프로그램 사용/squid2019. 2. 11. 10:50

윈도우 기준으로 이야기 하면 크롬에서 설정하는게 아니라

크롬에서는 윈도우 네트워크의 proxy 설정창을 띄워준다.



그리고 나서 LAN 설정의 프록시 서버에, squid를 설치한 서버의 아이피를 치고

squid의 포트를 입력해주면 되는데 해당 설정 파일을 열어보면 아래와 비슷하게 나올 것인데...

# cat /etc/squid/squid.conf

#

# Recommended minimum configuration:

#


# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network


acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT


#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports


# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports


# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager


# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost


#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#


# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost


# And finally deny all other access to this proxy

http_access deny all


# Squid normally listens to port 3128

http_port 3128


# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 100 16 256


# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid


#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320 


별다른 설정을 바꾸지 않았다면 기본값인 3128을 입력해주면 된다.


HIT라고 뜨는게 너무 없네..

다들 정적 페이지가 아니다 보니 그런건가.. 아니면 SSL 문제일려나?

$ cat /var/log/squid/access.log | grep HIT

1549848287.564      0 10.0.0.4 TCP_INM_HIT/304 334 GET http://auction.co.kr/ - HIER_NONE/- text/html

1549848307.300      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208084157581r.jpg - HIER_NONE/- image/jpeg

1549848307.301      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208104540991r.jpg - HIER_NONE/- image/jpeg

1549848307.303      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208120658951r.jpg - HIER_NONE/- image/jpeg

1549848308.566      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html

1549848310.806      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html

1549848311.449      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208110027731r.jpg - HIER_NONE/- image/jpeg

1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208105748851r.jpg - HIER_NONE/- image/jpeg

1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208095050481r.jpg - HIER_NONE/- image/jpeg

1549848521.823      0 10.0.0.4 TCP_MEM_HIT/200 1013 GET http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D - HIER_NONE/- application/ocsp-response

1549848521.832      0 10.0.0.4 TCP_MEM_HIT/200 852 GET http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D - HIER_NONE/- application/ocsp-response

1549848559.829      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D - HIER_NONE/- application/ocsp-response

1549848559.835      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D - HIER_NONE/- application/ocsp-response

1549848559.840      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D - HIER_NONE/- application/ocsp-response

1549848559.846      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D - HIER_NONE/- application/ocsp-response 


일단.. TCP_MISS/200 이면 캐싱되지 않아서 원서버에 직접 요청해서 받는거 같은데

TCP_IMS_HIT/304 이런건 거의 안뜨네...

Such as when an allstaff email goes out saying "check this site out..."

  • TCP_MISS/200 means that the requested document was not in the cache but it could fetch it OK from the web server. The direct at the end says that the file was fetched from the webserver.
  • TCP_IMS_HIT/304 means that the client asked if the file has changed, and squid checked its date/time on the webserver and found it had not changed, so it gave a copy of the file to the client out of its local cache. 

[링크 : https://askubuntu.com/questions/323241/how-to-know-if-squid-proxy-is-doing-the-cache-correctly]

[링크 : https://wiki.squid-cache.org/SquidFaq/SquidLogs]

'프로그램 사용 > squid' 카테고리의 다른 글

haproxy - https proxy  (0) 2019.02.11
squid cache directory  (0) 2019.02.11
squid 설치 및 설정 유틸리티  (0) 2019.02.08
squid 상태 모니터링  (0) 2019.02.08
https proxy - squid  (0) 2019.02.07
Posted by 구차니