[root@serv ~]# service squid start
init_cache_dir /var/spool/squid... Starting squid: . [ OK ]
[root@serv ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LIST
EN 1774/xinetd
tcp 0 0 10.1.1.1:53 0.0.0.0:* LIST
EN 1451/named
tcp 0 0 192.168.58.10:53 0.0.0.0:* LIST
EN 1451/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LIST
EN 1451/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LIST
EN 1774/xinetd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LIST
EN 1728/cupsd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LIST
EN 2513/(squid)
tcp 0 0 127.0.0.1:25 0.0.0.0:* LIST
EN 1790/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LIST
EN 1451/named
tcp 0 0 :::80 :::* LIST
EN 1821/httpd
[root@serv spool]# cd /var/spool/squid
[root@serv squid]# ls
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F swap.state
[root@serv squid]#
[root@serv squid]# cd 00
[root@serv 00]# ls
00 0D 1A 27 34 41 4E 5B 68 75 82 8F 9C A9 B6 C3 D0 DD EA F7
01 0E 1B 28 35 42 4F 5C 69 76 83 90 9D AA B7 C4 D1 DE EB F8
02 0F 1C 29 36 43 50 5D 6A 77 84 91 9E AB B8 C5 D2 DF EC F9
03 10 1D 2A 37 44 51 5E 6B 78 85 92 9F AC B9 C6 D3 E0 ED FA
04 11 1E 2B 38 45 52 5F 6C 79 86 93 A0 AD BA C7 D4 E1 EE FB
05 12 1F 2C 39 46 53 60 6D 7A 87 94 A1 AE BB C8 D5 E2 EF FC
06 13 20 2D 3A 47 54 61 6E 7B 88 95 A2 AF BC C9 D6 E3 F0 FD
07 14 21 2E 3B 48 55 62 6F 7C 89 96 A3 B0 BD CA D7 E4 F1 FE
08 15 22 2F 3C 49 56 63 70 7D 8A 97 A4 B1 BE CB D8 E5 F2 FF
09 16 23 30 3D 4A 57 64 71 7E 8B 98 A5 B2 BF CC D9 E6 F3
0A 17 24 31 3E 4B 58 65 72 7F 8C 99 A6 B3 C0 CD DA E7 F4
0B 18 25 32 3F 4C 59 66 73 80 8D 9A A7 B4 C1 CE DB E8 F5
0C 19 26 33 40 4D 5A 67 74 81 8E 9B A8 B5 C2 CF DC E9 F6
[root@serv 00]#
[root@serv 00]# rpm -ql squid | less
[root@serv 00]# squidclient --help
Usage: squidclient [-arsv] [-i IMS] [-h remote host] [-l local host] [-p port] [-m method] [-t count] [-I ping-interval] [-H 'strings'] [-T timeout] url
Options:
-P file PUT request.
-a Do NOT include Accept: header.
-r Force cache to reload URL.
-s Silent. Do not print data to stdout.
-v Verbose. Print outgoing message to stderr.
-i IMS If-Modified-Since time (in Epoch seconds).
-h host Retrieve URL from cache on hostname. Default is localhost.
-l host Specify a local IP address to bind to. Default is none.
-p port Port number of cache. Default is 3128.
-m method Request method, default is GET.
-t count Trace count cache-hops
-g count Ping mode, "count" iterations (0 to loop until interrupted).
-I interval Ping interval in seconds (default 1 second).
-H 'string' Extra headers to send. Use '\n' for new lines.
-T timeout Timeout value (seconds) for read/write operations.
-u user Proxy authentication username
-w password Proxy authentication password
-U user WWW authentication username
-W password WWW authentication password
[root@serv 00]#
[root@serv 00]# squidclient -v http://www.google.com
headers: 'GET http://www.google.com HTTP/1.0
Accept: */*
'
HTTP/1.0 302 Moved Temporarily
Location: http://www.google.co.kr/
Cache-Control: private
Set-Cookie: PREF=ID=d0f8b144109efc3d:TM=1175062797:LM=1175062797:S=fLtiuk6dFdOP4Btl; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Content-Type: text/html
Server: GWS/2.1
Content-Length: 221
Date: Wed, 28 Mar 2007 06:19:57 GMT
X-Cache: MISS from serv.linuzle.com
Proxy-Connection: close
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.co.kr/">here</A>.
