[링크 : https://wiki.squid-cache.org/SquidFaq/WindowsUpdate]

[링크 : https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts]

[링크 : https://wiki.squid-cache.org/ConfigExamples/DynamicContent/Coordinator]

'프로그램 사용 > squid' 카테고리의 다른 글

squid cache hit rate 올리기  (0) 2019.02.14
squid 비디오 차단  (0) 2019.02.13
squid 윈도우 업데이트 캐싱  (0) 2019.02.13
squid cache 정책  (0) 2019.02.13
squid log format  (0) 2019.02.13
squid refresh_pattern  (0) 2019.02.12
Posted by 구차니

댓글을 달아 주세요


[링크 : http://www.gnujava.com/board/article_view.jsp?article_no=2211&...&table_no=05]

[링크 : https://openature.com/554]

[링크 : https://www.itmedia.co.jp/enterprise/articles/0812/01/news024.html]

'프로그램 사용 > squid' 카테고리의 다른 글

squid 비디오 차단  (0) 2019.02.13
squid 윈도우 업데이트 캐싱  (0) 2019.02.13
squid cache 정책  (0) 2019.02.13
squid log format  (0) 2019.02.13
squid refresh_pattern  (0) 2019.02.12
squid cachemgr  (0) 2019.02.12
Posted by 구차니

댓글을 달아 주세요


[링크 : https://wiki.squid-cache.org/Features/LogFormat]

[링크 : http://www.squid-cache.org/Doc/config/logformat/]


+

2019.02.18


access log

[링크 : https://wiki.squid-cache.org/SquidFaq/SquidLogs#access.log]


(1) TCP_HIT, TCP_MEM_HIT

    요청한 컨텐츠가 캐시에 있어서 응답한 경우


(2) TCP_MISS

    요청한 컨텐츠가 캐시에 없어서 실제 서버로 요청을 하여 응답한 경우

    대부분 이미지 외 것에 해당한다.


(3) TCP_IMS_HIT

    클라이언트가 If-Modified-Since 필드를 요청 헤더에 보냈는데 HIT가 났다는 의미이다. 

    만약 결과 HTTP코드값이 '304 Not Modified'로 나왔다면 캐시는

    클라이언트로 컨텐츠를 보낼 필요없이 클라이언트 브라우저에 있는 컨텐츠를 사용한다는 의미이다.


(4) TCP_IMS_MISS 

    요청헤더에 If-Modified-Since 가 포함되어 있지만 캐시가 신선하지 않다고 판단되어 실제 서버로 재요청을 한 경우


(5) TCP_REFRESH_HIT 

    요청한 컨텐츠가 신선하지 않아 실제 서버로 요청했는데 '304 Not Modified'를 받아 캐시에서 클라이언트로 응답한 경우


(6) TCP_REFRESH_MISS 

    요청한 컨텐츠가 신선하지 않아 실제 서버로 요청했는데 

    서버에서 새로운 컨텐츠를 전송받아 캐시에 저장하고 다시 클라이언트로 응답


(7) TCP_CLIENT_REFRESH 

    클라이언트 요청 헤더에 'no_cache'를 포함한 경우


(8) TCP_CLIENT_REFRESH_MISS 

    클라이언트 요청에 'no-cache'나 'no-store'같은 캐시를 제어하는 필드를 포함하여서 

    캐시가 서버로부터 컨텐츠를 가져왔을때


(9) TCP_DENIED 

    클라이언트 요청이 캐시에 의해서 거절당했을 경우(컨텐츠필터링과 연관) 

[링크 : http://egloos.zum.com/darkit/v/221572]


* Matched If-None-Match requests are logged as TCP_INM_HIT (proposed by Amos)

* If-Modified-Since requests for modified cached objects are processed as normal HITs

* Not matched If-None-Match requests for cached objects are processed as normal HITs

* If-Modified-Since header is ignored if If-None-Match header exists (RFC7232 compliance) 

[링크 : http://lists.squid-cache.org/pipermail/squid-dev/2016-November/007315.html]

