更多>>关于我们

西安鲲之鹏网络信息技术有限公司从2010年开始专注于Web(网站)数据抓取领域。致力于为广大中国客户提供准确、快捷的数据采集相关服务。我们采用分布式系统架构,日采集网页数千万。我们拥有海量稳定高匿HTTP代理IP地址池,可以有效绕过各种反采集策略。

您只需告诉我们您想抓取的网站是什么,您感兴趣的字段有哪些,你需要的数据是哪种格式,我们将为您做所有的工作,最后把数据(或程序)交付给你。

数据的格式可以是CSV、JSON、XML、ACCESS、SQLITE、MSSQL、MYSQL等等。

更多>>官方微博

西安鲲之鹏
陕西 西安

加关注

  • Selenium disable Image loading in different browsers >>> http://tarunlalwani.com/post/selenium-disable-image-loading-different-browsers/ ​​​​
    发布时间:2018-07-11 18:21:10
  • chromedriver 镜像 - ChromeDriver Mirror >>> http://npm.taobao.org/mirrors/chromedriver/ ​​​​
    发布时间:2018-07-11 18:20:49
  • "全国POI信息数据库" 上线:涵盖美食、休闲娱乐、酒店、丽人等15大分类,覆盖全国350多个城市,数据量超过4700万条 >>> 点击前往:http://www.poilist.cn/ ​​​​
    发布时间:2018-07-11 15:28:47
  • 【最新发布】国内知名本地生活信息平台4794万商户POI数据2018年06月份更新 >>> http://www.site-digger.com/html/articles/20180702/647.html ​​​​
    发布时间:2018-07-02 11:25:13
  • 【CSV转Excel(XLSX格式)脚本分享】
    背景:大多数情况下CSV转Excel可以使用Openoffice或者Excel实现,但是偶尔也会遇到一些BT的情况,比如转换后Excel打开显示文件异常的(如图2所示)。于是乎利用xlsxwriter这个库写了个小脚本,用法如下:
    python csv2xlsx.py path-of-csv-file  file-encoding(default is utf-8)
    运行效果如图1所示。csv2xlsx.py源码链接分享 >>>https://bitbucket.org/snippets/qi/Xerx67
    发布时间:2018-06-21 18:57:26
  • 全国各类POI(美食、休闲娱乐、丽人、酒店、生活服务等等)用户评论数据7.09亿条,更新至2018年6月15日。点击查看示例数据 >>> http://t.cn/Rrv3RpO ​​​​
    发布时间:2018-06-21 10:21:20
  • 【经验分享】如何让Squid Web隧道支持SSH协议?
    默认Web隧道下连接22端口是不被允许的,会返回403错误。
    编辑/etc/squid3/squid.conf,加入如下配置行
    acl SSL_ports port 22
    acl Safe_ports port 22
    然后重启Squid即可。 ​​​​
    发布时间:2018-05-16 11:41:42
  • 当当网有多少图书,你知道吗?>>> http://t.cn/R3h6hiH ​​​​
    发布时间:2018-05-08 13:53:19
  • 【经验分享】Ubuntu下如何识别无线网卡?
    以普联的TL-WDN6200为例,使用的是rtl8812au(https://github.com/else05/rtl8812au这个驱动):
    wget http://t.cn/RuR1DrP
    unzip master.zip
    cd rtl8812au-master
    make
    sudo install
    然后重启系统,运气好的话你就能看到Wifi图标和热点列表了,如下图所示(Ubuntu14.04下亲测)。
    发布时间:2018-05-03 19:10:52
  • 【经验分享】DeleGate跑了3天日志吃了18G硬盘,如何关掉日志呢?
    查文档(ftp://www.delegate.org/pub/DeleGate/Manual.htm#LOGDIR),找到了方法,加上参数LOGFILE=""即可,原文:
    You can stop logging by specifying null file name like LOGFILE="" or PROTOLOG="". ​​​​
    发布时间:2018-04-28 18:08:15
当前位置: 首页 > 技术文章 >
squid external_acl_type介绍及后台程序编写示例
发布时间:2016-10-17 来源:未知 浏览:

