequest_header_access Cache-Control deny all\n\nacl Safe_ports port 80          # http\nacl Safe_ports port 21          # ftp\nacl Safe_ports port 443 563     # https, snews\nacl Safe_ports port 70          # gopher\nacl Safe_ports port 210         # wais\nacl Safe_ports port 280         # http-mgmt\nacl Safe_ports port 488         # gss-http\nacl Safe_ports port 591         # filemaker\nacl Safe_ports port 777         # multiling http\nacl Safe_ports port 1025-65535  # unregistered ports\nacl SSL_ports port 443 563\nacl CONNECT method CONNECT\n#acl unicomip dst &quot;/etc/squid3/unicomip&quot;\n\n#http_access deny !unicomip\nhttp_access deny !Safe_ports\nhttp_access deny CONNECT !SSL_ports\n\ncache_peer 127.0.0.1 parent 8123 0 no-query no-digest round-robin weight=1 name=shadowsocks\n# \u9ed8\u8ba4\u8d70 shadowsocks, \u56fd\u5185 ip \u8d70\u56fd\u5185\nacl chinaip dst &quot;/etc/squid3/chinaip&quot;\nalways_direct allow chinaip\nnever_direct allow !chinaip\n</pre></div>\n", 
      "date_published": "2016-01-14T05:37:28+00:00", 
      "title": "\u670d\u52a1\u5668\u4e00\u65e9\u4e0a\u88ab\u8dd1\u4e86 90G \u6d41\u91cf\uff0c\u5e94\u8be5\u5982\u4f55\u9650\u5236\uff1f", 
      "id": "https://www.v2ex.com/t/250695"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/isbase", 
        "name": "isbase", 
        "avatar": "https://cdn.v2ex.com/avatar/d1f2/b9b4/64727_large.png?m=1773251678"
      }, 
      "url": "https://www.v2ex.com/t/250250", 
      "title": "Squid \u5982\u4f55\u56fd\u5185\u5916\u5206\u6d41", 
      "id": "https://www.v2ex.com/t/250250", 
      "date_published": "2016-01-12T12:43:43+00:00", 
      "content_html": "\u4eca\u5929\u521a\u63a5\u89e6\u5230\uff0c\u5728\u4e00\u53f0\u56fd\u5185\u670d\u52a1\u5668\u5b89\u88c5\u4e86 squid \uff0c\u600e\u4e48\u505a\u624d\u80fd\u8ba9 squid \u56fd\u5185 ip \u76f4\u8fde\uff0c\u56fd\u5916 ip \u8d70 ss \u5462\uff1f"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/aivier", 
        "name": "aivier", 
        "avatar": "https://cdn.v2ex.com/gravatar/48195f6e3a493efd6beab792c89e8dba?s=73&d=retro"
      }, 
      "url": "https://www.v2ex.com/t/217440", 
      "date_modified": "2015-09-01T00:54:06+00:00", 
      "content_html": "<p>\u6700\u8fd1\u8981\u7528 squid \uff0c\u5e76\u4e14\u8981\u5e26\u5bc6\u7801\u8ba4\u8bc1</p>\n\n<p>\u524d\u4e24\u5929\u8bd5\u7740\u642d\u5efa\u6210\u529f\u8fc7\uff0c\u4f46\u662f\u56e0\u4e3a\u673a\u5668\u539f\u56e0\uff0c\u914d\u7f6e\u6587\u4ef6\u4e22\u5931\uff0c\u4eca\u5929\u6309\u7167\u540c\u6837\u7684\u6b65\u9aa4\u91cd\u65b0\u914d\u7f6e\u4e4b\u540e\u6bcf\u6b21\u542f\u52a8\u90fd\u4f1a\u63d0\u793a <br>\n<strong>helperOpenServers: Starting 0/5 &#39;basic_ncsa_auth&#39; processes</strong><br>\n<strong>helperOpenServers: No &#39;basic_ncsa_auth&#39; processes needed.