'프로그램 사용 > squid' 카테고리의 다른 글

squid 윈도우 업데이트 캐싱  (0) 2019.02.13
squid cache 정책  (0) 2019.02.13
squid log format  (0) 2019.02.13
squid refresh_pattern  (0) 2019.02.12
squid cachemgr  (0) 2019.02.12
howto make squid as https proxy  (0) 2019.02.11
Posted by 구차니

댓글을 달아 주세요

squid.conf에 이런게 있어서 무슨 의미인가 보는 중

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320 


봐도 모르겠다!!!!

usage: refresh_pattern [-i] regex min percent max [options]


By default, regular expressions are CASE-SENSITIVE.  To make

them case-insensitive, use the -i option.


'Min' is the time (in minutes) an object without an explicit

expiry time should be considered fresh. The recommended

value is 0, any higher values may cause dynamic applications

to be erroneously cached unless the application designer

has taken the appropriate actions.


'Percent' is a percentage of the objects age (time since last

modification age) an object without explicit expiry time

will be considered fresh.


'Max' is an upper limit on how long objects without an explicit

expiry time will be considered fresh. The value is also used

to form Cache-Control: max-age header for a request sent from

Squid to origin/parent.


options: override-expire

override-lastmod

reload-into-ims

ignore-reload

ignore-no-store

ignore-private

max-stale=NN

refresh-ims

store-stale

[링크 : http://www.squid-cache.org/Doc/config/refresh_pattern/]


기본적인 걸 캐싱하지 않도록 되어 있는데 이걸 60분으로 바꾸니 먼가 되긴 하는 듯?

#refresh_pattern .              0       20%     4320

refresh_pattern .               60      20%     4320 

[링크 : http://etutorials.org/.../Chapter+7.+Disk+Cache+Basics/7.7+refresh_pattern/]

'프로그램 사용 > squid' 카테고리의 다른 글

squid cache 정책  (0) 2019.02.13
squid log format  (0) 2019.02.13
squid refresh_pattern  (0) 2019.02.12
squid cachemgr  (0) 2019.02.12
howto make squid as https proxy  (0) 2019.02.11
ssl_crtd : The ssl_crtd helpers are crashing too rapidly, need help!  (0) 2019.02.11
Posted by 구차니

댓글을 달아 주세요

일단.. 아래와 같이 squid.conf에서 하나를 막아주면, 다른데서도 접속이 가능한데

# Only allow cachemgr access from localhost

http_access allow localhost manager

#http_access deny manager 


proxy ip로 접근하니 안되고 아래 링크를 추천(?) 해줘서 가니 되긴 한다.

http://localhost.localdomain:3128/squid-internal-mgr/info 


[링크 : https://wiki.squid-cache.org/Features/CacheManager]

[링크 : https://wiki.squid-cache.org/ManagerCgiTool]

[링크 : https://wiki.squid-cache.org/SquidClientTool]

[링크 : https://www.pks.mpg.de/~.../suse10.2/html/opensuse-manual_en/manual/sec.squid.cachemgr.html]

'프로그램 사용 > squid' 카테고리의 다른 글

squid log format  (0) 2019.02.13
squid refresh_pattern  (0) 2019.02.12
squid cachemgr  (0) 2019.02.12
howto make squid as https proxy  (0) 2019.02.11
ssl_crtd : The ssl_crtd helpers are crashing too rapidly, need help!  (0) 2019.02.11
haproxy - https proxy  (0) 2019.02.11
Posted by 구차니

댓글을 달아 주세요

상태 : https proxy는 되나 , cache 까지 되는건 확인하지 못함(HIT가 드럽게 안뜸!!!)



