Proxy
將 Squid 代理與匿名開放代理集成以記憶體來自匿名代理的 html 響應
我需要使用 squid 記憶體伺服器記憶體來自匿名代理的 html 響應。但是我的要求是給定的:
從客戶端機器我需要使用憑據 IP 和埠連接到匿名代理。我的所有請求都通過本地 squid 代理伺服器路由。
我嘗試在 squid 上使用給定的配置,但在連接到源時無法記憶體響應,如下所示:
squidclinet -h <IP-Anonymous_Proxy> -p <Port> -u <username> -w <Password> <https://www.example.com>
但是我可以使用以下方法進行記憶體:
squidclient -h <IP-squid_proxy> -p <Port> -u <username> -w <Password>
我的 squid.conf 文件
# General http_port 3128 visible_hostname Proxy forwarded_for delete via off # Log logformat squid %tg.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt access_log /var/log/squid/access.log squid # Cache cache_dir aufs /var/cache/squid 1024 16 256 coredump_dir /var/spool/squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 # Network ACL acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network # Port ACL acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rync acl Safe_ports port 80 8080 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl purge method PURGE acl CONNECT method CONNECT ###Cache Peer cache_peer <Anonymous-Proxy> parent <Port> 0 no-query default login=username:password never_direct allow all http_access allow all icp_access allow all #always_direct allow all # Request Headers Forcing request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all # Response Headers Spoofing reply_header_access Via deny all reply_header_access X-Cache deny all reply_header_access X-Cache-Lookup deny all
您無法記憶體 HTTPS,因為它已加密。
Squid 只是一個 HTTP 記憶體。
瀏覽器等客戶端的 HTTPS 查詢,
wget
或者curl
只能通過 Squid 使用該CONNECT
方法進行路由但不能記憶體在那裡。雖然該
ssl bump
方法支持記憶體,但它涉及生成假 SSL 證書並在客戶端上安裝假 CA 證書。這構成了中間人攻擊。雖然這是可能的,但除非在特殊情況下證明這種方法的合理性,否則不建議這樣做。
單獨記憶體的目的並不能證明使用該
ssl bump
方法是合理的。