Web Proxies
Proxies: Introduction
A proxy is an intermediary application that sits between clients and servers.
Typically used to Control access, record activities and convert between protocols. Proxies exist for many different protocols SMTP/email DNS HTTP/Web IRC/IM/Chat.
Proxies: Web Objects
With a web proxy, we have the opportunity to cache and reuse certain server responses. When caching; we usually talk about objects.
For example: An HTML page A JPEG image A PDF document Flash animation.
Objects are identified by URL (Uniform Resource Locator).Note that sometimes the term web page refers to a number of different objects (HTML, images, etc).
Caching
Caching: Requests and Responses
Browsers (clients) send HTTP requests? Origin servers send HTTP responses (objects).A response may be cacheable, depending on both request and response headers. For example, a response that required user authentication is usually not cacheable. Origin servers may provide specific caching instructions:
Cacheable/ Uncacheable Cache validator Freshness time-to-live (TTL)
Caching: Fresh v/s Stale
Cached responses may be reused and sent to clients if they are still fresh Freshness is determined by an explicit TTL value from the server. We can make a cache validation request, a.k.a. conditional request using simple heuristics (rules). Freshness/staleness may also be determined by client requirements or preferences.
Squid
Squid: Introduction
This is a free Open Source Software designed for UNIX which runs on Windows. Speaks HTTP to clients (browsers) not an email proxy not an IRC/IM proxy not a telnet proxy sort of an FTP proxy
Squid: Versions
Squid-2.6 is current stable release. Squid-3.0 is current development release. BWMO book discusses some Squid-3.x features. I will assume Squid-2.x here.
Squid: Installation
Easiest way is via OS software package installer. ? On Ubuntu use GUI, or: sudo apt-get install squid. Or, get source code from www.squid-cache.org, ftp.squidcache.org, or mirror site, then:
tar xzvf squid-version.tar.gz
cd squid-version
./configure
make
make install
Squid: squid.conf
See /etc/squid/squid.conf . There are lots of comments for documentation. To see the relevant non-commented lines: $ grep -v ^# squid.conf | grep . | less
squid.conf: Important Bits
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_mem 8 MB
cache_effective_user proxy
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
visible_hostname squid.domain.tld
Squid: Starting at Boot
Ubuntu Linux probably adds Squid to the startup scripts for you. If not, you can run $ sudo update-rc.d squid defaults ? Or, to disable: $ sudo update-rc.d -f squid remove
Squid: Starting and Stopping
# /etc/init.d/squid stop ? # /etc/init.d/squid start ?
# /etc/init.d/squid restart ? # /etc/init.d/squid reload
Squid: Logfiles
/var/log/squid/cache.log Contains run-time status messages, warnings, and errors. ? /var/log/squid/access.log One line for each client request, including URL, bytes transferred, status code, and more. ? /var/log/squid/store.log Transaction log for objects that enter and leave the cache. ? Open a new terminal window and run: $ tail -f /var/log/squid/cache.log ? Open another new terminal window and run: $ tail -f /var/log/squid/access.log.
Squid ACLs
ACLs: Very Important
It is very important that you allow access to Squid from only your local users or people that you trust. An open proxy will be abused by people that download pornography, post hateful messages, and make purchases with fraudulent credit cards. Those transactions will be traced back to your IP address. Your IP address may be listed in an Open Proxy blacklist.
Access control to the proxy server
Access control is determined using two sets of configuration parameters. The first is the access control list (acl), and the second is the http_access list (http_access). The acl really defines a synonym that we can use within the http_access list.
The general form of these acl lists is:
acl aclname acltype string1 | file
Different ACL types are
acltypes
can be any of (this is not the whole list!):
Once weve defined the acl, we can use that to define the http_access files. We showed an example in the time acltype above,
The general format of the http_access directive is:
http_access allow|deny [!]aclname
Thus, if we have an acl as follows:
acl allowed_clients src 192.168.1.0/255.255.255.0
The http_access line could read:
http_access allow allowed_clients
Alternatively
http_access deny !allowed_clients
lets look at some examples of acls
Article Authored By Shamsheer
Author, Shamsheer, was a Systems Engineer with SupportPRO. Shamsheer was specialized in Cpanel and Linux servers. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.
If you require help, contact SupportPRO Server Admin