Step 1. squid, openssl, bind 패키지를 설치

# yum install bind squid openssl 


Step 2. SSL 키를 생성(서버용, 클라이언트 용) - 1년짜리로 생성

# mkdir /etc/squid/ssl_cert

# chown -R squid.squid /etc/squid/ssl_cert

# cd /etc/squid/ssl_cert

# openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout proxyCA.pem  -out proxyCA.pem

# openssl x509 -in proxyCA.pem -outform DER -out proxyCA.der  


Step 3. SSL_DB를 생성

# /usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db

# chown -R squid.squid /var/lib/ssl_db


Step 4. bind 설정

# vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//


acl mynet {

    192.168.201.0/24; # test network

    127.0.0.1; # localhost

    };


options {

    listen-on { 

        mynet;

        };

    listen-on-v6 port 53 { ::1; };

    directory     "/var/named";

    dump-file     "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { mynet; };

    recursion yes;

    

    forward only;

    forwarders {

        8.8.8.8;

        };


    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;


    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";


    managed-keys-directory "/var/named/dynamic";

};


logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};


zone "." IN {

    type hint;

    file "named.ca";

};


include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";


#############################################

#    home.lan

#############################################


zone "home.lan" IN {

    type master;

    file "/var/named/home.lan/db.home";

    allow-query {

    mynet;

    };

    };


# mkdir /var/named/home.lan

# touch /var/named/home.lan/db.home

# chown -R named.named /var/named/home.lan


# vi /var/named/home.lan/db.home

$ORIGIN home.lan.

$TTL 86400

@    IN    SOA    proxy.home.lan.    proxy.home.lan. (

    2014032801 ; Serial

    28800 ; Refresh

    7200 ; Retry

    604800 ; Expire

    86400 ; Negative Cache TTL

    )

@    IN    NS    proxy.home.lan.

proxy    IN    A    192.168.201.250

# vi /etc/resolv.conf

search localdomain home.lan

nameserver 127.0.0.1 


Step 5. squid 설정

x.x.x.x 부분에는 proxy 서버의 아이피를 반드시 넣어야 한다. 넣지 않으면 아래같은 에러 발생함.

Bungled /etc/squid/squid.conf line 70: generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

# vim /etc/squid/squid.conf

#

# Recommended minimum configuration:

#


# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl localnet src 127.0.0.1


acl SSL_ports port 443

acl Safe_ports port 80      # http

acl Safe_ports port 21      # ftp

acl Safe_ports port 443     # https

acl Safe_ports port 70      # gopher

acl Safe_ports port 210     # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280     # http-mgmt

acl Safe_ports port 488     # gss-http

acl Safe_ports port 591     # filemaker

acl Safe_ports port 777     # multiling http

acl CONNECT method CONNECT


sslproxy_cert_error allow all

#disable this in production, it is dangerous but useful for testing

#sslproxy_flags DONT_VERIFY_PEER

#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports


# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports


# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager


# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost


#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#


# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost


# And finally deny all other access to this proxy

http_access deny all


# Squid normally listens to port 3128

http_port 3128


# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /var/cache/squid 100 16 256


# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid


http_port x.x.x.x:3129 ssl-bump  \

  cert=/etc/squid/ssl_cert/myCA.pem \

  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB


#this is what generates certs on the fly. Point to the CA you generated above.


https_port x.x.x.x:3130 ssl-bump intercept \

  cert=/etc/squid/ssl_cert/myCA.pem \

  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB


acl step1 at_step SslBump1


ssl_bump peek step1

ssl_bump stare all

ssl_bump bump all

always_direct allow all


#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:       1440    20% 10080

refresh_pattern ^gopher:    1440    0%  1440

refresh_pattern -i (/cgi-bin/|\?) 0 0%  0

refresh_pattern .       0   20% 4320 


Step 6. 클라이언트 측 인증서 등록







문서 상으로는 "Root Trusted Certificates" 에 등록하라는데 막상 수동으로 등록해 주어도 다른데서 나오네..

[링크 : http://roberts.bplaced.net/.../centos-6-guides/proxy-server/squid-transparent-proxy-http-https]


Step 7. 클라이언트 측 Proxy 설정

HTTP와 HTTPS를 다르게 설정했으니 포트도 서로 다르게 설정해야 한다.

