为pac文件绑定squid和apache

编辑这是FW的一些interne规则，抱歉的不便，并感谢您的build议

我有一台Debian上的Squid（2.7.STABLE9）服务器（Wheezy 7.1） ，我添加了一个Apache2（2.2.22）发送PAC文件给我的所有用户。

两者都设置和工作，但我不能得到PAC文件，如果我还没有连接到Squid服务器（只有当我使用本地PAC文件与FoxyProxy）。

事实上，我可以下载pac文件，如果我在我的浏览器中请求服务器的IP地址时，我为我的代理设置FoxyProxy与本地副本的pac文件。 但是，如果我没有在浏览器上设置orixy，则出现错误（例如，Chrome上的ERR_CONNECTION_REFUSED）。

• 一个Apache上的两个mod_wsgi Django应用程序正试图使用​​彼此的configuration文件
• 设置VirtualHost – 全部指向相同的主机
• 不能遵循apache2中的符号链接
• 我怎样才能使Apache和Nginx都在Varnish之后？
• 使用.htaccess文件为不同文件夹设置特定的过期规则

有我的/etc/squid/squid.conf

#################### SQUID CONF FILE #################### Version 2.7.STABLE9 ######################################## # AUTHENTICATE #See http://wiki.squid-cache.org/ConfigExamples/Authenticate/ ## NTLM Authentification auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on # See http://www.odrakir.com/blog/2009/11/19/integrating-squid-with-active-directory/ external_acl_type ADS %LOGIN /usr/lib/squid/wbinfo_group.pl ######################################## # SECURITY forwarded_for off # Hide self.IP httpd_suppress_version_string on # Hide squid version #chroot on # Chroot squid deamon debug_options ALL,1 ######################################## # Acces List #Global: acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 # HTTPS acl Safe_ports port 80 8080 # HTTP(s) acl purge method PURGE acl CONNECT method CONNECT acl my_lab src 172.30.24.0/24 # authentification acl ntlm proxy_auth REQUIRED acl user_group external ADS my_user ######################################## # HTTP_ACCES # Default HTTP Access http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access allow localnet http_access allow localhost # Hack for no popups (See: http://wiki.squid-cache.org/Features/Authentication#How_do_I_prevent_Login_Popups.3F ) http_access deny !ntlm all # Check user come from right OU from AD http_access deny !user_group all # Allow subnet acces with HTTP ports http_access allow my_lab Safe_ports all # No Connect method on other port than 443 http_access deny CONNECT !SSL_ports # At last but not the least ! http_access deny all ######################################## # HEADER_ACCESS # http_anonymizer paranoid, see http://www.foo.be/scripts/anonymizer/squid.conf via off # RFC2616 HTTP header Via forwarded_for off # return fail on some website #header_access Allow allow all #header_access Authorization allow all #header_access WWW-Authenticate allow all #header_access Proxy-Authorization allow all #header_access Proxy-Authenticate allow all #header_access Cache-Control allow all #header_access Content-Encoding allow all #header_access Content-Length allow all #header_access Content-Type allow all #header_access Date allow all #header_access Expires allow all #header_access Host allow all #header_access If-Modified-Since allow all #header_access Last-Modified allow all #header_access Location allow all #header_access Pragma allow all #header_access Accept allow all #header_access Accept-Charset allow all #header_access Accept-Encoding allow all #header_access Accept-Language allow all #header_access Content-Language allow all #header_access Mime-Version allow all #header_access Retry-After allow all #header_access Title allow all #header_access Connection allow all #header_access Proxy-Connection allow all #header_access Referer allow all #header_access All deny all ######################################## # ICP_ACCES icp_access allow localnet icp_access deny all ######################################## # GLOBAL SQUID CONF (port, cache, ...) http_port 3128 icp_port 0 # 0 for diseable htcp_port 0 # Same... cache_mem 80 MB cache_effective_group winbindd_priv hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT hosts_file /etc/hosts coredump_dir /var/spool/squid cache_dir ufs /var/spool/squid 500 16 256 

和/ etc / apache2 / sites-available / proxy

 NameVirtualHost *:80 <VirtualHost 172.30.10.113:80 127.0.0.1:80> ServerAdmin [email protected] DocumentRoot /var/www/pac DirectoryIndex proxy.pac <Directory /var/www/pac/> ForceType application/x-ns-proxy-autoconfig Options -Indexes -FollowSymLinks -MultiViews -ExecCGI Order allow,deny Allow from all RedirectMatch ^/$ /proxy.pac </Directory> # <LimitExcept GET> # Require ip 10.0.0.0 172.16.0.0 192.168.0.0 # </LimitExcept> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> 

和/var/www/pac/proxy.pac

 function FindProxyForURL(url, host) { // Let them go home !! if (shExpMatch (url, "localhost*") || isInNet(host, "127.0.0.1", "255.255.255.255")) return "DIRECT"; // See https://support.mozilla.org/sv/questions/804868#answer-166476 else if (!dnsResolve('my.domain.fr')) return "DIRECT"; else return "PROXY 172.30.10.113:3128"; } 

我已经看到这个，但是他在configuration文件中使用Squid3选项。

编辑

服务器上没有iptables 也许我只需要在ip：3128到ip：80上的iptablesredirect？

感谢您的帮助或任何build议。

 ForceType applivation/x-ns-proxy-autoconfig 

 ForceType application/x-ns-proxy-autoconfig 

 isInNet(dnsResolve(host), "172.30.10.0", "255.255.255.0")