ProHoster > Blog > nkhani zapaintaneti > fproxy v83 - seva ya proxy yakomweko yosefera ma http(s) traffic

fproxy v83 - seva ya proxy yakomweko yosefera ma http(s) traffic

Mtundu 83 wa seva ya proxy caching and anti-spam kuti mugwiritse ntchito nokha yokhala ndi zosintha zosinthika wasindikizidwa.

Ntchito zazikulu (zonse zimatha makonda):

  1. kusefa zosafunikira (mindandanda yoyera / yakuda ya ma URL, kuletsa ma cookie);
  2. kusungitsa mokakamizidwa komanso kosatha kwa data yomwe idalandiridwa (makamaka yothandiza pazithunzi ndi zolemba);
  3. Kukonza zomwe zili pamasamba pa ntchentche (posintha code code mu C; pali chitsanzo chosinthira zomwe zili patsamba la stackoverflow clone ndi ulalo wapachiyambi);
  4. mindandanda yakuda/yoyera ya ziphaso ndi satifiketi yolemba ndi mndandanda;
  5. m'malo mwa adilesi ya IP/domain/path/protocol of http pempho malinga ndi config (iyi ndi mtundu wowonjezera wa /etc/hosts);
  6. http/https-sniffer.

Ndikwabwino kusakatula mawebusayiti pa intaneti pang'onopang'ono kapena kuchokera ku chipangizo chocheperako (chifukwa cha mfundo 1 ndi 2, zomwe zidali poyambira), koma ndizothandiza mulimonse.

Pazifukwa zachitetezo komanso kuti muchepetse malingaliro ogwiritsira ntchito, seva yolozerayo imagawidwa m'magawo atatu: seva ya TLS (kuletsa kulumikizana kwa msakatuli), gawo lapakati la projekiti, ndi kasitomala kuletsa kulumikizana komwe kumatuluka.

Pulogalamuyi idapangidwa kuti izigwiritsidwa ntchito payekhapayekha, kutanthauza kuti mafayilo onse osinthira ndi chikwatu chomwe chili ndi data yaposachedwa ya seva ya proxy amangiriridwa ndi wogwiritsa ntchito wina, kapena mbiri yake ya msakatuli. Ngakhale kuyendetsa projekiti ngati daemon ya dongosolo lonse ndikotheka mwaukadaulo, izi zimapangitsa kuti zikhale zovuta kugwiritsa ntchito chimodzi mwazinthu zake zazikulu - kusungitsa mwaukali chilichonse - chifukwa mbiri ya msakatuli iliyonse imatha kukhala ndi deta yakeyake, yomwe imayenera kukhala yodzipatula kwa wina ndi mnzake pazifukwa zachitetezo.

Chitsanzo cha mndandanda wa block:

amakana nosub onse share.yandex.ru browser-updater.yandex.net amakana nosub onse a.ria.ru # ? kukana nosub spec vk.com funso /share.php kukana nosub spec yastatic.net query /pcode/adfox/loader.js query /share2/share.js kukana nosub spec www.youtube.com query /subscribe_widget kukana nosub spec pano.img.ria.ru query /anymovie denyflash. query /ping deny nosub spec n-ssl.ria.ru funso /polling kukana nosub spec apis.google.com query /js/plusone.js kukana nosub spec yandex.ru pref /clck/safeclick/ pref /clck/click/ pref /click/jclck/jclck # prospecied /tnc.js # index.ru proxied counter query /pixel.gif # ena spammers amagwiritsa ntchito

Chitsanzo cha mndandanda wamayendedwe:

https://my.local.site set proxy none set target http://127.0.0.1:1234/localsite set http_host new.host:1234 .intel.com resolve off set proxy socks5://127.0.0.1:3333

Ngati mukusintha kuchokera ku mtundu wakale kuposa 78, muyenera kusintha chosungira: pitani ku chikwatu chogwirira ntchito cha seva ya proxy monga wogwiritsa (uid/gid) wa seva ya proxy ndikuyendetsa fproxy-cacheconv-78 (pulogalamuyi sinapangidwe mwachisawawa).

Zosintha kuyambira mtundu womaliza wosindikizidwa (80):

  1. fproxy-dashboard tsopano ili ndi mwayi wowonetsa kukula kwa ma byte m'malo mwa kB;
  2. kuthandizira ma seva oyendetsa galimoto omwe amanyalanyaza mutu wa "Connection: close";
  3. kuthandizira kwa ma seva obweza mutu wolakwika wa "Content-Encoding: identity";
  4. kutumiza njira ya TLS ALPN;
  5. Kusintha kwa choyimira cha TLS chakunja (kasitomala): tsopano sichikuthandizira TLS yokha komanso kulumikizana pafupipafupi, imagwira ntchito ngati daemon yodziyimira payokha, kulandira zopempha kuchokera kwa projekiti yayikulu pamanetiweki, ndipo imathanso kutumiza maulumikizidwe ake otuluka kudzera pa projekiti ina, motero kulola kugawana ntchito zosinthika pakati pa ma node pakachitika vuto losalumikizana ndi intaneti komanso / kapena kufunikira "kopanga ma degree akutali" mtundu watsopanowu ndiwosavuta kugwiritsa ntchito pamanja kuchokera pamzere wamalamulo ngati kasitomala wa TLS wothandizira ndi chithandizo cha proxy;
  6. Kumangako kwakhala kosavuta; tsopano pali Makefile m'malo mwa zipolopolo zolembedwa.
  7. Maphukusi a .deb omangidwa kale amakonzedwa kukhala nkhokwe (zamitundu ya Debian 8-12)
  8. zosintha zamafayilo zomwe sizikugwirizana ndi kumbuyo
  9. Kukonzekera kwatsopano koyang'anira njira zopempha, zomwe zaphatikiza masinthidwe olekanitsidwa kale a resolv ndikuthandizira kutumiza maulumikizidwe otuluka ku seva yakutali, ndipo adalandiranso zosankha zingapo: tsopano pa ulalo uliwonse (protocol, domain, port, path), mutha kusankha kasitomala, yemwe adzatumizidwe kudzera, kudzera mu seva ya DNS yomwe adilesi yake ya IP idzakhala yotsimikizika kuti ipangitse ntchitoyo. seva yoyimira), kapena lowetsani adilesiyo pamanja, komanso m'malo mwa protocol, port, kapena prefix ya njira ya URL
  10. Thandizo lowonjezera la ziphaso za SAN za ma adilesi a IP mu kasitomala ndi seva (osatsegula asiya posachedwapa kuvomereza ma adilesi a IP mu CommonName)

Zolinga zamtsogolo:

  1. kuthandizira CGI/FastCGI/.so mbedza za mitm kukonza zomwe zalandilidwa kuchokera patsamba
  2. mbiri ya proxy ndi woyang'anira kasinthidwe
  3. Kuwongolera kogwiritsa ntchito kutsimikizira satifiketi yakutali ndi mindandanda ya block

Source: linux.org.ru

Kuwonjezera ndemanga