</BODY></HTML>
2007-03-28 15:19:56 [1]: 0.135 secs, 4.550058 KB/s (1KB)
[root@serv 00]#
[root@serv 00]# squidclient -g 5 http://www.naver.com
2007-03-28 15:23:22 [1]: 0.097 secs, 734.495812 KB/s (72KB)
2007-03-28 15:23:23 [2]: 0.069 secs, 1039.416327 KB/s (72KB)
2007-03-28 15:23:24 [3]: 0.063 secs, 1133.076017 KB/s (72KB)
2007-03-28 15:23:25 [4]: 0.072 secs, 993.706597 KB/s (72KB)
2007-03-28 15:23:26 [5]: 0.086 secs, 830.362009 KB/s (72KB)
5 requests, round-trip (secs) min/avg/max = 0.063/0.077/0.097
[root@serv 00]# squidclient -g 5 http://www.whitehouse.gov
2007-03-28 15:23:17 [1]: 0.016 secs, 1873.107910 KB/s (30KB)
2007-03-28 15:23:18 [2]: 0.018 secs, 1664.984809 KB/s (30KB)
2007-03-28 15:23:19 [3]: 0.014 secs, 2140.694754 KB/s (30KB)
2007-03-28 15:23:20 [4]: 0.019 secs, 1577.354030 KB/s (30KB)
2007-03-28 15:23:21 [5]: 0.016 secs, 1873.107910 KB/s (30KB)
5 requests, round-trip (secs) min/avg/max = 0.014/0.016/0.019
[root@serv 00]#
proxy
- transparent(투명)
- normal(수동)
프락시서버 구축 실습
vmware로 윈도2003(ip주소:192.168.x.100) 부팅(프록시서버를 게이트웨이로 두어 하단 네트웍에 물려 있어야 함)
익스플로러->인터넷옵션->연결->LAN설정->프록시
프록시서버로 사용하는 serv컴의 ip주소(192.168.58.10)를 입력하면 된다.
ip주소가 192.168.58.100인 호스트에서 웹브라우저로 인터넷 접속시 모든 사이트를 프록시에서 차단하려면 아래와 같이 설정하면 된다.
serv 설정
[root@serv 00]# vi /etc/squid/squid.conf
아래와 같이 수정
예) 내부 네트워크의 특정 컴퓨터()가 업무는 하지 않고 도박사이트에 자주 들어가는 것이 로그에 기록되어 있는 것을 확인했다. 그 컴퓨터의 웹사이트 접속을 모두 차단하고자 한다.
-acl badhost src 192.168.x.30
http_access deny badhost
-acl badhost src 192.168.x.20
acl badhost src 192.168.x.33
acl badhost src 192.168.x.215
http_access deny badhost
-acl badhost src "/etc/squid/badhost"
http_access deny badhost
"/etc/squid/badhost"->192.168.x.33
192.168.x.179
1837 acl inter_network src 192.168.58.0/24
1838
1839 acl badhost src 192.168.58.100
1840 # TAG: http_access
1841 # Allowing or Denying access based on defined access lists
1842 #
1885 http_access allow localhost
1886
1887 http_access deny badhost
1888
1889 http_access allow inter_network
1890
1891 http_access deny all
이제 프락시서버에서 차단시킨 ip가 192.68.58.100인 호스트에서 웹브라우저로 아무 사이트나 접속을 시도(예:http://www.bmw.com/에 접속 시도)하면 아래와 같이 차단되었다는 메시지가 뜬다.
한글로 출력하고 싶으면 /etc/squid/squid.conf 파일을 아래와 같이 수정합니다.
Keyword filtering
acl badword url_regex -i "/etc/squid/badword"
http_access deny badword
▼ /etc/squid/badword 파일의 내용
이제 검색사이트 등을 통해 위 리스트의 단어들을 검색하면 접근이 거부된다.
