Squid Proxy Server 2.7 for Windows 與 DNS 調校問題

4月 23, 2009

首先請先到http://www.squid-cache.org/ 去了解一下,去看看這隻魷魚.

再來請到http://squid.acmeconsulting.it/download/dl-squid.html
下載這隻魷魚加以烹煮.










2.7.STABLE6 06/03/2009Standard
Delay Pools

對了.這有兩個版本的魷魚.我用的是Standard 的.

下載好後.解壓縮後預設是名為squid-2.7.STABLE6-bin 的資料夾.請到該資料夾內把其中的 squid 資料夾複製到 C 磁碟機去.

再來你會看到請到squid資料夾下的etc資料夾, 分別將squid.conf.default , mime.conf.default , cachemgr.conf.default 各複製一份. 再將檔名改為 squid.conf.default , mime.conf , cachemgr.conf .

[caption id="attachment_69" align="alignnone" width="300" caption="Squid安裝目錄"]squid安裝目錄[/caption]

接下來要開始編修squid.conf. 請自行下載notepad++ 來編輯這個檔案. 相關的軟體下載網站在

http://notepad-plus.sourceforge.net/tw/site.htm

請注意一點.為了避免設置Squid.conf 的麻煩.建議將資料夾名稱維持 squid 並將其複製到 磁碟機 C 的根目錄接下來

要修改的也僅有 squid.conf 檔案.

底下則是我使用的快速設定的Squid.con Sample 檔案

# TAG: acl
# Defining an Access List
# acl all src 0.0.0.0/0.0.0.0
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network


acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_port 3128
maximum_object_size 10240 KB

#acl QUERY urlpath_regex cgi-bin \? \.cgi
#no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 75
cache_swap_high 95
# TAG: cache_dir
cache_dir aufs c:/squid/var/cache 10240 64 256
#設定 cache 在 HDD 裡面的大小 (最多使用 10 GB、第一層 64 個目錄 、第二層 256 個目錄)
cache_log c:/squid/var/logs/cache.log
#記錄 squid 的執行狀況
access_log c:/squid/var/logs/access.log
#記錄 squid client 的 HTTP 及 IGP request
cache_store_log c:/squid/var/logs/store.log
#記錄 squid cache 哪些網頁資料
# TAG: http_access
# Allowing or Denying access based on defined access lists
# acl localhost src 127.0.0.1/255.255.255.255
acl lanuser1 src 192.168.1.0/24
acl lanuser2 src 192.168.0.0/24
http_access allow localhost
http_access allow lanuser1
http_access allow lanuser2
http_access deny all

# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc,
# define this. Otherwise, the return value of gethostname()
# will be used. If you have multiple caches in a cluster and
# get errors about IP-forwarding you must set them to have individual
# names with this setting.
#
#Default:
# none
visible_hostname localhost
# TAG: dns_nameservers
# Use this if you want to specify a list of DNS name servers
# (IP addresses) to use instead of those given in your
# /etc/resolv.conf file.
# On Windows platforms, if no value is specified here or in
# the /etc/resolv.conf file, the list of DNS name servers are
# taken from the Windows registry, both static and dynamic DHCP
# configurations are supported.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 168.95.192.1 168.95.1.1


P.S 要注意一點.
上述的組態檔. 有附加的中文說明.. 例如: #設定 cache 在 HDD 裡面的大小 (最多使用 10 GB、第一層 64 個目錄 、第二層 256 個目錄)
在您都了解如何設定及使用後. 務必將這些# 符號後面的中文說明全部刪除清空. 否則 Squid 是無法正確讀取組態檔. 自然也無法運作
一般裝Squid Proxy Server 2.7 for Windows 裝起來後會無法開啟網頁,就是因為

TAG: dns_nameservers 這行沒有宣告正確的DNS Server. 因為一般個人比較不會在自己的電腦獨自架設DNS Server. 所以直接在這裏設定 外部的DNS Server 就可以了.這兒的兩組DNS Server 是中華電信的.

如果沒有設這行的話就會出現下面這些該死的錯誤訊息

ERROR: The requested URL could not be retrieved

While trying to retrieve the URL: http://freebsd.chinaunix.net/

The following error was encountered:

Unable to determine IP address from host name for freebsd.chinaunix.net

The dnsserver returned:

Server Failure: The name server was unable to process this query.

This means that:

The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
blog comments powered by Disqus