        近日我在查询Squid相关问题时无意在谷歌搜索结果中看到external_acl_type,然后详细了解了一下,发现它功能是在太强大了。
        利用external_acl_type可以自定义一种Squid的ACL类型,并且可以指定一个自定义的后端程序(Helper Program)。我们可以向这个后端程序动态传递很多有用的参数,例如客户端IP (%SRC,) 服务端IP( %MYADDR),客户端访问的URL( %PATH),访问者的用户名( %LOGIN)等变量,然后在认证程序中我们可以根据这些变量实现复杂的逻辑认证。PS:我在网上找了很久都没找到介绍这些变量参数含义的,最后抱着试一试的想法在squid.conf的注释中找到的详细的说明(如下FORMAT specifications部分)。

#  TAG: external_acl_type
#       This option defines external acl classes using a helper program
#       to look up the status
#
#         external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..]
#
#       Options:
#
#         ttl=n         TTL in seconds for cached results (defaults to 3600
#                       for 1 hour)
#         negative_ttl=n
#                       TTL for cached negative lookups (default same
#                       as ttl)
#         children-max=n
#                       Maximum number of acl helper processes spawned to service
#                       external acl lookups of this type. (default 20)
#         children-startup=n
#                       Minimum number of acl helper processes to spawn during
#                       startup and reconfigure to service external acl lookups
#                       of this type. (default 0)
#         children-idle=n
#                       Number of acl helper processes to keep ahead of traffic
#                       loads. Squid will spawn this many at once whenever load
#                       rises above the capabilities of existing processes.
#                       Up to the value of children-max. (default 1)
#         concurrency=n concurrency level per process. Only used with helpers
#                       capable of processing more than one query at a time.
#         cache=n       limit the result cache size, default is unbounded.
#         grace=n       Percentage remaining of TTL where a refresh of a
#                       cached entry should be initiated without needing to
#                       wait for a new reply. (default is for no grace period)
#         protocol=2.5  Compatibility mode for Squid-2.5 external acl helpers
#         ipv4 / ipv6   IP protocol used to communicate with this helper.
#                       The default is to auto-detect IPv6 and use it when available.
#
#       FORMAT specifications
#
#         %LOGIN        Authenticated user login name
#         %EXT_USER     Username from previous external acl
#         %EXT_LOG      Log details from previous external acl
#         %EXT_TAG      Tag from previous external acl
#         %IDENT        Ident user name
#         %SRC          Client IP
#         %SRCPORT      Client source port
#         %URI          Requested URI
#         %DST          Requested host
#         %PROTO        Requested protocol
#         %PORT         Requested port
#         %PATH         Requested URL path
#         %METHOD       Request method
#         %MYADDR       Squid interface address
#         %MYPORT       Squid http_port number
#         %PATH         Requested URL-path (including query-string if any)
#         %USER_CERT    SSL User certificate in PEM format
#         %USER_CERTCHAIN SSL User certificate chain in PEM format
#         %USER_CERT_xx SSL User certificate subject attribute xx
#         %USER_CA_xx   SSL User certificate issuer attribute xx
#
#         %>{Header}    HTTP request header "Header"
#         %>{Hdr:member}
#                       HTTP request header "Hdr" list member "member"
#         %>{Hdr:;member}
#                       HTTP request header list member using ; as
#                       list separator. ; can be any non-alphanumeric
#                       character.
#
#         %<{Header}    HTTP reply header "Header"
#         %<{Hdr:member}
#                       HTTP reply header "Hdr" list member "member"
#         %<{Hdr:;member}
#                       HTTP reply header list member using ; as
#                       list separator. ; can be any non-alphanumeric
#                       character.
#
#         %ACL          The name of the ACL being tested.
#         %DATA         The ACL arguments. If not used then any arguments
#                       is automatically added at the end of the line
#                       sent to the helper.
#                       NOTE: this will encode the arguments as one token,
#                       whereas the default will pass each separately.
#
#         %%            The percent sign. Useful for helpers which need
#                       an unchanging input format.
#
#       In addition to the above, any string specified in the referencing
#       acl will also be included in the helper request line, after the
#       specified formats (see the "acl external" directive)
#
#       The helper receives lines per the above format specification,
#       and returns lines starting with OK or ERR indicating the validity
#       of the request and optionally followed by additional keywords with
#       more details.
#
#       General result syntax:
#
#         OK/ERR keyword=value ...
#
#       Defined keywords:
#
#         user=         The users name (login)
#         password=     The users password (for login= cache_peer option)
#         message=      Message describing the reason. Available as %o
#                       in error pages
#         tag=          Apply a tag to a request (for both ERR and OK results)
#                       Only sets a tag, does not alter existing tags.
#         log=          String to be logged in access.log. Available as
#                       %ea in logformat specifications
#
#       If protocol=3.0 (the default) then URL escaping is used to protect
#       each value in both requests and responses.
#
#       If using protocol=2.5 then all values need to be enclosed in quotes
#       if they may contain whitespace, or the whitespace escaped using \.
#       And quotes or \ characters within the keyword value must be \ escaped.
#
#       When using the concurrency= option the protocol is changed by
#       introducing a query channel tag infront of the request/response.
#       The query channel tag is a number between 0 and concurrency-1.
#Default:
# none