</strong></p>\n\n<p>\u7528\u7684\u662f <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html\">http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html</a> \u7684\u6b65\u9aa4\uff0c\u548c\u4e4b\u524d\u4e00\u6837\u7684</p>\n\n<p>\u914d\u7f6e\u6587\u4ef6\uff1a<br>\nacl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br>\nacl localnet src 172.16.0.0/12  # RFC1918 possible internal network<br>\nacl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br>\nacl localnet src fc00::/7       # RFC 4193 local private network range<br>\nacl localnet src fe80::/10      # RFC 4291 link-local (directly plugged ) machines</p>\n\n<p>acl SSL_ports port 443<br>\nacl Safe_ports port 80      # http<br>\nacl Safe_ports port 21      # ftp<br>\nacl Safe_ports port 443     # https<br>\nacl Safe_ports port 70      # gopher<br>\nacl Safe_ports port 210     # wais<br>\nacl Safe_ports port 1025-65535  # unregistered ports<br>\nacl Safe_ports port 280     # http-mgmt<br>\nacl Safe_ports port 488     # gss-http<br>\nacl Safe_ports port 591     # filemaker<br>\nacl Safe_ports port 777     # multiling http<br>\nacl CONNECT method CONNECT</p>\n\n<p>http_access deny !Safe_ports<br>\nhttp_access deny CONNECT !SSL_ports<br>\nhttp_access allow localhost manager<br>\nhttp_access deny manager</p>\n\n<p>http_access allow localnet<br>\nhttp_access allow localhost</p>\n\n<p>http_access deny all</p>\n\n<p>https_port  9000</p>\n\n<p>auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/users<br>\nauth_param basic children 5<br>\nauth_param basic credentialsttl 2 hours<br>\nacl Admin proxy_auth REQUIRED<br>\nhttp_access allow Admin<br>\nhttp_access deny all</p>\n\n<p>coredump_dir /var/spool/squid</p>\n\n<p>refresh_pattern ^ftp:       1440    20% 10080<br>\nrefresh_pattern ^gopher:    1440    0%  1440<br>\nrefresh_pattern -i (/cgi-bin/|\\?) 0 0%  0<br>\nrefresh_pattern .       0   20% 4320</p>\n\n<p><strong>/etc/squid/users \u8fd9\u4e2a\u6587\u4ef6\u662f\u5b58\u5728\u7684\uff0c\u7ecf\u8fc7\u6d4b\u8bd5\u6709\u6548\uff0c\u5185\u542b Admin \u7528\u6237\u5bc6\u7801\u4fe1\u606f</strong></p>\n\n<p><strong>\u9664\u4e86\u5f00\u5934\u63d0\u5230\u7684\u4e00\u53e5\u63d0\u793a\u4ee5\u5916\u65e0\u4efb\u4f55\u9519\u8bef\u4fe1\u606f\uff0c\u6298\u817e\u4e00\u5929\uff0c\u6362\u4e86\u4e0d\u540c\u673a\u5668\uff0c\u4e0d\u540c\u7248\u672c\uff0c\u767e\u601d\u4e0d\u5f97\u5176\u89e3\uff0c\u5230\u5e95\u54ea\u91cc\u9519\u4e86\uff1f...</strong></p>\n", 
      "date_published": "2015-08-31T15:03:25+00:00", 
      "title": "squid \u914d\u7f6e Basic auth \u59cb\u7ec8\u5931\u8d25\uff0c\u767e\u601d\u4e0d\u5f97\u5176\u89e3", 
      "id": "https://www.v2ex.com/t/217440"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/bozong", 
