Squid Proxy Server 3.1: Beginner's Guide

Book Image

Squid Proxy Server 3.1: Beginner's Guide

Book Image

Squid Proxy Server 3.1: Beginner's Guide

Overview of this book

Squid Proxy Server enables you to cache your web content and return it quickly on subsequent requests. System administrators often struggle with delays and too much bandwidth being used, but Squid solves these problems by handling requests locally. By deploying Squid in accelerator mode, requests are handled faster than on normal web servers making your site perform quicker than everyone else's! Squid Proxy Server 3.1 Beginner's Guide will help you to install and configure Squid so that it is optimized to enhance the performance of your network. The Squid Proxy Server reduces the amount of effort that you will have to put in, saving your time to get the most out of your network. Whether you only run one site, or are in charge of a whole network, Squid is an invaluable tool that improves performance immeasurably. Caching and performance optimization usually requires a lot of work on the developer's part, but Squid does all that for you. This book will show you how to get the most out of Squid by customizing it for your network. You will learn about the different configuration options available and the transparent and accelerated modes that enable you to focus on particular areas of your network. Applying proxy servers to large networks can be a lot of work as you have to decide where to place restrictions and who should have access, but the straightforward examples in this book will guide you through step by step so that you will have a proxy server that covers all areas of your network by the time you finish the book.