  


Step 8. 확인

네이버 인증서가 임의로 발급한 루트 인증서로 바뀌어치기 된걸 확인할 수 있다.


--------------



+

2019.02.12

[링크 : https://www.tekyhost.com/squid-proxy-squid-caching-and-filtering-proxy/]

'프로그램 사용 > squid' 카테고리의 다른 글

squid refresh_pattern  (0) 2019.02.12
squid cachemgr  (0) 2019.02.12
howto make squid as https proxy  (0) 2019.02.11
ssl_crtd : The ssl_crtd helpers are crashing too rapidly, need help!  (0) 2019.02.11
haproxy - https proxy  (0) 2019.02.11
squid cache directory  (0) 2019.02.11
Posted by 구차니

댓글을 달아 주세요

의외로 엉뚱한(?) 에러..

감이 오는 녀석도 없고 때려 잡다가 겨우 찾았네..


$ ll /usr/lib64/squid

합계 872

-rwxr-xr-x 1 root root  5399  1월 30 02:50 basic_db_auth

-rwxr-xr-x 1 root root 11440  1월 30 02:51 basic_getpwnam_auth

-rwxr-xr-x 1 root root 23856  1월 30 02:51 basic_ldap_auth

-rwxr-xr-x 1 root root  5502  1월 30 02:50 basic_msnt_multi_domain_auth

-rwxr-xr-x 1 root root 24112  1월 30 02:51 basic_ncsa_auth

-rwxr-xr-x 1 root root 15568  1월 30 02:51 basic_nis_auth

-rwxr-xr-x 1 root root 19752  1월 30 02:51 basic_pam_auth

-rwxr-xr-x 1 root root  2975  1월 30 02:50 basic_pop3_auth

-rwxr-xr-x 1 root root 20136  1월 30 02:51 basic_radius_auth

-rwxr-xr-x 1 root root 15544  1월 30 02:51 basic_sasl_auth

-rwxr-xr-x 1 root root 15624  1월 30 02:51 basic_smb_auth

-rwxr-xr-x 1 root root  2657  1월 30 02:50 basic_smb_auth.sh

-rwxr-xr-x 1 root root 41584  1월 30 02:51 basic_smb_lm_auth

-rwxr-xr-x 1 root root 71424  1월 30 02:51 cachemgr.cgi

-rwxr-xr-x 1 root root  2515  1월 30 02:50 cert_tool

-rwxr-xr-x 1 root root 32272  1월 30 02:51 digest_edirectory_auth

-rwxr-xr-x 1 root root 24184  1월 30 02:51 digest_file_auth

-rwxr-xr-x 1 root root 28096  1월 30 02:51 digest_ldap_auth

-rwxr-xr-x 1 root root 20088  1월 30 02:51 diskd

-rwxr-xr-x 1 root root 15664  1월 30 02:51 ext_file_userip_acl

-rwxr-xr-x 1 root root 81984  1월 30 02:51 ext_kerberos_ldap_group_acl

-rwxr-xr-x 1 root root 23848  1월 30 02:51 ext_ldap_group_acl

-rwxr-xr-x 1 root root 11392  1월 30 02:51 ext_session_acl

-rwxr-xr-x 1 root root 15624  1월 30 02:51 ext_time_quota_acl

-rwxr-xr-x 1 root root 15608  1월 30 02:51 ext_unix_group_acl

-rwxr-xr-x 1 root root  5063  1월 30 02:50 ext_wbinfo_group_acl

-rwxr-xr-x 1 root root  5393  1월 30 02:50 helper-mux.pl

-rwxr-xr-x 1 root root 12449  1월 30 02:50 log_db_daemon

-rwxr-xr-x 1 root root 11400  1월 30 02:51 log_file_daemon

-rwxr-xr-x 1 root root 44760  1월 30 02:51 negotiate_kerberos_auth

-rwxr-xr-x 1 root root 15736  1월 30 02:51 negotiate_kerberos_auth_test

-rwxr-xr-x 1 root root 19832  1월 30 02:51 ntlm_fake_auth

-rwxr-xr-x 1 root root 63176  1월 30 02:51 ntlm_smb_lm_auth

-rwxr-xr-x 1 root root 87320  1월 30 02:51 ssl_crtd

-rwxr-xr-x 1 root root  3908  1월 30 02:50 storeid_file_rewrite

