tachtler:squid_centos_7
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:squid_centos_7 [2017/10/14 22:57] – [Portal Splash Pages - Konfiguration] klaus | tachtler:squid_centos_7 [2017/10/19 16:45] (aktuell) – [ssl_bump-Konfiguration] klaus | ||
---|---|---|---|
Zeile 6884: | Zeile 6884: | ||
# Tachtler - ssl_bump configuration - | # Tachtler - ssl_bump configuration - | ||
# default: http_port 3128 | # default: http_port 3128 | ||
- | http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/ | + | http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/ |
- | always_direct allow all | + | |
ssl_bump server-first all | ssl_bump server-first all | ||
- | sslproxy_cert_error allow all | + | sslproxy_options NO_SSLv2, |
- | sslproxy_flags DONT_VERIFY_PEER | + | |
sslcrtd_program / | sslcrtd_program / | ||
sslcrtd_children 5 startup=1 idle=1 | sslcrtd_children 5 startup=1 idle=1 | ||
Zeile 6956: | Zeile 6954: | ||
# Tachtler - ssl_bump configuration - | # Tachtler - ssl_bump configuration - | ||
# default: http_port 3128 | # default: http_port 3128 | ||
- | http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/ | + | http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/ |
- | always_direct allow all | + | |
ssl_bump server-first all | ssl_bump server-first all | ||
- | sslproxy_cert_error allow all | + | sslproxy_options NO_SSLv2, |
- | sslproxy_flags DONT_VERIFY_PEER | + | |
sslcrtd_program / | sslcrtd_program / | ||
sslcrtd_children 5 startup=1 idle=1 | sslcrtd_children 5 startup=1 idle=1 | ||
Zeile 6972: | Zeile 6968: | ||
* '' | * '' | ||
* '' | * '' | ||
- | |||
- | * < | ||
- | Ermöglicht es dem [[http:// | ||
* < | * < | ||
Ermöglicht es dem [[http:// | Ermöglicht es dem [[http:// | ||
- | |||
- | * < | ||
- | Bestimmt das Verhalten des [[http:// | ||
:!: **HINWEIS** - **Aus Sicherheitsaspekten __sollte hier später__ '' | :!: **HINWEIS** - **Aus Sicherheitsaspekten __sollte hier später__ '' | ||
- | * < | + | * < |
- | Weist den [[http:// | + | Weist den [[http:// |
* < | * < | ||
Zeile 7476: | Zeile 7466: | ||
Entscheidend ist **__nur__** nachfolgender PHP/ | Entscheidend ist **__nur__** nachfolgender PHP/ | ||
- | <code php> | ||
- | <? | ||
- | session_start(); | ||
- | $_SESSION[" | ||
- | ?> | ||
- | </ | ||
<code html> | <code html> | ||
<br> | <br> | ||
Zeile 7491: | Zeile 7475: | ||
Oben stehender Code führt nachfolgende Funktionen aus: | Oben stehender Code führt nachfolgende Funktionen aus: | ||
- | - Erstellen/ | ||
- | - Ermitteln der URL des Browsers/ | ||
- Erstellen einer **Schaltfläche mit dem Namen** - **'' | - Erstellen einer **Schaltfläche mit dem Namen** - **'' | ||
Zeile 7536: | Zeile 7518: | ||
<hr> | <hr> | ||
</ | </ | ||
+ | |||
+ | Nach Abschluss der Erstellung der ''/ | ||
+ | < | ||
+ | # ln -s / | ||
+ | </ | ||
=== / | === / | ||
Zeile 7547: | Zeile 7534: | ||
**__Beispiel__**: | **__Beispiel__**: | ||
- | < | + | < |
<?php | <?php | ||
session_start(); | session_start(); | ||
- | header(" | + | header(" |
session_unset(); | session_unset(); | ||
session_destroy(); | session_destroy(); | ||
Zeile 7562: | Zeile 7549: | ||
Oben stehender Code führt nachfolgende Funktionen aus: | Oben stehender Code führt nachfolgende Funktionen aus: | ||
- Erstellen/ | - Erstellen/ | ||
- | - Erstellen einer " | + | - Erstellen einer " |
- Leeren der PHP-Session! | - Leeren der PHP-Session! | ||
- Löschen/ | - Löschen/ | ||
Zeile 7705: | Zeile 7692: | ||
