Proxy Server

정의

프록시(Proxy)란 단어가 뜻하듯 '대리인'의 역할을 하는 서버
웹 환경에서 프록시 서버는 웹 클라이언트와 웹 서버 사이에서 요청한 데이터를 전달하는 역할
한번 전송한 데이터를 캐시에 저장한 후, 같은 데이터를 또 요청할 경우에 캐시에 저장된 것을 보내줌

Forward Proxy 실습

[root@localhost ~]# ping 8.8.8.8
[root@localhost ~]# dnf -y install epel-release
[root@localhost ~]# dnf -y install squid
[root@localhost ~]# squid --version
Squid Cache: Version 5.5
Service Name: squid
~~

[root@localhost ~]# systemctl start squid.service 
[root@localhost ~]# systemctl status squid.service 
● squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset: disabled)
     Active: active (running) since Fri 2024-03-22 09:26:02 KST; 11s ago
     
--원본 복원파일 생성
[root@localhost ~]# cp /etc/squid/squid.conf /etc/squid/.squid.conf.bak
[root@localhost ~]# cd /etc/squid/
[root@localhost squid]# ls -al
합계 68
drwxr-xr-x.   2 root root   4096  3월 22 09:34 .
drwxr-xr-x. 133 root root   8192  3월 22 09:23 ..
-rw-r-----.   1 root root   2488  3월 22 09:34 .squid.conf.bak

[root@localhost squid]# vi squid.conf
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
#acl localnet src 10.0.0.0/8            # RFC 1918 local private network (LAN)
#acl localnet src 100.64.0.0/10         # RFC 6598 shared address space (CGN)
#acl localnet src 169.254.0.0/16        # RFC 3927 link-local (directly plugged) machines
#acl localnet src 172.16.0.0/12         # RFC 1918 local private network (LAN)
#acl localnet src 192.168.0.0/16                # RFC 1918 local private network (LAN)
#acl localnet src fc00::/7              # RFC 4193 local private network range
#acl localnet src fe80::/10             # RFC 4291 link-local (directly plugged) machines
acl localnet 172.16.0.0/24

[root@localhost squid]# squid -k parse
2024/03/22 09:38:28| Processing: acl localnet 172.16.0.0/24
2024/03/22 09:38:28| FATAL: Invalid ACL type '172.16.0.0/24'

[root@localhost squid]# tail -f /var/log/squid/access.log 
1711068758.724     67 172.16.0.150 TCP_TUNNEL/200 14204 CONNECT siape.veta.naver.com:443 - HIER_DIRECT/110.93.154.74 -
1711068758.730     70 172.16.0.150 TCP_TUNNEL/200 14151 CONNECT siape.veta.naver.com:443 - HIER_DIRECT/110.93.154.74 -
1711068758.732     68 172.16.0.150 TCP_TUNNEL/200 6760 CONNECT siape.veta.naver.com:443 - HIER_DIRECT/110.93.154.74 -
1711068758.850    110 172.16.0.150 TCP_TUNNEL/200 10692 CONNECT gfp.veta.naver.com:443 - HIER_DIRECT/210.89.168.70 -
1711068758.994    132 172.16.0.150 TCP_MISS/200 866 POST http://ocsp.pki.goog/gts1c3 - HIER_DIRECT/172.217.27.35 application/ocsp-response
1711068759.100    406 172.16.0.150 TCP_TUNNEL/200 5946 CONNECT safebrowsing.googleapis.com:443 - HIER_DIRECT/172.217.25.10 -
1711068759.239    246 172.16.0.150 TCP_MISS/200 1105 POST http://ocsp.sectigo.com/ - HIER_DIRECT/172.64.149.23 application/ocsp-response
1711068759.399     62 172.16.0.150 TCP_TUNNEL/200 4684 CONNECT siape.veta.naver.com:443 - HIER_DIRECT/110.93.154.74 -
1711068763.824   4027 172.16.0.150 TCP_TUNNEL/200 7260 CONNECT tivan.naver.com:443 - HIER_DIRECT/223.130.192.205 -
1711068763.836   4896 172.16.0.150 TCP_TUNNEL/200 9824 CONNECT tivan.naver.com:443 - HIER_DIRECT/223.130.192.205 -

[root@localhost squid]# systemctl stop squid.service 
[root@localhost squid]# systemctl status squid.service 
○ squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset: disabled)
     Active: inactive (dead)

[root@localhost squid]# systemctl start squid.service
[root@localhost squid]# systemctl status squid.service 
● squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; preset: disabled)
     Active: active (running) since Fri 2024-03-22 09:47:19 KST; 7min ago

클라이언트 1