更多>>关于我们

西安鲲之鹏网络信息技术有限公司从2010年开始专注于Web(网站)数据抓取领域。致力于为广大中国客户提供准确、快捷的数据采集相关服务。我们采用分布式系统架构,日采集网页数千万。我们拥有海量稳定高匿HTTP代理IP地址池,可以有效绕过各种反采集策略。

您只需告诉我们您想抓取的网站是什么,您感兴趣的字段有哪些,你需要的数据是哪种格式,我们将为您做所有的工作,最后把数据(或程序)交付给你。

数据的格式可以是CSV、JSON、XML、ACCESS、SQLITE、MSSQL、MYSQL等等。

更多>>官方微博

西安鲲之鹏
陕西 西安

加关注

  • 【经验分享】代理服务器出现大量TIME_WAIT怎么破?爬虫客户端用什么库更高效?在本文我们将通过实验给你解答 “与TIME_WAIT相关的一些实验” >>>  http://www.site-digger.com/html/articles/20181109/683.html ​​​​
    发布时间:2018-11-09 16:58:07
  • 【备忘】mitmproxy v0.18.2版本Python script示例  
    归纳了一下公司近期常用的mitmproxy Python script编写示例,通过本示例你将学会在mitmproxy中如何通过外挂Python脚本修改请求和应答数据, >>> http://www.site-digger.com/html/articles/20181109/682.html ​​​​
    发布时间:2018-11-09 16:56:27
  • 【经验分享】自己gcc编译出来的squid可执行程序体积比官方rpm包里的体积大9倍(官方的6MB,自己编译出来的59MB)!使用strip --strip-unneeded file-path 处理之后,体积也变成6MB了!(running strip is a good way to get the size down after you have a binary and the binary is in ELF format. strip just removes debug and unreferenced symbols after the binary has been created.) >>> 参考:http://www.cplusplus.com/forum/unices/123451/
    发布时间:2018-11-07 14:02:55
  • 【干货干货】整整花了2天时间搞的。 iptables DNAT Web流量截取实验 >>> http://www.site-digger.com/html/articles/20181105/681.html ​​​​
    发布时间:2018-11-05 13:09:48
  • 【经验分享-纯干货】SNI导致Python 2.7建立TLS连接出现104错误问题的解决 >>> http://www.site-digger.com/html/articles/20181026/680.html ​​​​
    发布时间:2018-10-26 18:05:14
  • 【经验分享】使用openssl模拟与HTTPS网站的交互 >>> http://www.site-digger.com/html/articles/20181026/679.html ​​​​
    发布时间:2018-10-26 18:01:45
  • 美团外卖北京/上海/广州/杭州/成都五城市商户数据2018年10月份采集更新

    详细字段说明:
    “province” – 省份
    “city” – 城市
    “shop_name” – 店铺名称
    “address” – 店铺地址
    “category” – 大分类
    “third_category” – 小分类
    “phones” – 电话号码
    “score” – 店铺评分
    “min_price” – 起送价
    “month_sales” – 月售
    “shipping_fee” – 配送费
    “per_cost” – 人均消费
    “delivery_time” – 配送时间
    “delivery_tip” – 配送服务信息
    “pic_url” – 店铺图片
    “qualification” – 营业执照
    “shiping_time” – 营业时间
    “lat” – 纬度
    “lng” – 经度
    “comment_num” – 评论数

    >>> http://www.data-shop.net/2018/10/%E7%BE%8E%E5%9B%A2%E5%A4%96%E5%8D%96%E5%8C%97%E4%BA%AC%E4%B8%8A%E6%B5%B7%E5%B9%BF%E5%B7%9E%E6%9D%AD%E5%B7%9E%E6%88%90%E9%83%BD%E4%BA%94%E5%9F%8E%E5%B8%82%E5%95%86%E6%88%B7%E6%95%B0%E6%8D%AE2018/
    发布时间:2018-10-25 17:47:47
  • Selenium+Chrome淘宝正常登录方案演示:
    1. 不做特殊处理情况下,Selenium无法正常登录淘宝,会出验无法完成的验证码;
    2. 经过特殊处理后,成功突破淘宝对Selenium的检测,完美登录成功(连验证码都不会出现)。
    点击链接查看演示视频: >>> http://t.cn/EzdwqSY ​​​​
    发布时间:2018-10-22 16:55:09
  • 【经验分享】如何根据淘宝/天猫的分类ID(categoryId值)获取对应的分类名称?