# splash screen configuration - start - | # splash screen configuration - start - | ||
- | # Set up the session helper in active mode. | + | acl proxy url_regex -i http:// |
- | external_acl_type session concurrency=100 ttl=60 negative_ttl=0 children-max=1 | + | |
+ | # Set up the session helper in active mode. Mind the wrap - this is one line: | ||
+ | external_acl_type session concurrency=100 ttl=3 %SRC / | ||
# Pass the LOGIN command to the session helper with this ACL | # Pass the LOGIN command to the session helper with this ACL | ||
acl session_login external session LOGIN | acl session_login external session LOGIN | ||
- | # Set up the normal session helper. | + | |
- | external_acl_type session_active_def concurrency=100 ttl=60 negative_ttl=0 children-max=1 %LOGIN / | + | |
# Normal session ACL as per simple example | # Normal session ACL as per simple example | ||
- | acl session_is_active external | + | acl session_is_active external |
# ACL to match URL | # ACL to match URL | ||
- | acl clicked_login_url url_regex -i http://www.squid.tachtler.net/ | + | acl clicked_login_url url_regex -i ^http:// |
# First check for the login URL. If present, login session | # First check for the login URL. If present, login session | ||
http_access allow clicked_login_url session_login | http_access allow clicked_login_url session_login | ||
+ | http_access allow proxy | ||
+ | |||
# If we get here, URL not present, so renew session or deny request. | # If we get here, URL not present, so renew session or deny request. | ||
http_access deny !session_is_active | http_access deny !session_is_active | ||
+ | |||
# Deny page to display | # Deny page to display | ||
- | deny_info | + | deny_info |
# splash screen configuration - stopp - | # splash screen configuration - stopp - | ||
Zeile 7752: | Zeile 7746: | ||
# Squid normally listens to port 3128 | # Squid normally listens to port 3128 | ||
- | # Tachtler - ssl_bump configuration - | + | http_port 3128 |
- | # default: | + | |
- | http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/ | + | |
- | always_direct allow all | + | |
- | ssl_bump server-first all | + | |
- | sslproxy_cert_error allow all | + | |
- | sslproxy_flags DONT_VERIFY_PEER | + | |
- | sslcrtd_program / | + | |
- | sslcrtd_children 5 startup=1 idle=1 | + | |
# Uncomment and adjust the following to add a disk cache directory. | # Uncomment and adjust the following to add a disk cache directory. | ||
Zeile 7826: | Zeile 7812: | ||
# splash screen configuration - start - | # splash screen configuration - start - | ||
- | # Set up the session helper in active mode. | + | acl proxy url_regex -i http:// |
- | external_acl_type session concurrency=100 ttl=60 negative_ttl=0 children-max=1 | + | |
+ | # Set up the session helper in active mode. Mind the wrap - this is one line: | ||
+ | external_acl_type session concurrency=100 ttl=3 %SRC / | ||
# Pass the LOGIN command to the session helper with this ACL | # Pass the LOGIN command to the session helper with this ACL | ||
acl session_login external session LOGIN | acl session_login external session LOGIN | ||
- | # Set up the normal session helper. | + | |
- | external_acl_type session_active_def concurrency=100 ttl=60 negative_ttl=0 children-max=1 %LOGIN / | + | |
# Normal session ACL as per simple example | # Normal session ACL as per simple example | ||
- | acl session_is_active external | + | acl session_is_active external |
# ACL to match URL | # ACL to match URL | ||
- | acl clicked_login_url url_regex -i http://www.squid.tachtler.net/ | + | acl clicked_login_url url_regex -i ^http:// |