Squid Proxy Server 3.1 Beginner's Guide

Squid Proxy Server 3.1 Beginner's Guide

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Getting Started with Squid

Getting Started with Squid

Time for action – identifying the right version

Time for action – downloading Squid

Time for action – using Bazaar to obtain source code

Installing Squid

Time for action – running the configure command

Time for action – compiling the source

Time for action – installing Squid

Time for action – exploring Squid files

Configuring Squid

Configuring Squid

Syntax of the configuration file

Time for action – setting the HTTP port

Access control lists

Time for action – constructing simple ACLs

Controlling access to the proxy server

Time for action – combining ACLs and HTTP access

Cache peers or neighbors

Time for action – adding a cache peer

Caching web documents

Time for action – specifying space for memory caching

Time for action – creating a cache directory

Time for action – adding a cache directory

Tuning Squid for enhanced caching

Time for action – preventing the caching of local content

Time for action – calculating the freshness of cached objects

Playing around with HTTP headers

DNS server configuration

Time for action – adding DNS name servers

URL rewriters and redirectors

Other configuration directives

Running Squid

Command line options

Time for action – listing the options

Time for action – finding out the Squid version

Time for action – creating cache directories

Time for action – debugging output in the console

Time for action – testing our configuration file

Automatically starting Squid at system startup

Time for action – adding the init script

Getting Started with Squid's Powerful ACLs and Access Rules

Getting Started with Squid's Powerful ACLs and Access Rules

Access control lists

Time for action – constructing ACL lists using IP addresses

Time for action – using a range of IP addresses to build ACL lists

Time for action – constructing ACL lists using domain names

Time for action – building ACL lists using destination ports

Time for action – using a request protocol to construct access rules

Time for action – enforcing proxy authentication

Access list rules

Time for action – denying miss_access to neighbors

Mixing ACL lists and rules – example scenarios

Time for action – avoiding caching of local content

Time for action – blocking video content

Time for action – writing rules for special access

Testing access control with squidclient

Time for action – testing our access control example with squidclient

Time for action – testing a complex access control

Understanding Log Files and Log Formats

Understanding Log Files and Log Formats

Cache log or debug log

Time for action – understanding the cache log

Time for action – understanding the access log messages

Time for action – analyzing a syntax to specify access log

Time for action – learning log format and format codes

Time for action – customizing the access log with a new log format

Selective logging of requests

Time for action – using access_log to control logging of requests

Time for action – enabling the referer log

Time for action – translating the referer logs to a human-readable format

Time for action – enabling user agent logging

Emulating HTTP server-like logs

Time for action – enabling HTTP server log emulation

Log file rotation

Other log related features

Managing Squid and Monitoring Traffic

Managing Squid and Monitoring Traffic

Time for action – installing Apache Web server

Time for action – configuring Apache to use cachemgr.cgi

Log file analyzers

Time for action – installing Calamaris

Time for action – generating stats in plain text format

Time for action – generating graphical reports with Calamaris

Protecting your Squid Proxy Server with Authentication

Protecting your Squid Proxy Server with Authentication

HTTP authentication

Basic authentication

Time for action – exploring Basic authentication

Time for action – configuring NCSA authentication

Time for action – configuring PAM service

Time for action – configuring MSNT authentication

Time for action – configuring Squid to use SASL authentication

Time for action – configuring RADIUS authentication

Digest authentication

Time for action – configuring Digest authentication

Microsoft NTLM authentication

Negotiate authentication

Time for action – configuring Negotiate authentication

Using multiple authentication schemes

Writing a custom authentication helper

Time for action – writing a helper program

Making non-concurrent helpers concurrent

Common issues with authentication

Building a Hierarchy of Squid Caches

Building a Hierarchy of Squid Caches

Cache hierarchies

Reasons to use hierarchical caching

Problems with hierarchical caching

Joining a cache hierarchy

Time for action – joining a cache hierarchy

Controlling communication with peers

Time for action – configuring Squid for domain-based forwarding

Time for action – forwarding requests to cache peers using ACLs

Time for action – configuring Squid to switch peer relationship

Peer communication protocols

Squid in Reverse Proxy Mode

Squid in Reverse Proxy Mode

What is reverse proxy mode?

Configuring Squid as a server surrogate

Time for action – adding backend web servers

Logging messages in web server log format

Time for action – configuring Squid to ignore the browser reloads

Access controls in reverse proxy mode

Squid in Intercept Mode

Squid in Intercept Mode

Interception caching

Time for action – understanding interception caching

Advantages of interception caching

Problems with interception caching

Diverting HTTP traffic to Squid

Time for action – enabling IP forwarding

Time for action – redirecting HTTP traffic to Squid

Writing URL Redirectors and Rewriters

Writing URL Redirectors and Rewriters

URL redirectors and rewriters

Squid, URL redirectors, and rewriters

Time for action – exploring the message flow between Squid and redirectors

Time for action – writing a simple URL redirector program

Writing our own URL redirector program

Time for action – writing our own template for a URL redirector

Configuring Squid

A special URL redirector – deny_info

Popular URL redirectors

Troubleshooting Squid

Troubleshooting Squid

Some common issues

Time for action – changing the ownership of log files

Time for action – fixing cache directory permissions

Time for action – creating swap directories

Time for action – finding the program listening on a specific port

Debugging problems

Time for action – debugging HTTP requests

Time for action – debugging access control

Pop Quiz Answers

Pop Quiz Answers

Chapter 1, Getting Started with Squid

Chapter 2, Configuring Squid

Chapter 3, Running Squid

Chapter 4, Getting Started with Squid’s Powerful ACLs and Access Rules

Chapter 5, Understanding Log Files and Log Formats

Chapter 6, Managing Squid and Monitoring Traffic

Chapter 7, Protecting your Squid with Authentication

Chapter 8, Building a Hierarchy of Squid Caches

Chapter 9, Squid in Reverse Proxy Mode

Chapter 10, Squid in Intercept Mode

Chapter 11: Writing URL Redirectors and Rewriters

Chapter 12: Troubleshooting Squid

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Time for action – constructing simple ACLs

Let's construct an access control list for the domain name example.com:

acl example_site dstdomain example.com

In this code, example_site is the name of the ACL with type dstdomain, which reflects that the value, example.com, is the domain name.

Now if we want to construct an access control list which can cover a lot of example websites, we have the following three possible ways of doing it:

Values on a single line: We can specify all the possible values on a single line:
```
acl example_sites dstdomain example.com example.net example.org
```
This works fine as long as there are only a few values.
Values on multiple lines: In case the list of values that we want to specify grows significantly, we can split the list and pass values on multiple lines:
```
acl example_sites dstdomain example.com example.net
acl example_sites dstdomain example.org
```
Values from a file: If case the number of values we want to specify is quite large, we can put them in a dedicated file and...