Home Technical Articles Squid
Technical Articles

Squid

by SupportPRO Admin
written by SupportPRO Admin

Web Proxies

Proxies: Introduction

A proxy is an intermediary application that sits between clients and servers.

Typically used to Control access, record activities and convert between protocols. Proxies exist for many different protocols SMTP/email DNS HTTP/Web IRC/IM/Chat.

Proxies: Web Objects

With a web proxy, we have the opportunity to cache and reuse certain server responses. When caching; we usually talk about objects.

For example: An HTML page A JPEG image A PDF document Flash animation.

Objects are identified by URL (Uniform Resource Locator).Note that sometimes the term web page refers to a number of different objects (HTML, images, etc).

Caching

Caching: Requests and Responses

Browsers (clients) send HTTP requests? Origin servers send HTTP responses (objects).A response may be cacheable, depending on both request and response headers. For example, a response that required user authentication is usually not cacheable. Origin servers may provide specific caching instructions:

Cacheable/ Uncacheable Cache validator Freshness time-to-live (TTL)

Caching: Fresh v/s Stale

Cached responses may be reused and sent to clients if they are still fresh Freshness is determined by an explicit TTL value from the server. We can make a cache validation request, a.k.a. conditional request using simple heuristics (rules). Freshness/staleness may also be determined by client requirements or preferences.

Squid

Squid: Introduction

This is a free Open Source Software designed for UNIX which runs on Windows. Speaks HTTP to clients (browsers) not an email proxy not an IRC/IM proxy not a telnet proxy sort of an FTP proxy

Squid: Versions

Squid-2.6 is current stable release. Squid-3.0 is current development release. BWMO book discusses some Squid-3.x features. I will assume Squid-2.x here.

Squid: Installation

Easiest way is via OS software package installer. ? On Ubuntu use GUI, or: sudo apt-get install squid. Or, get source code from www.squid-cache.org, ftp.squidcache.org, or mirror site, then:

tar xzvf squid-version.tar.gz

cd squid-version

./configure

make

make install

Squid: squid.conf

See /etc/squid/squid.conf . There are lots of comments for documentation. To see the relevant non-commented lines: $ grep -v ^# squid.conf | grep . | less

squid.conf: Important Bits

http_port 3128

cache_dir ufs /var/spool/squid 1000 16 256

cache_mem 8 MB

cache_effective_user proxy

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

visible_hostname squid.domain.tld

Squid: Starting at Boot

Ubuntu Linux probably adds Squid to the startup scripts for you. If not, you can run $ sudo update-rc.d squid defaults ? Or, to disable: $ sudo update-rc.d -f squid remove

Squid: Starting and Stopping

# /etc/init.d/squid stop ? # /etc/init.d/squid start ?

# /etc/init.d/squid restart ? # /etc/init.d/squid reload

Squid: Logfiles

/var/log/squid/cache.log Contains run-time status messages, warnings, and errors. ? /var/log/squid/access.log One line for each client request, including URL, bytes transferred, status code, and more. ? /var/log/squid/store.log Transaction log for objects that enter and leave the cache. ? Open a new terminal window and run: $ tail -f /var/log/squid/cache.log ? Open another new terminal window and run: $ tail -f /var/log/squid/access.log.

Squid ACLs

ACLs: Very Important

It is very important that you allow access to Squid from only your local users or people that you trust. An open proxy will be abused by people that download pornography, post hateful messages, and make purchases with fraudulent credit cards. Those transactions will be traced back to your IP address. Your IP address may be listed in an Open Proxy blacklist.

Access control to the proxy server

Access control is determined using two sets of configuration parameters. The first is the access control list (acl), and the second is the http_access list (http_access). The acl really defines a synonym that we can use within the http_access list.

The general form of these acl lists is:

acl aclname acltype string1 | file

Different ACL types are

acltypes

can be any of (this is not the whole list!):

Once weve defined the acl, we can use that to define the http_access files. We showed an example in the time acltype above,

The general format of the http_access directive is:

http_access allow|deny [!]aclname

Thus, if we have an acl as follows:

acl allowed_clients src 192.168.1.0/255.255.255.0

The http_access line could read:

http_access allow allowed_clients

Alternatively

http_access deny !allowed_clients

lets look at some examples of acls

Article Authored By Shamsheer

Author, Shamsheer, was a Systems Engineer with SupportPRO. Shamsheer was specialized in Cpanel and Linux servers. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Enhancing WordPress Performance with AccelerateWP

Ionice Command: Set I/O Scheduling Class and Priority

Outgoing mail issue in Qmail using configured SMTP...

Heroku

Phusion Passenger Server Explained 

CyberPanel Migration

Mail Assure

How to repair boot failure in GRUB 2...

Amazon IVS

CentOS 7.x and CentOS 8.x.

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

Twitter Facebook Linkedin Rss