# First check for the login URL. If present, login session | # First check for the login URL. If present, login session | ||
http_access allow clicked_login_url session_login | http_access allow clicked_login_url session_login | ||
+ | http_access allow proxy | ||
+ | |||
# If we get here, URL not present, so renew session or deny request. | # If we get here, URL not present, so renew session or deny request. | ||
http_access deny !session_is_active | http_access deny !session_is_active | ||
+ | |||
# Deny page to display | # Deny page to display | ||
- | deny_info | + | deny_info |
# splash screen configuration - stopp - | # splash screen configuration - stopp - | ||
</ | </ | ||
- | * < | + | * < |
+ | Definition der der **ACL** '' | ||
+ | |||
+ | * <code bash> | ||
Erstellen eines **AKTIVEN-Session** mit einer **Anmeldungsdauer zum __TESTEN__** von **60 Sekunden** und unter Zuhilfenahme eines externen Programms ''/ | Erstellen eines **AKTIVEN-Session** mit einer **Anmeldungsdauer zum __TESTEN__** von **60 Sekunden** und unter Zuhilfenahme eines externen Programms ''/ | ||
- | * < | + | * < |
ACL welche die **Anmeldeinformationen** aus dem **AKTIVEN-Session** Hilfsprogramm ebenfalls an die **Session** bindet. | ACL welche die **Anmeldeinformationen** aus dem **AKTIVEN-Session** Hilfsprogramm ebenfalls an die **Session** bindet. | ||
- | * < | + | * < |
- | Erstellen einer **NORMALEN-Session** mit einer **Anmeldungsdauer zum __TESTEN__** von **60 Sekunden** und unter Zuhilfenahme eines externen Programms | + | ACL welche zutrifft, wenn die definierte URL, hier **URL - '' |
- | + | ||
- | | + | |
- | ACL zur Definition einer einfachen | + | |
- | * < | + | * < |
- | ACL welche zutrifft, wenn die definierte | + | Überprüfung, wenn die **URL - '' |
- | * < | + | * < |
- | Überprüfung, | + | Zugriff auf die Ressource welche in der **ACL** '' |
- | * < | + | * < |
- | Überprüfung, wenn die **URL - '' | + | Alle weiteren Zugriffe verweigern, bis die aktive Session mit der definierten URL, hier **URL - '' |
- | * < | + | * < |
- | Anzeige der sogenannten **'' | + | Anzeige der sogenannten **'' |
==== Portal Splash Pages - Test ==== | ==== Portal Splash Pages - Test ==== | ||
Zeile 8152: | Zeile 8145: | ||
Resolving Dependencies | Resolving Dependencies | ||
--> Running transaction check | --> Running transaction check | ||
- | ---> Package squidanalyzer.noarch 0:6.3-1 will be installed | + | ---> Package squidanalyzer.noarch 0:6.6-1 will be installed |
--> Finished Dependency Resolution | --> Finished Dependency Resolution | ||
Zeile 8164: | Zeile 8157: | ||
================================================================================ | ================================================================================ | ||
Installing: | Installing: | ||
- | | + | |
Transaction Summary | Transaction Summary | ||
Zeile 8174: | Zeile 8167: | ||
Is this ok [y/d/N]: y | Is this ok [y/d/N]: y | ||
Downloading packages: | Downloading packages: | ||
- | squidanalyzer-6.3-1.noarch.rpm | + | squidanalyzer-6.6-1.noarch.rpm |
Running transaction check | Running transaction check | ||
Running transaction test | Running transaction test | ||
Transaction test succeeded | Transaction test succeeded | ||
Running transaction | Running transaction | ||
- | Installing : squidanalyzer-6.3-1.noarch | + | Installing : squidanalyzer-6.6-1.noarch |
- | Verifying | + | Verifying |
Installed: | Installed: | ||