        "name": "bozong", 
        "avatar": "https://cdn.v2ex.com/avatar/17a2/1640/122278_large.png?m=1488349145"
      }, 
      "url": "https://www.v2ex.com/t/211513", 
      "date_modified": "2015-08-07T13:20:57+00:00", 
      "content_html": "", 
      "date_published": "2015-08-07T06:42:26+00:00", 
      "title": "\u54ea\u4f4d\u505a\u8fc7 squid \u672c\u5730\u7f13\u5b58", 
      "id": "https://www.v2ex.com/t/211513"
    }, 
    {
      "author": {
        "url": "https://www.v2ex.com/member/tairan2006", 
        "name": "tairan2006", 
        "avatar": "https://cdn.v2ex.com/gravatar/a8107cfefeeb689b9039dc6658d7427f?s=73&d=retro"
      }, 
      "url": "https://www.v2ex.com/t/95870", 
      "date_modified": "2014-01-06T08:41:36+00:00", 
      "content_html": "\u73b0\u6709\u4e24\u53f0squid\u7ec4\u6210\u4e8c\u7ea7\u7f13\u5b58\uff0cchild \u5728\u5899\u5185\uff0c\u4f7f\u7528https_port\u4f5c\u4e3ahttps\u4ee3\u7406\uff0c\u914d\u7f6eparent cache_peer\u5728\u5899\u5916\uff0c\u6839\u636egfw\u9ed1\u540d\u5355\u5411\u5899\u5916\u8f6c\u53d1\u8bf7\u6c42\u3002\u5ba2\u6237\u7aef\u4f7f\u7528google-chrome --proxy-server=https://xxx.com:443\u8fdb\u884c\u6d4b\u8bd5\u3002<br /><br />\u4f7f\u7528\u7248\u672c3.3.8\uff0c\u5e94\u8be5\u5df2\u7ecf\u4fee\u590d\u4e0d\u80fd\u91cd\u65b0\u6253\u5305https\u8bf7\u6c42\u7684bug\u3002--enable-ssl\u7684\u7f16\u8bd1\u9009\u9879\u5df2\u6253\u5f00\uff0c\u800c\u4e14\u5ba2\u6237\u7aef\u76f4\u8fdeparent squid\u662f\u53ef\u4ee5\u7ffb\u5899\u7684\uff0c\u8fd9\u70b9\u5df2\u7ecf\u6d4b\u8bd5\u3002<br /><br />\u672c\u4ee5\u4e3achild squid\u5728\u5411parent squid\u7684https_port\u8f6c\u53d1\u8bf7\u6c42\u65f6\u4f1a\u91cd\u65b0\u4f7f\u7528ssl\u52a0\u5bc6http\u8bf7\u6c42\uff0c\u4f46\u662f\u5b9e\u9645\u6d4b\u8bd5\u7ed3\u679c\u4e2d\uff0cparent\u7684cache_log\u4e2d\u51fa\u73b0\u5927\u91cf\u7684<br /><br />\u201cSSL routines:SSL23_GET_CLIENT_HELLO:https proxy request\u201d<br /><br />\u6362\u53e5\u8bdd\u8bf4\uff0c\u6536\u5230\u7684\u4ecd\u7136\u662fhttp\u8bf7\u6c42\u3002\u8fd9\u6837\u7ffb\u5899\u8ba1\u5212\u5c31\u7834\u4ea7\u4e86\u2026<br /><br />\u73b0\u5728child squid\u7684cache_peer\u9009\u9879\u914d\u7f6e\u5982\u4e0b\uff1a<br /><br />cache_peer <a href=\"http://proxy.xxx.org\" rel=\"nofollow\">proxy.xxx.org</a> parent 443 0 no-query \\<br />ssl sslflags=DONT_VERIFY_PEER<br /><br />\u8bf7\u6559\u6709\u7ecf\u9a8c\u7684\u5144\u5f1f\uff1a\u662f\u4e0d\u662fsquid\u6ca1\u6709\u91cd\u65b0\u52a0\u5bc6\u666e\u901ahttp\u8bf7\u6c42\u7684\u80fd\u529b\uff1f", 
      "date_published": "2014-01-06T08:31:35+00:00", 
      "title": "Squid\u7684\u914d\u7f6e\u4e2d\uff0ccache_peer\u4f7f\u7528ssl\u901a\u4fe1\u7a76\u7adf\u5982\u4f55\u914d\u7f6e\uff1f", 
      "id": "https://www.v2ex.com/t/95870"
    }
  ]
}