我有一个很多拼贴使用的鱿鱼服务器。
这是squid配置:
dns_v4_first on
# ACL Squid
external_acl_type is_user ipv4 ttl=600 negative_ttl=10 children-max=2000 %SRC /opt/acl_squid.py
# ACL PROXY Access
acl is_real_user external is_user
#acl SSL method CONNECT
acl SSL_ports port 443
acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
acl SSL method CONNECT
acl CONNECT method CONNECT
acl to_ipv6 dst ipv6 # Enable IPv6
http_access deny !Safe_ports
# ACL Allow Host/Domain
http_access allow is_real_user
http_access deny !Safe_ports
http_access allow localhost
http_access deny all
# Enable IPv6
#tcp_outgoing_address ipv6_address to_ipv6
# Port
http_port 0.0.0.0:3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# Chache Off
cache deny all
# Performance tuning
maximum_object_size 1 MB
maximum_object_size_in_memory 128 KB
cache_mem 64 MB
quick_abort_min 1024 KB
quick_abort_max 2048 KB
quick_abort_pct 90
pipeline_prefetch on
shutdown_lifetime 1 second
# Log
access_log syslog:local3.info squid
外部ACL只是检查请求IP以确保有权访问该代理(通过API检查数据库以查看是否存在IP)。
问题是,我不时(不仅是我,很多拼贴画)我无缘无故地收到403(拒绝访问)。
您能不能让我知道我能做些什么才能在不中断的情况下随时访问?
当我收到403时,我要做的就是重启squid服务器,一切都恢复正常。
此致 西普里安