iT邦幫忙

0

squid proxy line app

Anny 2017-09-10 05:47:4829732 瀏覽

目前使用 Centos7 架設 squid-3.5 做正向代理

squid 是為了限制特定軟體設置代理才能上網,伺服器是放置在內網

設定好後測試了一些軟體設置代理後都可以正常登入 or 使用

但唯獨 Line 設置代理一直跳出錯誤"代理伺服器通訊協定錯誤:403"

以下是設置 squid.conf


acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost

http_access deny all

http_port 3128

cache_dir ufs /var/spool/squid 100 16 256
cache_swap_low 90
cache_swap_high 95

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

懇請大神解惑...

Anny iT邦新手 5 級 ‧ 2017-09-10 05:48:15 檢舉
以下是access.log
[root@localhost ~]# cat /var/log/squid/access.log | grep line
1504981269.609 702 10.248.92.18 TCP_MISS/200 651 GET http://nsm.dell.com/b/ss/dellglobalonline/1/JS-1.7.0/s01474811113754? - HIER_DIRECT/66.117.25.196 image/gif
1504981274.923 591 10.248.92.18 TCP_MISS/200 4239 GET http://i.dell.com/das/dih.ashx/106x106tc//sites/content/metadata/PublishingImages/gol-hes-120x130-line_09.jpg - HIER_DIRECT/104.115.240.58 image/vnd.ms-photo
1504981275.352 102 10.248.92.18 TCP_MISS/200 651 GET http://nsm.dell.com/b/ss/dellglobalonline/1/JS-1.7.0/s01534140070118? - HIER_DIRECT/66.117.25.196 image/gif
1504981312.600 336 10.248.92.18 TCP_TUNNEL/200 6618 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981312.619 351 10.248.92.18 TCP_TUNNEL/200 9082 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981312.626 359 10.248.92.18 TCP_TUNNEL/200 4970 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981312.702 443 10.248.92.18 TCP_TUNNEL/200 31103 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981312.881 614 10.248.92.18 TCP_TUNNEL/200 110872 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981313.017 216 10.248.92.18 TCP_TUNNEL/200 3403 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504981313.023 224 10.248.92.18 TCP_TUNNEL/200 2203 CONNECT static.line.naver.jp:443 - HIER_DIRECT/203.104.150.35 -
1504986319.041 392 10.248.92.18 TCP_MISS/304 361 GET http://i.dell.com/das/dih.ashx/106x106tc//sites/content/metadata/PublishingImages/gol-hes-120x130-line_09.jpg - HIER_DIRECT/104.115.240.58 image/vnd.ms-photo
1504986319.708 376 10.248.92.18 TCP_MISS/200 604 GET http://nsm.dell.com/b/ss/dellglobalonline/1/JS-1.7.0/s07275462241816? - HIER_DIRECT/66.117.25.196 image/gif
1504986365.302 60071 10.248.92.18 TCP_TUNNEL/200 5303 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504986391.743 86598 10.248.92.18 TCP_TUNNEL/200 5621 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504986473.393 60093 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504986502.487 1157 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504986532.675 594 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504986534.489 1105 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504986546.677 1111 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504986794.933 60166 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504986999.662 1150 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.129 -
1504987266.698 1235 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504987270.853 1096 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504987340.480 1126 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504987493.769 1126 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504987525.372 1116 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504987527.623 1096 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504987534.679 103 10.248.92.18 TCP_MISS/200 13401 GET http://platform.twitter.com/css/timeline.b6ca5fbe9fc709c1f1b8c6e02c82d896.light.ltr.css - HIER_DIRECT/199.96.57.6 text/css
1504987534.781 134 10.248.92.18 TCP_MISS/200 13408 GET http://platform.twitter.com/css/timeline.b6ca5fbe9fc709c1f1b8c6e02c82d896.light.ltr.css - HIER_DIRECT/199.96.57.6 text/css
1504988542.755 7353 10.248.92.18 TCP_TUNNEL/200 4713 CONNECT lan.line.me:443 - HIER_DIRECT/203.104.142.52 -
1504988545.341 10031 10.248.92.18 TCP_TUNNEL/200 0 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504988545.341 9939 10.248.92.18 TCP_TUNNEL/200 0 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504988572.866 7199 10.248.92.18 TCP_TUNNEL/200 4713 CONNECT lan.line.me:443 - HIER_DIRECT/203.104.142.52 -
1504988590.521 1107 10.248.92.22 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504988625.781 60068 10.248.92.18 TCP_TUNNEL/200 5303 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504988652.099 86463 10.248.92.18 TCP_TUNNEL/200 5621 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504988733.591 60090 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504989055.197 60290 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504990876.883 60325 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504991250.480 1127 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504991555.280 1111 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.150.2 -
1504991618.831 1158 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504991625.598 7314 10.248.92.18 TCP_TUNNEL/200 4497 CONNECT lan.line.me:443 - HIER_DIRECT/203.104.142.52 -
1504991626.310 388 10.248.92.18 TCP_MISS/304 408 GET http://i.dell.com/das/dih.ashx/106x106tc//sites/content/metadata/PublishingImages/gol-hes-120x130-line_09.jpg - HIER_DIRECT/104.115.240.58 image/vnd.ms-photo
1504991627.019 455 10.248.92.18 TCP_MISS/200 651 GET http://nsm.dell.com/b/ss/dellglobalonline/1/JS-1.7.0/s1342099585776? - HIER_DIRECT/66.117.25.196 image/gif
1504991693.273 1127 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504991696.040 1097 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504991758.178 1096 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504991783.963 60125 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504992003.850 1173 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.1 -
1504992046.402 213 10.248.92.18 TCP_TUNNEL/200 6247 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504992105.569 60143 10.248.92.18 TCP_TUNNEL/200 5100 CONNECT scdn.line-apps.com:443 - HIER_DIRECT/104.116.6.166 -
1504992575.513 1112 10.248.92.18 TCP_TUNNEL/200 93 CONNECT gd2.line.naver.jp:443 - HIER_DIRECT/203.104.153.129 -
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

0
yoloshiku
iT邦新手 3 級 ‧ 2017-09-11 09:09:57

http://web-ch.scu.edu.tw/network/faq/5910?page=2
Line過proxy好像要特殊設定,手機的話沒好像不能設專屬於應用程式使用的Proxy
小弟對Squid不熟不知道可不可以設定特殊網段不過proxy?

Anny iT邦新手 5 級 ‧ 2017-09-11 09:27:42 檢舉

是的,我有設定Line的proxy設定使用http協定,但一直不成功。
我的架構是透過防火牆擋住該網段上外網,要使用的應用程式在設定走內網的proxy server出去。

msnman iT邦研究生 1 級 ‧ 2017-09-11 16:55:08 檢舉

你iptables prerouting有設定redirect 80 port或443 port 嗎?
input 有設定放行嗎?
output有設定放行嗎?

Anny iT邦新手 5 級 ‧ 2017-09-11 23:16:51 檢舉

我是使用 firewall-cmd 的方式
firewall-cmd --add-service=squid
squid有放行(tcp 3128,3401,4827/udp 3401,4827)
目前這樣設定都可正常代理web,qq,outlook...

我要發表回答

立即登入回答