海运的博客

Squid安全设置隐藏版本及Header信息

发布时间：August 4, 2012 // 分类：Squid // No Comments

配置文件ACL后添加：

header_access X-Cache deny all
header_access X-Squid-Error deny all
header_access Via deny all
header_access Server deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all

其它Header也可隐藏：

Accept         HTTP_ACCEPT
Accept-Charset         HTTP_ACCEPT-CHARSET
Accept-Encoding         HTTP_ACCEPT-ENCODING
Accept-Language         HTTP_ACCEPT-LANGUAGE
Accept-Ranges         HTTP_ACCEPT-RANGES
Age         HTTP_AGE
Allow         HTTP_ALLOW
Authorization         HTTP_AUTHORIZATION
Cache-Control         HTTP_CACHE-CONTROL
Connection         HTTP_CONNECTION
Content-Base         HTTP_CONTENT-BASE
Content-Disposition         HTTP_CONTENT-DISPOSITION
Content-Encoding         HTTP_CONTENT-ENCODING
Content-Language         HTTP_CONTENT-LANGUAGE
Content-Length         HTTP_CONTENT-LENGTH
Content-Location         HTTP_CONTENT-LOCATION
Content-MD5         HTTP_CONTENT-MD5
Content-Range         HTTP_CONTENT-RANGE
Content-Type         HTTP_CONTENT-TYPE
Cookie         HTTP_COOKIE
Date         HTTP_DATE
ETag         HTTP_ETAG
Expires         HTTP_EXPIRES
From         HTTP_FROM
Host         HTTP_HOST
If-Match         HTTP_IF-MATCH
If-Modified-Since         HTTP_IF-MODIFIED-SINCE
If-None-Match         HTTP_IF-NONE-MATCH
If-Range         HTTP_IF-RANGE
Last-Modified         HTTP_LAST-MODIFIED
Link         HTTP_LINK
Location         HTTP_LOCATION
Max-Forwards         HTTP_MAX-FORWARDS
Mime-Version         HTTP_MIME-VERSION
Pragma         HTTP_PRAGMA
Proxy-Authenticate         HTTP_PROXY-AUTHENTICATE
Proxy-Authentication-Info         HTTP_PROXY-AUTHENTICATION-INFO
Proxy-Authorization         HTTP_PROXY-AUTHORIZATION
Proxy-Connection         HTTP_PROXY-CONNECTION
Public         HTTP_PUBLIC
Range         HTTP_RANGE
Referer         HTTP_REFERER
Request-Range         HTTP_REQUEST-RANGE
Retry-After         HTTP_RETRY-AFTER
Server         HTTP_SERVER
Set-Cookie         HTTP_SET-COOKIE
Title         HTTP_TITLE
Transfer-Encoding         HTTP_TRANSFER-ENCODING
Upgrade         HTTP_UPGRADE
User-Agent         HTTP_USER-AGENT
Vary         HTTP_VARY
Via         HTTP_VIA
Warning         HTTP_WARNING
WWW-Authenticate         HTTP_WWW-AUTHENTICATE
Authentication-Info         HTTP_AUTHENTICATION-INFO
X-Cache         HTTP_X-CACHE
X-Cache-Lookup         HTTP_X-CACHE-LOOKUP
X-Forwarded-For         HTTP_X-FORWARDED-FOR
X-Request-URI         HTTP_X-REQUEST-URI
X-Squid-Error         HTTP_X-SQUID-ERROR
Negotiate         HTTP_NEGOTIATE
X-Accelerator-Vary         HTTP_X-ACCELERATOR-VARY
Other:         HTTP_OTHER:

Squid3.0版本使用参数：

reply_header_access Server deny all
reply_header_access X-Cache deny all
reply_header_access Warning deny all
reply_header_access Expires deny all
reply_header_access Cache-Control deny all
reply_header_access age deny all

参考：http://bbs.linuxtone.org/thread-131-1-1.html

Squid关闭磁盘缓存

发布时间：August 4, 2012 // 分类：Squid // No Comments

在Openwrt下使用USB外挂存储磁盘IO会成为瓶颈，如果带宽足够纯粹做为透明代理可以关闭磁盘缓存功能。
1.修改缓存策略为null

cache_dir null /tmp

2.或者定义禁止缓存GET请求：

acl NCACHE method GET
no_cache deny NCACHE

3.缓存到/dev/shm目录，相当于ramdisk，openwrt无此设备。

cache_dir ufs /mnt/cache 256 16 256

Linux/Openwrt挂载FAT32分区不能更改权限解决

发布时间：August 3, 2012 // 分类：OpenWrt // No Comments

FAT32分区无权限的概念，挂载后更改文件所有用户及权限时提示Permission denied，可通过挂载时修改参数指定umask和所有用户解决。

umask=000 #以777权限挂载
uid=1000 #指定用户
gid=1000

挂载示例：

mount -t vfat -o umask=000 /dev/sda4 /mnt/

实时网卡流量监测工具ifstat

发布时间：August 2, 2012 // 分类：流量监控 // No Comments

ifstat安装：

wget http://gael.roualland.free.fr/ifstat/ifstat-1.1.tar.gz
tar zxvf ifstat-1.1.tar.gz 
cd ifstat-1.1
./configure 
make
make install

使用参数：

-i #指定网卡
-a #显示所有网卡界面
-l #显示本地回环网卡
-t #状况显示时间
-T #显示详细统计

应用示例：

/usr/local/bin/ifstat -a -t -T
  Time            lo                 eth0               Total       
HH:MM:SS   KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
19:39:44      0.00      0.00      0.81      0.33      0.81      0.33
19:39:45      0.00      0.00      0.06      0.17      0.06      0.17
19:39:46      0.00      0.00      0.06      0.17      0.06      0.17
19:39:47      0.00      0.00      0.76      0.17      0.76      0.17
19:39:48      0.00      0.00      0.09      0.22      0.09      0.22
19:39:49      0.00      0.00      0.06      0.17      0.06      0.17
19:39:50      0.00      0.00      0.76      0.17      0.76      0.17
19:39:51      0.00      0.00      0.12      0.17      0.12      0.17

HTTP性能测试工具httping

发布时间：August 2, 2012 // 分类：网络工具 // No Comments

Httping是一款类似于ping的http响应测试工具，可用于HTTP测试及监控。
安装：

wget http://www.vanheusden.com/httping/httping-1.5.3.tgz
tar zxvf httping-1.5.3.tgz 
cd httping-1.5.3
make install