Squid Proxy Server 3.1: Beginner's Guide

Squid Proxy Server 3.1: Beginner's Guide

Overview of this book

Squid Proxy Server enables you to cache your web content and return it quickly on subsequent requests. System administrators often struggle with delays and too much bandwidth being used, but Squid solves these problems by handling requests locally. By deploying Squid in accelerator mode, requests are handled faster than on normal web servers making your site perform quicker than everyone else's! Squid Proxy Server 3.1 Beginner's Guide will help you to install and configure Squid so that it is optimized to enhance the performance of your network. The Squid Proxy Server reduces the amount of effort that you will have to put in, saving your time to get the most out of your network. Whether you only run one site, or are in charge of a whole network, Squid is an invaluable tool that improves performance immeasurably. Caching and performance optimization usually requires a lot of work on the developer's part, but Squid does all that for you. This book will show you how to get the most out of Squid by customizing it for your network. You will learn about the different configuration options available and the transparent and accelerated modes that enable you to focus on particular areas of your network. Applying proxy servers to large networks can be a lot of work as you have to decide where to place restrictions and who should have access, but the straightforward examples in this book will guide you through step by step so that you will have a proxy server that covers all areas of your network by the time you finish the book.

Squid Proxy Server 3.1 Beginner's Guide

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

Free Chapter

Getting Started with Squid

Proxy server

Reverse proxy

Getting Squid

Time for action – identifying the right version

Time for action – downloading Squid

Time for action – using Bazaar to obtain source code

Installing Squid

Time for action – running the configure command

Time for action – compiling the source

Time for action – installing Squid

Time for action – exploring Squid files

Summary

Configuring Squid

Quick start

Syntax of the configuration file

HTTP port

Time for action – setting the HTTP port

Access control lists

Time for action – constructing simple ACLs

Controlling access to the proxy server

Time for action – combining ACLs and HTTP access

Cache peers or neighbors

Time for action – adding a cache peer

Caching web documents

Time for action – specifying space for memory caching

Time for action – creating a cache directory

Time for action – adding a cache directory

Tuning Squid for enhanced caching

Time for action – preventing the caching of local content

Time for action – calculating the freshness of cached objects

Playing around with HTTP headers

DNS server configuration

Time for action – adding DNS name servers

Logging

URL rewriters and redirectors

Other configuration directives

Summary

Running Squid

Command line options

Time for action – listing the options

Time for action – finding out the Squid version

Time for action – creating cache directories

Time for action – debugging output in the console

Time for action – testing our configuration file

Automatically starting Squid at system startup

Time for action – adding the init script

Summary

Getting Started with Squid's Powerful ACLs and Access Rules

Access control lists

Time for action – constructing ACL lists using IP addresses

Time for action – using a range of IP addresses to build ACL lists

Time for action – constructing ACL lists using domain names

Time for action – building ACL lists using destination ports

Time for action – using a request protocol to construct access rules

Time for action – enforcing proxy authentication

Access list rules

Time for action – denying miss_access to neighbors

Mixing ACL lists and rules – example scenarios

Time for action – avoiding caching of local content

Time for action – blocking video content

Time for action – writing rules for special access

Testing access control with squidclient

Time for action – testing our access control example with squidclient

Time for action – testing a complex access control

Summary

Understanding Log Files and Log Formats

Log messages

Cache log or debug log

Time for action – understanding the cache log

Access log

Time for action – understanding the access log messages

Time for action – analyzing a syntax to specify access log

Time for action – learning log format and format codes

Time for action – customizing the access log with a new log format

Selective logging of requests

Time for action – using access_log to control logging of requests

Referer log

Time for action – enabling the referer log

Time for action – translating the referer logs to a human-readable format

User agent log

Time for action – enabling user agent logging

Emulating HTTP server-like logs

Time for action – enabling HTTP server log emulation