- | squidanalyzer.noarch 0:6.3-1 | + | squidanalyzer.noarch 0:6.6-1 |
Complete! | Complete! | ||
Zeile 8192: | Zeile 8185: | ||
# rpm -qil squidanalyzer | # rpm -qil squidanalyzer | ||
Name : squidanalyzer | Name : squidanalyzer | ||
- | Version | + | Version |
Release | Release | ||
Architecture: | Architecture: | ||
- | Install Date: Fri 23 Oct 2015 05:57:10 AM CEST | + | Install Date: Tue 17 Oct 2017 08:51:45 AM CEST |
Group : Monitoring | Group : Monitoring | ||
- | Size : 499350 | + | Size : 556888 |
License | License | ||
- | Signature | + | Signature |
- | Source RPM : squidanalyzer-6.3-1.src.rpm | + | Source RPM : squidanalyzer-6.6-1.src.rpm |
- | Build Date : Sat 17 Oct 2015 01:35:54 AM CEST | + | Build Date : Mon 16 Oct 2017 04:45:33 PM CEST |
- | Build Host : vml000200.dmz.nausch.org | + | Build Host : vml000137.dmz.nausch.org |
Relocations : (not relocatable) | Relocations : (not relocatable) | ||
Packager | Packager | ||
Zeile 8218: | Zeile 8211: | ||
This log analyzer is incremental and should be run in a daily cron, | This log analyzer is incremental and should be run in a daily cron, | ||
or more often with heavy proxy usage. | or more often with heavy proxy usage. | ||
- | /etc/cron.daily/ | + | /etc/cron.d/ |
- | /etc/ | + | |
/ | / | ||
/ | / | ||
Zeile 8238: | Zeile 8230: | ||
/ | / | ||
/ | / | ||
- | /usr/lib64/perl5/perllocal.pod | + | /usr/share/doc/squidanalyzer-6.6 |
- | / | + | / |
- | / | + | / |
- | / | + | / |
- | / | + | /usr/share/doc/squidanalyzer-6.6/TODO |
- | /usr/share/man/man3/ | + | / |
- | / | + | |
/ | / | ||
- | / | + | /var/www/html/ |
- | / | + | /var/www/ |
- | / | + | / |
- | / | + | / |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/html/ |
- | / | + | /var/www/ |
+ | / | ||
+ | /var/www/ | ||
+ | / | ||
+ | /var/www/html/ | ||
+ | / | ||
+ | / | ||
</ | </ | ||
Zeile 8279: | Zeile 8276: | ||
# The URL of the SquidAnalyzer javascript, HTML and images files. | # The URL of the SquidAnalyzer javascript, HTML and images files. | ||
- | # Tachtler | + | # Tachtler |
- | # default: WebUrl | + | # default: WebUrl |
WebUrl | WebUrl | ||
- | # Set the path to the Squid log file | + | # Set the path to the Squid, squidGuard and/or ufdbGuard |
LogFile / | LogFile / | ||
Zeile 8312: | Zeile 8309: | ||
UserAlias | UserAlias | ||
- | # How do we sort Network, User and Url report screen | + | # How do we sort Network, User and user' |
# Value can be: bytes, hits or duration. Default is bytes. | # Value can be: bytes, hits or duration. Default is bytes. | ||
OrderNetwork | OrderNetwork | ||
Zeile 8329: | Zeile 8326: | ||
# You will just have the table of Url/Domain ordered per hits then you can still | # You will just have the table of Url/Domain ordered per hits then you can still | ||
# sort the URL/Domain order by clicking on each column | # sort the URL/Domain order by clicking on each column | ||
- | UrlHitsOnly 0 | + | UrlHitsOnly |
# Should we display user details. This will show statistics per user. | # Should we display user details. This will show statistics per user. | ||
Zeile 8337: | Zeile 8334: | ||
QuietMode | QuietMode | ||
- | # Cost of the bandwith | + | # Cost of the bandwidth |
- | # for bandwith | + | # for bandwidth |
# Tachtler | # Tachtler | ||
# default: CostPrice | # default: CostPrice | ||
CostPrice | CostPrice | ||
- | # Currency of the bandwith | + | # Currency of the bandwidth |
Currency | Currency | ||
- | # Top number of url to show | + | # Top number of url to show from all url extracted from the log |