-rwxr-xr-x 1 root root 11312  1월 30 02:51 unlinkd

-rwxr-xr-x 1 root root 11368  1월 30 02:51 url_fake_rewrite

-rwxr-xr-x 1 root root  2526  1월 30 02:50 url_fake_rewrite.sh 


# ./ssl_crtd -c -s /var/lib/ssl_db

Initialization SSL db...

Done


# ll /var/lib/ssl_db/

합계 4

drwxr-xr-x 2 root root 6  2월 11 15:38 certs

-rw-r--r-- 1 root root 0  2월 11 15:38 index.txt

-rw-r--r-- 1 root root 1  2월 11 15:38 size 


[링크 : https://chimera40.wordpress.com/2018/07/18/install-and-configure-squid-with-ssl-bump.../]

'프로그램 사용 > squid' 카테고리의 다른 글

squid cachemgr  (0) 2019.02.12
howto make squid as https proxy  (0) 2019.02.11
ssl_crtd : The ssl_crtd helpers are crashing too rapidly, need help!  (0) 2019.02.11
haproxy - https proxy  (0) 2019.02.11
squid cache directory  (0) 2019.02.11
squid + 크롬 설정 및 log 확인  (0) 2019.02.11
Posted by 구차니

댓글을 달아 주세요


[링크 : https://serversforhackers.com/c/using-ssl-certificates-with-haproxy]

[링크 : https://www.securesign.kr/guides/HAProxy-SSL-Certificates-Install]

[링크 : https://blog.onlab.kr/2016/07/29/haproxy-ssl-가능하게-설치/]


헐.. caching 까진 지원을 못하나 보네..

[링크 : https://serverfault.com/questions/780150/how-to-cache-contents-in-haproxy]


프로젝트 포크한건가? 얘는 캐쉬된다고

[링크 : https://github.com/jiangwenyuan/nuster]

Posted by 구차니

댓글을 달아 주세요

squid 설정해도 무언가 저장하는게 없는거 같아 설정파일을 보다보니

cache_dir 이라는게 기본값으로는 주석처리 되어 있다. 

아무튼.. 이걸 해지하고 재가동하니 무언가 생기긴 하는데 내용을 보니


ufs라는 파일 시스템으로 생성되고 최대 100MB 까지 캐싱을 하도록 설정한다 라는 의미인 듯..

16 256 으로 이해


Edit the main configuration file, /etc/squid/squid.conf and confirm that the cache_dir directive is uncommented and looks similar to the following:
cache_dir ufs /var/spool/squid 100 16 256 

This line specifies the default settings for the cache_dir directive to be used in this example; it consists of the Squid storage format (ufs), the directory on the system where the cache resides (/var/spool/squid), the amount of disk space in megabytes to be used for the cache (100), and finally the number of first-level and second-level cache directories to be created (16 and 256 respectively). 

[링크 : https://access.redhat.com/.../sect-managing_confined_services-squid_caching_proxy-configuration_examples]



아래와 같은 형상으로 생겨났는데.. 저런 이유로(?) 1차, 2차 캐시로 구분이 되도록 생성되는 것으로 보인다.

# tree /var/spool/squid

/var/spool/squid

├── 00

│   ├── 00

│   │   ├── 00000000

│   │   ├── 00000001

│   │   ├── 00000002

│   │   ├── 00000003

...

│   │   ├── 0000005D

│   │   └── 0000005E

│   ├── 01

│   ├── 02

│   ├── 03

│   ├── 04

│   ├── 05

│   ├── 06

│   ├── 07

│   ├── 08

...

   └── FF

├── 01

│   ├── 00

│   ├── 01


...

│   └── FF

└── swap.state

 


파일 자체는.. DBase 3 데이터 파일이라는데... 실 데이터는 다른데 있는 건가?

