編譯參數:
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
編譯源碼
./configure --prefix=/usr/local/squid
--enable-arp-acl
--enable-linux-netfilter
--enable-auth="basic"
--enable-baisc-auth-helpers="NCSA" #########加上認證模塊
--enable-underscore
#########################################
auth_param basic program /usr/bin/ncsa_auth /etc/squid/password ## 指定passwd文件
auth_param basic children 5 ##可以登錄用戶個數
auth_param basic credentialsttl 2 hours
visible_hostname gzud10018 ##本地服務器主機名
acl auth proxy_auth REQUIRED ##啓動acl 登錄認證
acl all src 0.0.0.0 ##配置 acl 名字爲 all 樣式爲 src
#acl manager proto cache_object
acl to dst 219.133.34.92 ####acl 名字爲 to,樣式爲dst ,
acl to dst 219.133.34.69
acl to dst 219.133.34.77
acl to dst 219.133.36.38
acl to dst 219.133.36.39
acl to dst 219.133.59.156
acl to dst www.8788.cn ##也可以配置成域名
cache_access_log /etc/squid/access.log ##日誌
cache_log /etc/squid/cache.log
cache_store_log /etc/squid/store.log
acl Safe_ports port 80 #acl別名safe_port 樣式爲 port
acl Safe_ports port 41832
acl CONNECT method CONNECT
#http_access allow manager
http_access allow auth to ### allow auth,to 這2個acl別名
http_access deny all ##deny ,all這個acl別名
http_access deny !Safe_ports !to ##deny不在 safe_port 這個別名範圍內的端口
http_port 41832 ##設置squid 服務器 監聽端口
##############################此配置效果爲,所有經過代理服務器的客戶端,均要輸入用戶驗證,驗證後,
##############################若客戶端不是訪問指定的ip或者域名內,將無法使用代理服務,直接顯示拒絕
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
coredump_dir /etc/squid/var/cache
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320