TopNumber | TopNumber | ||
+ | |||
+ | # Top number of url to preserve on each data file sorted by OrderUrl. | ||
+ | # On huge access log it will improve a lot the performances but you | ||
+ | # will have less precision in the top url. Default to 0, all url will | ||
+ | # be stored. | ||
+ | TopStorage | ||
# Path to the file containing client ip addresses, network ip address, | # Path to the file containing client ip addresses, network ip address, | ||
Zeile 8431: | Zeile 8434: | ||
# course you might want to remove the corrupted line before the next run. This | # course you might want to remove the corrupted line before the next run. This | ||
# can be useful if you have special characters in some fields like mime type. | # can be useful if you have special characters in some fields like mime type. | ||
- | # | + | # |
+ | |||
+ | # Set timezone to use when SquidAnalyzer is used in a different server than | ||
+ | # the one running squid and there is a different timezone between these two | ||
+ | # machine. The value must follow format: +/-HH. Default is to use local time. | ||
+ | # | ||
+ | |||
+ | # Enable this directive if you want to include port number into Url statistics. | ||
+ | # Default is to remove the port information from the Url. | ||
+ | # | ||
+ | |||
+ | # Enable this directive if you want to apply immedialtly the changes made in | ||
+ | # aliases files to avoid duplicates. You still have to use --rebuild to | ||
+ | # recreate previous reports with new aliases. Enabling this will imply a lost | ||
+ | # of performances with huges log files. | ||
+ | # | ||
+ | |||
+ | # The two following configuration directive allow you to specify a start and | ||
+ | # stop time. Log line out of this time range will not be parsed. | ||
+ | # | ||
+ | # | ||
</ | </ | ||
Zeile 8449: | Zeile 8472: | ||
# using the CIDR notation: xxx.xxx.xxx.xxx/ | # using the CIDR notation: xxx.xxx.xxx.xxx/ | ||
# | # | ||
- | # See example | + | # See example |
# | # | ||
# | # | ||
Zeile 8478: | Zeile 8501: | ||
# using the CIDR notation: xxx.xxx.xxx.xxx/ | # using the CIDR notation: xxx.xxx.xxx.xxx/ | ||
# | # | ||
- | # See example | + | # See example |
# | # | ||
# | # | ||
Zeile 8521: | Zeile 8544: | ||
# Squid Analyzer User Alias configuration file | # Squid Analyzer User Alias configuration file | ||
# FORMAT : FULL_USER_NAME | # FORMAT : FULL_USER_NAME | ||
- | # Field separator must be one or more tabulation. Space in user name are not | + | # Field separator must be one or more tabulation. Space in user are allowed. |
- | # allowed. See example | + | # See example |
# | # | ||
# | # | ||
Zeile 8592: | Zeile 8615: | ||
Nachstehend soll ein möglicher **// | Nachstehend soll ein möglicher **// | ||
+ | |||
+ | :!: **HINWEIS** - Ab der **Version 6.6.1** hat sich der Pfad bzw. das Verzeichnis im dem die HTML-Dateien liegen von | ||
+ | * **ALT:** ''/ | ||
+ | auf | ||
+ | * **NEU**: ''/ | ||
+ | geändert! | ||
+ | |||
+ | Deshalb kann | ||
+ | * a.) Der VHOST entsprechend angepasst werden | ||
+ | * **b.)** Der Inhalt von ''/ | ||
+ | |||
+ | Nachfolgender Befehl kopiert bzw. hier **verschiebt** alle Dateien vom Verzeichnis ''/ | ||
+ | < | ||
+ | # cp -ar / | ||
+ | # rm -rf / | ||
+ | </ | ||
Nachfolgende Konfigurationsdatei in nachfolgendem Verzeichnis und mit nachfolgendem Namen | Nachfolgende Konfigurationsdatei in nachfolgendem Verzeichnis und mit nachfolgendem Namen |
tachtler/squid_centos_7.1508014670.txt.gz · Zuletzt geändert: 2017/10/14 22:57 von klaus