    (1) 如图1所示,先从商品源码获取"categoryId"参数值,例如1512;
    (2)如图2所示,查表可知对应分类名称为"手机";

    点击这里购买该分类映射表(2018年10月份采集更新):
    http://t.cn/EzwnBs1 ​​​​
    发布时间:2018-10-17 11:46:05
  • FontEditor Online 赞! >>> http://t.cn/RKDTzTV ​​​​
    发布时间:2018-10-11 14:14:20
当前位置: 首页 > 技术文章 >
squid external_acl_type介绍及后台程序编写示例
发布时间:2016-10-17 来源:未知 浏览:

        近日我在查询Squid相关问题时无意在谷歌搜索结果中看到external_acl_type,然后详细了解了一下,发现它功能是在太强大了。
        利用external_acl_type可以自定义一种Squid的ACL类型,并且可以指定一个自定义的后端程序(Helper Program)。我们可以向这个后端程序动态传递很多有用的参数,例如客户端IP (%SRC,) 服务端IP( %MYADDR),客户端访问的URL( %PATH),访问者的用户名( %LOGIN)等变量,然后在认证程序中我们可以根据这些变量实现复杂的逻辑认证。PS:我在网上找了很久都没找到介绍这些变量参数含义的,最后抱着试一试的想法在squid.conf的注释中找到的详细的说明(如下FORMAT specifications部分)。

#  TAG: external_acl_type
#       This option defines external acl classes using a helper program
#       to look up the status
#
#         external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..]
#
#       Options:
#
#         ttl=n         TTL in seconds for cached results (defaults to 3600
#                       for 1 hour)
#         negative_ttl=n
#                       TTL for cached negative lookups (default same
#                       as ttl)
#         children-max=n
#                       Maximum number of acl helper processes spawned to service
#                       external acl lookups of this type. (default 20)
#         children-startup=n
#                       Minimum number of acl helper processes to spawn during
#                       startup and reconfigure to service external acl lookups
#                       of this type. (default 0)
#         children-idle=n
#                       Number of acl helper processes to keep ahead of traffic
#                       loads. Squid will spawn this many at once whenever load
#                       rises above the capabilities of existing processes.
#                       Up to the value of children-max. (default 1)
#         concurrency=n concurrency level per process. Only used with helpers
#                       capable of processing more than one query at a time.
#         cache=n       limit the result cache size, default is unbounded.
#         grace=n       Percentage remaining of TTL where a refresh of a
#                       cached entry should be initiated without needing to
#                       wait for a new reply. (default is for no grace period)
#         protocol=2.5  Compatibility mode for Squid-2.5 external acl helpers
#         ipv4 / ipv6   IP protocol used to communicate with this helper.
#                       The default is to auto-detect IPv6 and use it when available.
#
#       FORMAT specifications
#
#         %LOGIN        Authenticated user login name
#         %EXT_USER     Username from previous external acl
#         %EXT_LOG      Log details from previous external acl
#         %EXT_TAG      Tag from previous external acl
#         %IDENT        Ident user name
#         %SRC          Client IP
#         %SRCPORT      Client source port
#         %URI          Requested URI
#         %DST          Requested host
#         %PROTO        Requested protocol
#         %PORT         Requested port
#         %PATH         Requested URL path
#         %METHOD       Request method
#         %MYADDR       Squid interface address
#         %MYPORT       Squid http_port number
#         %PATH         Requested URL-path (including query-string if any)
#         %USER_CERT    SSL User certificate in PEM format
#         %USER_CERTCHAIN SSL User certificate chain in PEM format
#         %USER_CERT_xx SSL User certificate subject attribute xx
#         %USER_CA_xx   SSL User certificate issuer attribute xx
#
#         %>{Header}    HTTP request header "Header"
#         %>{Hdr:member}
#                       HTTP request header "Hdr" list member "member"
#         %>{Hdr:;member}
#                       HTTP request header list member using ; as
#                       list separator. ; can be any non-alphanumeric
#                       character.
#
#         %<{Header}    HTTP reply header "Header"
#         %<{Hdr:member}
#                       HTTP reply header "Hdr" list member "member"
#         %<{Hdr:;member}
#                       HTTP reply header list member using ; as
#                       list separator. ; can be any non-alphanumeric
#                       character.
#
#         %ACL          The name of the ACL being tested.
#         %DATA         The ACL arguments. If not used then any arguments
#                       is automatically added at the end of the line
#                       sent to the helper.
#                       NOTE: this will encode the arguments as one token,
#                       whereas the default will pass each separately.
#
#         %%            The percent sign. Useful for helpers which need
#                       an unchanging input format.
#
#       In addition to the above, any string specified in the referencing
#       acl will also be included in the helper request line, after the
#       specified formats (see the "acl external" directive)
#
#       The helper receives lines per the above format specification,
#       and returns lines starting with OK or ERR indicating the validity
#       of the request and optionally followed by additional keywords with
#       more details.
#
#       General result syntax:
#
#         OK/ERR keyword=value ...
#
#       Defined keywords:
#
#         user=         The users name (login)
#         password=     The users password (for login= cache_peer option)
#         message=      Message describing the reason. Available as %o
#                       in error pages
#         tag=          Apply a tag to a request (for both ERR and OK results)
#                       Only sets a tag, does not alter existing tags.
#         log=          String to be logged in access.log. Available as
#                       %ea in logformat specifications
#
#       If protocol=3.0 (the default) then URL escaping is used to protect
#       each value in both requests and responses.
#
#       If using protocol=2.5 then all values need to be enclosed in quotes
#       if they may contain whitespace, or the whitespace escaped using \.
#       And quotes or \ characters within the keyword value must be \ escaped.
#
#       When using the concurrency= option the protocol is changed by
#       introducing a query channel tag infront of the request/response.
#       The query channel tag is a number between 0 and concurrency-1.
#Default:
# none