Log file rotation

Other log related features

Summary

Managing Squid and Monitoring Traffic

Cache manager

Time for action – installing Apache Web server

Time for action – configuring Apache to use cachemgr.cgi

Log file analyzers

Time for action – installing Calamaris

Time for action – generating stats in plain text format

Time for action – generating graphical reports with Calamaris

Summary

Protecting your Squid Proxy Server with Authentication

HTTP authentication

Basic authentication

Time for action – exploring Basic authentication

Time for action – configuring NCSA authentication

Time for action – configuring PAM service

Time for action – configuring MSNT authentication

Time for action – configuring Squid to use SASL authentication

Time for action – configuring RADIUS authentication

Digest authentication

Time for action – configuring Digest authentication

Microsoft NTLM authentication

Negotiate authentication

Time for action – configuring Negotiate authentication

Using multiple authentication schemes

Writing a custom authentication helper

Time for action – writing a helper program

Making non-concurrent helpers concurrent

Common issues with authentication

Summary

Building a Hierarchy of Squid Caches

Cache hierarchies

Reasons to use hierarchical caching

Problems with hierarchical caching

Joining a cache hierarchy

Time for action – joining a cache hierarchy

Controlling communication with peers

Time for action – configuring Squid for domain-based forwarding

Time for action – forwarding requests to cache peers using ACLs

Time for action – configuring Squid to switch peer relationship

Peer communication protocols

Summary

Squid in Reverse Proxy Mode

What is reverse proxy mode?

Configuring Squid as a server surrogate

HTTP port

HTTPS port

Time for action – adding backend web servers

Logging messages in web server log format

Time for action – configuring Squid to ignore the browser reloads

Access controls in reverse proxy mode

Summary

Squid in Intercept Mode

Interception caching

Time for action – understanding interception caching

Advantages of interception caching

Problems with interception caching

Diverting HTTP traffic to Squid

Time for action – enabling IP forwarding

Time for action – redirecting HTTP traffic to Squid

Summary

Writing URL Redirectors and Rewriters

URL redirectors and rewriters

Squid, URL redirectors, and rewriters

Time for action – exploring the message flow between Squid and redirectors

Time for action – writing a simple URL redirector program

Writing our own URL redirector program

Time for action – writing our own template for a URL redirector

Configuring Squid

A special URL redirector – deny_info

Popular URL redirectors

Summary

Troubleshooting Squid

Some common issues

Time for action – changing the ownership of log files

Time for action – fixing cache directory permissions

Time for action – creating swap directories

Time for action – finding the program listening on a specific port

Debugging problems

Time for action – debugging HTTP requests

Time for action – debugging access control

Summary

Pop Quiz Answers

Chapter 1, Getting Started with Squid

Chapter 2, Configuring Squid

Chapter 3, Running Squid

Chapter 4, Getting Started with Squid’s Powerful ACLs and Access Rules

Chapter 5, Understanding Log Files and Log Formats

Chapter 6, Managing Squid and Monitoring Traffic

Chapter 7, Protecting your Squid with Authentication

Chapter 8, Building a Hierarchy of Squid Caches

Chapter 9, Squid in Reverse Proxy Mode

Chapter 10, Squid in Intercept Mode

Chapter 11: Writing URL Redirectors and Rewriters

Chapter 12: Troubleshooting Squid

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Time for action – redirecting HTTP traffic to Squid

Let's have a quick look at the configuration we need to perform. For the following, we'll assume that the IP for the Squid proxy server is 192.0.2.25.

Working with Linux:
To redirect traffic destined to port 80, we can use iptables as follows:
```
iptables -t nat -A PREROUTING -s 192.0.2.25 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.0.2.25:3128
iptables -t nat -A POSTROUTING -j MASQUERADE
```
In the previous list of commands, the first command prevents the redirecting HTTP traffic from the Squid server itself. If we don't have the first line in place, we'll face forwarding loops and requests will not be satisfied. The second command captures all the traffic on port 80 and redirects it to the IP address to which Squid is bound and port 3128 where Squid is listening. The last command allows Network Address Translation (NAT , for more details, please check http://en.wikipedia.org/wiki/Network_address_translation...

Squid Proxy Server 3.1: Beginner's Guide

Squid Proxy Server 3.1: Beginner's Guide

Overview of this book

Related Content you might be interested in

Current Title:

Squid Proxy Server 3.1: Beginner's Guide

Time for action – redirecting HTTP traffic to Squid