[root@fedora ~]# vi /etc/squid/squid.conf ← squid設定ファイル編集
acl CONNECT method CONNECT
acl lan src 192.168.1.0/255.255.255.0 ← 追加(192.168.1.0/255.255.255.0からのプロキシサーバーへのアクセスを許可(1/2))
http_access allow localhost
http_access allow lan ← 追加(192.168.1.0/255.255.255.0からのプロキシサーバーへのアクセスを許可(2/2))
http_access deny all
# forwarded_for on
forwarded_for off ← 追加(プロキシサーバーを使用している端末のローカルIPアドレスを隠蔽化)
# TAG: visible_hostname
# If you want to present a special hostname in error messages, etc,
# then define this. Otherwise, the return value of gethostname()
# will be used. If you have multiple caches in a cluster and
# get errors about IP-forwarding you must set them to have individual
# names with this setting.
#
#Default:
# none
visible_hostname fedorasrv.com ← 追加(squidの起動で以下のエラーメッセージが表示される場合の対処)
init_cache_dir /var/spool/squid... /etc/rc.d/init.d/squid: line 162: 4099 アボートしました $SQUID -z -F -D >>/var/log/squid/squid.out 2>&1
squid を起動中: /etc/rc.d/init.d/squid: line 162: 4100 アボートしました $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
[失敗]
# TAG: request_header_access
# Usage: request_header_access header_name allow|deny [!]aclname ...
#
# WARNING: Doing this VIOLATES the HTTP standard. Enabling
# this feature could make you liable for problems which it
# causes.
#
# This option replaces the old 'anonymize_headers' and the
# older 'http_anonymizer' option with something that is much
# more configurable. This new method creates a list of ACLs
# for each header, allowing you very fine-tuned header
# mangling.
#
# This option only applies to request headers, i.e., from the
# client to the server.
#
# You can only specify known headers for the header name.
# Other headers are reclassified as 'Other'. You can also
# refer to all the headers with 'All'.
#
# For example, to achieve the same behavior as the old
# 'http_anonymizer standard' option, you should use:
#
# request_header_access From deny all
# request_header_access Referer deny all
# request_header_access Server deny all
# request_header_access User-Agent deny all
# request_header_access WWW-Authenticate deny all
# request_header_access Link deny all
#
# Or, to reproduce the old 'http_anonymizer paranoid' feature
# you should use:
#
# request_header_access Allow allow all
# request_header_access Authorization allow all
# request_header_access WWW-Authenticate allow all
# request_header_access Proxy-Authorization allow all
# request_header_access Proxy-Authenticate allow all
# request_header_access Cache-Control allow all
# request_header_access Content-Encoding allow all
# request_header_access Content-Length allow all
# request_header_access Content-Type allow all
# request_header_access Date allow all
# request_header_access Expires allow all
# request_header_access Host allow all
# request_header_access If-Modified-Since allow all
# request_header_access Last-Modified allow all
# request_header_access Location allow all
# request_header_access Pragma allow all
# request_header_access Accept allow all
# request_header_access Accept-Charset allow all
# request_header_access Accept-Encoding allow all
# request_header_access Accept-Language allow all
# request_header_access Content-Language allow all
# request_header_access Mime-Version allow all
# request_header_access Retry-After allow all
# request_header_access Title allow all
# request_header_access Connection allow all
# request_header_access Proxy-Connection allow all
# request_header_access All deny all
#
# although many of those are HTTP reply headers, and so should be
# controlled with the reply_header_access directive.
#
# By default, all headers are allowed (no anonymizing is
# performed).
#
#Default:
# none
以下を追加(プロキシ経由でアクセスしていることをアクセス先に知られないようにする)
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
|
|