配置示例:

        下面这个配置结合了“用户名密码认证(HTTP Basic Auth)”和“自定义的认证”。只有同时通过这两个认证的请求才会被Squid放行(否则会返回403)。

        external_acl_type自定义认证部分后端程序使用自己编写的Python脚本(后面有源码),并将%LOGIN(客户用户名),%SRC(客户端IP) ,%MYADDR(服务端IP)作为命令行参数传递给后端认证程序。

#用户名密码认证:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users.pwd
auth_param basic children 5
auth_param basic realm IPRENT.CN Proxy Auth Required
auth_param basic credentialsttl 2 hours
#使用external_acl_type实现的自定义认证,后台程序 /etc/squid/squid_external_acl_helper.py
#支持多种宏格式,上面帮助文档里面有列举。
#ipv4标记如果不加,可能会看到“external ACL 'ip_user_check' queue overload”异常(cache.log), >>> https://ubuntuforums.org/showthread.php?t=2187256
external_acl_type ip_user_check children-startup=5 ipv4 %LOGIN %SRC %MYADDR /usr/bin/python /etc/squid/squid_external_acl_helper.py

acl ipuseracl external ip_user_check
acl auth_users proxy_auth REQUIRED
http_access allow auth_users ipuseracl

后台程序(Helper program)示例脚本(Python):

这里只写了一个框架(直接返回验证通过),没有加入实际性的逻辑判断,你可以根据传递进来的参数实现复杂的逻辑判断。

# coding: utf-8
# squid_external_acl_helper.py
# Author: redice(qi@site-digger.com)
# Created at: 2016-10-14

# Python版本的Squid external_acl_type扩展ACL后台脚本
# 在squid.conf中的"htcp_access deny all"之前加入如下配置:
#external_acl_type ip_user_check children-startup=5 ipv4 %LOGIN %SRC %MYADDR /usr/bin/python /etc/squid/squid_external_acl_helper.py
#acl ipuseracl external ip_user_check
#http_access allow ipuseracl


import sys
import logging

# 记录日志
# sudo chmod 755 /var/log/squid/squid_auth_helper.log
# sudo chown proxy:proxy /var/log/squid/squid_auth_helper.log
logging.basicConfig(level=logging.DEBUG,
                    format='%(asctime)s %(levelname)s %(message)s',
                    filename='/var/log/squid/squid_auth_helper.log', filemode='a')


if __name__ == '__main__':
    while True:
        # 从stdin读取一行
        line = sys.stdin.readline()
        username, client_ip, local_ip = line.split()
        logging.info('New auth request: username = {}, client_ip = {}, local_ip = {}'.format(username, client_ip, local_ip))
        # 这里直接输出'OK'(通过认证,反之输出'ERR\n')。你可以根据上述参数实现复杂的认证逻辑。
        sys.stdout.write('OK\n')
        sys.stdout.flush()

日志输出示例:

2016-10-14 12:29:11,968 INFO New auth request: username = test, client_ip = 103.27.125.250, local_ip = 58.96.184.54

特别说明:该文章为鲲鹏数据原创文章 ,您除了可以发表评论外,还可以转载到别的网站,但是请保留源地址,谢谢!!(尊重他人劳动,我们共同努力)
☹ Disqus被Qiang了,之前的评论内容都没了。如果您有爬虫相关技术方面的问题,欢迎发到我们的问答平台:http://spider.site-digger.com/
QQ在线客服
欢迎咨询,点击这里给我发送消息。
欢迎咨询,点击这里给我发送消息。