Proxy

將 Squid 代理與匿名開放代理集成以記憶體來自匿名代理的 html 響應

  • February 28, 2021

我需要使用 squid 記憶體伺服器記憶體來自匿名代理的 html 響應。但是我的要求是給定的:

從客戶端機器我需要使用憑據 IP 和埠連接到匿名代理。我的所有請求都通過本地 squid 代理伺服器路由。

我嘗試在 squid 上使用給定的配置,但在連接到源時無法記憶體響應,如下所示:

squidclinet -h &lt;IP-Anonymous_Proxy&gt; -p &lt;Port&gt; -u &lt;username&gt; -w &lt;Password&gt; <https://www.example.com>

但是我可以使用以下方法進行記憶體:

squidclient -h  &lt;IP-squid_proxy&gt; -p  &lt;Port&gt;  -u &lt;username&gt; -w &lt;Password&gt;

我的 squid.conf 文件

# General

http_port 3128
visible_hostname Proxy
forwarded_for delete
via off

# Log

logformat squid %tg.%03tu %6tr %&gt;a %Ss/%03&gt;Hs %&lt;st %rm %ru %[un %Sh/%&lt;a %mt
access_log /var/log/squid/access.log squid

# Cache

cache_dir aufs /var/cache/squid 1024 16 256
coredump_dir /var/spool/squid

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0


# Network ACL

acl localnet src 10.0.0.0/8     # RFC 1918 possible internal network

# Port ACL

acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rync
acl Safe_ports port 80 8080     # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
###Cache Peer
cache_peer &lt;Anonymous-Proxy&gt; parent &lt;Port&gt; 0 no-query default login=username:password
never_direct allow all

http_access allow all
icp_access allow all
#always_direct allow all

# Request Headers Forcing

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

# Response Headers Spoofing

reply_header_access Via deny all
reply_header_access X-Cache deny all
reply_header_access X-Cache-Lookup deny all

您無法記憶體 HTTPS,因為它已加密。

Squid 只是一個 HTTP 記憶體。

瀏覽器等客戶端的 HTTPS 查詢,wget或者curl只能通過 Squid 使用該CONNECT方法進行路由但不能記憶體在那裡。

雖然該ssl bump方法支持記憶體,但它涉及生成假 SSL 證書並在客戶端上安裝假 CA 證書。這構成了中間人攻擊。

雖然這是可能的,但除非在特殊情況下證明這種方法的合理性,否則不建議這樣做。

單獨記憶體的目的並不能證明使用該ssl bump方法是合理的。

引用自:https://serverfault.com/questions/1055318