配置示例:

        下面这个配置结合了“用户名密码认证(HTTP Basic Auth)”和“自定义的认证”。只有同时通过这两个认证的请求才会被Squid放行(否则会返回403)。

        external_acl_type自定义认证部分后端程序使用自己编写的Python脚本(后面有源码),并将%LOGIN(客户用户名),%SRC(客户端IP) ,%MYADDR(服务端IP)作为命令行参数传递给后端认证程序。

#用户名密码认证:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users.pwd
auth_param basic children 5
auth_param basic realm IPRENT.CN Proxy Auth Required
auth_param basic credentialsttl 2 hours
#使用external_acl_type实现的自定义认证,后台程序 /etc/squid/squid_external_acl_helper.py
#支持多种宏格式,上面帮助文档里面有列举。
#ipv4标记如果不加,可能会看到“external ACL 'ip_user_check' queue overload”异常(cache.log), >>> https://ubuntuforums.org/showthread.php?t=2187256
external_acl_type ip_user_check children-startup=5 ipv4 %LOGIN %SRC %MYADDR /usr/bin/python /etc/squid/squid_external_acl_helper.py

acl ipuseracl external ip_user_check
acl auth_users proxy_auth REQUIRED
http_access allow auth_users ipuseracl

后台程序(Helper program)示例脚本(Python):

这里只写了一个框架(直接返回验证通过),没有加入实际性的逻辑判断,你可以根据传递进来的参数实现复杂的逻辑判断。

# coding: utf-8
# squid_external_acl_helper.py
# Author: redice(qi@site-digger.com)
# Created at: 2016-10-14

# Python版本的Squid external_acl_type扩展ACL后台脚本
# 在squid.conf中的"htcp_access deny all"之前加入如下配置:
#external_acl_type ip_user_check children-startup=5 ipv4 %LOGIN %SRC %MYADDR /usr/bin/python /etc/squid/squid_external_acl_helper.py
#acl ipuseracl external ip_user_check
#http_access allow ipuseracl


import sys
import logging

# 记录日志
# sudo chmod 755 /var/log/squid/squid_auth_helper.log
# sudo chown proxy:proxy /var/log/squid/squid_auth_helper.log
logging.basicConfig(level=logging.DEBUG,
                    format='%(asctime)s %(levelname)s %(message)s',
                    filename='/var/log/squid/squid_auth_helper.log', filemode='a')


if __name__ == '__main__':
    while True:
        # 从stdin读取一行
        line = sys.stdin.readline()
        username, client_ip, local_ip = line.split()
        logging.info('New auth request: username = {}, client_ip = {}, local_ip = {}'.format(username, client_ip, local_ip))
        # 这里直接输出'OK'(通过认证,反之输出'ERR\n')。你可以根据上述参数实现复杂的认证逻辑。
        sys.stdout.write('OK\n')
        sys.stdout.flush()

日志输出示例:

2016-10-14 12:29:11,968 INFO New auth request: username = test, client_ip = 103.27.125.250, local_ip = 58.96.184.54

特别说明:该文章为鲲鹏数据原创文章 ,您除了可以发表评论外,还可以转载到别的网站,但是请保留源地址,谢谢!!(尊重他人劳动,我们共同努力)
☹ Disqus被Qiang了,之前的评论内容都没了。如果您有爬虫相关技术方面的问题,欢迎发到我们的问答平台:http://spider.site-digger.com/
QQ在线客服
欢迎咨询,点击这里给我发送消息。
欢迎咨询,点击这里给我发送消息。