squid + 크롬 설정 및 log 확인

윈도우 기준으로 이야기 하면 크롬에서 설정하는게 아니라

크롬에서는 윈도우 네트워크의 proxy 설정창을 띄워준다.

그리고 나서 LAN 설정의 프록시 서버에, squid를 설치한 서버의 아이피를 치고

squid의 포트를 입력해주면 되는데 해당 설정 파일을 열어보면 아래와 비슷하게 나올 것인데...

# cat /etc/squid/squid.conf # # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80          # http acl Safe_ports port 21          # ftp acl Safe_ports port 443         # https acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl Safe_ports port 280         # http-mgmt acl Safe_ports port 488         # gss-http acl Safe_ports port 591         # filemaker acl Safe_ports port 777         # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp:           1440    20%     10080 refresh_pattern ^gopher:        1440    0%      1440 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0 refresh_pattern .               0       20%     4320

별다른 설정을 바꾸지 않았다면 기본값인 3128을 입력해주면 된다.

HIT라고 뜨는게 너무 없네..

다들 정적 페이지가 아니다 보니 그런건가.. 아니면 SSL 문제일려나?

$ cat /var/log/squid/access.log | grep HIT 1549848287.564      0 10.0.0.4 TCP_INM_HIT/304 334 GET http://auction.co.kr/ - HIER_NONE/- text/html 1549848307.300      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208084157581r.jpg - HIER_NONE/- image/jpeg 1549848307.301      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208104540991r.jpg - HIER_NONE/- image/jpeg 1549848307.303      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208120658951r.jpg - HIER_NONE/- image/jpeg 1549848308.566      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html 1549848310.806      0 10.0.0.4 TCP_INM_HIT/304 333 GET http://www.auction.co.kr/ - HIER_NONE/- text/html 1549848311.449      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208110027731r.jpg - HIER_NONE/- image/jpeg 1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208105748851r.jpg - HIER_NONE/- image/jpeg 1549848311.453      0 10.0.0.4 TCP_IMS_HIT/304 315 GET http://image.iacstatic.co.kr/allkill/item/2019/02/20190208095050481r.jpg - HIER_NONE/- image/jpeg 1549848521.823      0 10.0.0.4 TCP_MEM_HIT/200 1013 GET http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D - HIER_NONE/- application/ocsp-response 1549848521.832      0 10.0.0.4 TCP_MEM_HIT/200 852 GET http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D - HIER_NONE/- application/ocsp-response 1549848559.829      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D - HIER_NONE/- application/ocsp-response 1549848559.835      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D - HIER_NONE/- application/ocsp-response 1549848559.840      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D - HIER_NONE/- application/ocsp-response 1549848559.846      0 10.0.0.4 TCP_MEM_HIT/200 961 GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D - HIER_NONE/- application/ocsp-response

일단.. TCP_MISS/200 이면 캐싱되지 않아서 원서버에 직접 요청해서 받는거 같은데

TCP_IMS_HIT/304 이런건 거의 안뜨네...

Such as when an allstaff email goes out saying "check this site out..." TCP_MISS/200 means that the requested document was not in the cache but it could fetch it OK from the web server. The direct at the end says that the file was fetched from the webserver. TCP_IMS_HIT/304 means that the client asked if the file has changed, and squid checked its date/time on the webserver and found it had not changed, so it gave a copy of the file to the client out of its local cache.

[링크 : https://askubuntu.com/questions/323241/how-to-know-if-squid-proxy-is-doing-the-cache-correctly]

[링크 : https://wiki.squid-cache.org/SquidFaq/SquidLogs]