# file /var/spool/squid/00/00/*

/var/spool/squid/00/00/00000000: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000001: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000002: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000003: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000004: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000005: DBase 3 data file (1049344 records)

/var/spool/squid/00/00/00000006: little endian ispell hash file (?), 8-bit, no capitalization, 26 flags and 768 string characters

... 



Posted by 구차니

댓글을 달아 주세요

윈도우 기준으로 이야기 하면 크롬에서 설정하는게 아니라

크롬에서는 윈도우 네트워크의 proxy 설정창을 띄워준다.



그리고 나서 LAN 설정의 프록시 서버에, squid를 설치한 서버의 아이피를 치고

squid의 포트를 입력해주면 되는데 해당 설정 파일을 열어보면 아래와 비슷하게 나올 것인데...

# cat /etc/squid/squid.conf

#

# Recommended minimum configuration:

#


# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network


acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT


#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports


# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports


# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager


# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost


#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#


# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost


# And finally deny all other access to this proxy

http_access deny all


# Squid normally listens to port 3128

http_port 3128


# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 100 16 256


# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid


#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320 


별다른 설정을 바꾸지 않았다면 기본값인 3128을 입력해주면 된다.


HIT라고 뜨는게 너무 없네..

다들 정적 페이지가 아니다 보니 그런건가.. 아니면 SSL 문제일려나?

$ cat /var/log/squid/access.log | grep HIT

1549848287.564      0 10.0.0.4 TCP_INM_HIT/304 334 GET http://auction.co.kr/ - HIER_NONE/- text/html

1549848307.300      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208084157581r.jpg - HIER_NONE/- image/jpeg

1549848307.301      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208104540991r.jpg - HIER_NONE/- image/jpeg

1549848307.303      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208120658951r.jpg - HIER_NONE/- image/jpeg

1549848308.566      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html

1549848310.806      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html

1549848311.449      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208110027731r.jpg - HIER_NONE/- image/jpeg

1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208105748851r.jpg - HIER_NONE/- image/jpeg

1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208095050481r.jpg - HIER_NONE/- image/jpeg

1549848521.823      0 10.0.0.4 TCP_MEM_HIT/200 1013 GET http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D - HIER_NONE/- application/ocsp-response

1549848521.832      0 10.0.0.4 TCP_MEM_HIT/200 852 GET http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D - HIER_NONE/- application/ocsp-response

1549848559.829      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D - HIER_NONE/- application/ocsp-response

1549848559.835      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D - HIER_NONE/- application/ocsp-response

1549848559.840      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D - HIER_NONE/- application/ocsp-response

1549848559.846      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D - HIER_NONE/- application/ocsp-response 


일단.. TCP_MISS/200 이면 캐싱되지 않아서 원서버에 직접 요청해서 받는거 같은데

TCP_IMS_HIT/304 이런건 거의 안뜨네...

Such as when an allstaff email goes out saying "check this site out..."

  • TCP_MISS/200 means that the requested document was not in the cache but it could fetch it OK from the web server. The direct at the end says that the file was fetched from the webserver.
  • TCP_IMS_HIT/304 means that the client asked if the file has changed, and squid checked its date/time on the webserver and found it had not changed, so it gave a copy of the file to the client out of its local cache. 

[링크 : https://askubuntu.com/questions/323241/how-to-know-if-squid-proxy-is-doing-the-cache-correctly]

[링크 : https://wiki.squid-cache.org/SquidFaq/SquidLogs]

'프로그램 사용 > squid' 카테고리의 다른 글

haproxy - https proxy  (0) 2019.02.11
squid cache directory  (0) 2019.02.11
squid + 크롬 설정 및 log 확인  (0) 2019.02.11
squid 설치 및 설정 유틸리티  (0) 2019.02.08
squid 상태 모니터링  (0) 2019.02.08
https proxy - squid  (0) 2019.02.07
Posted by 구차니

댓글을 달아 주세요