Book description
Reduce bandwidth use and deliver your most frequently requested web pages more quickly with Squid Proxy Server. This guide will introduce you to the fundamentals of the caching system and help you get the most from Squid.
- Get the most out of your network connection by customizing Squid's access control lists and helpers
- Set up and configure Squid to get your website working quicker and more efficiently
- No previous knowledge of Squid or proxy servers is required
- Part of Packt's Beginner's Guide series: lots of practical, easy-to-follow examples accompanied by screenshots
In Detail
Squid Proxy Server enables you to cache your web content and return it quickly on subsequent requests. System administrators often struggle with delays and too much bandwidth being used, but Squid solves these problems by handling requests locally. By deploying Squid in accelerator mode, requests are handled faster than on normal web servers making your site perform quicker than everyone else's!
Squid Proxy Server 3.1 Beginner's Guide will help you to install and configure Squid so that it is optimized to enhance the performance of your network. The Squid Proxy Server reduces the amount of effort that you will have to put in, saving your time to get the most out of your network. Whether you only run one site, or are in charge of a whole network, Squid is an invaluable tool that improves performance immeasurably. Caching and performance optimization usually requires a lot of work on the developer's part, but Squid does all that for you. This book will show you how to get the most out of Squid by customizing it for your network. You will learn about the different configuration options available and the transparent and accelerated modes that enable you to focus on particular areas of your network.
Applying proxy servers to large networks can be a lot of work as you have to decide where to place restrictions and who should have access, but the straightforward examples in this book will guide you through step by step so that you will have a proxy server that covers all areas of your network by the time you finish the book.
A practical guide to implementing the Squid Proxy Server in your network or for your website
Table of contents
-
Squid Proxy Server 3.1 Beginner's Guide
- Table of Contents
- Squid Proxy Server 3.1 Beginner's Guide
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Getting Started with Squid
- Proxy server
- Reverse proxy
- Getting Squid
- Time for action – identifying the right version
- Time for action – downloading Squid
- Time for action – using Bazaar to obtain source code
-
Installing Squid
-
Installing Squid from source code
- Compiling Squid
- Uncompressing the source archive
-
Configure or system check
- --prefix
- --enable-gnuregex
- --disable-inline
- --disable-optimizations
- --enable-storeio
- --enable-removal-policies
- --enable-icmp
- --enable-delay-pools
- --enable-esi
- --enable-useragent-log
- --enable-referer-log
- --disable-wccp
- --disable-wccpv2
- --disable-snmp
- --enable-cachemgr-hostname
- --enable-arp-acl
- --disable-htcp
- --enable-ssl
- --enable-cache-digests
- --enable-default-err-language
- --enable-err-languages
- --disable-http-violations
- --enable-ipfw-transparent
- --enable-ipf-transparent
- --enable-pf-transparent
- --enable-linux-netfliter
- --enable-follow-x-forwarded-for
- --disable-ident-lookups
- --disable-internal-dns
- --enable-default-hostsfile
- --enable-auth
- --enable-auth-basic
- --enable-auth-ntlm
- --enable-auth-negotiate
- --enable-auth-digest
- --enable-ntlm-fail-open
- --enable-external-acl-helpers
- --disable-translation
- --disable-auto-locale
- --disable-unlinkd
- --with-default-user
- --with-logdir
- --with-pidfile
- --with-aufs-threads
- --without-pthreads
- --with-openssl
- --with-large-files
- --with-filedescriptors
- Have a go hero – file descriptors
-
Installing Squid from source code
- Time for action – running the configure command
- Time for action – compiling the source
- Time for action – installing Squid
- Time for action – exploring Squid files
- Summary
-
2. Configuring Squid
- Quick start
- Syntax of the configuration file
- HTTP port
- Time for action – setting the HTTP port
- Access control lists
- Time for action – constructing simple ACLs
- Controlling access to the proxy server
- Time for action – combining ACLs and HTTP access
- Cache peers or neighbors
- Time for action – adding a cache peer
- Caching web documents
- Time for action – specifying space for memory caching
- Time for action – creating a cache directory
- Time for action – adding a cache directory
- Tuning Squid for enhanced caching
- Time for action – preventing the caching of local content
- Time for action – calculating the freshness of cached objects
- Playing around with HTTP headers
- DNS server configuration
- Time for action – adding DNS name servers
- Logging
- URL rewriters and redirectors
- Other configuration directives
- Summary
-
3. Running Squid
- Command line options
- Time for action – listing the options
- Time for action – finding out the Squid version
- Time for action – creating cache directories
- Time for action – debugging output in the console
- Time for action – testing our configuration file
- Automatically starting Squid at system startup
- Time for action – adding the init script
- Summary
-
4. Getting Started with Squid's Powerful ACLs and Access Rules
- Access control lists
- Time for action – constructing ACL lists using IP addresses
- Time for action – using a range of IP addresses to build ACL lists
- Time for action – constructing ACL lists using domain names
- Time for action – building ACL lists using destination ports
- Time for action – using a request protocol to construct access rules
- Time for action – enforcing proxy authentication
- Access list rules
-
Time for action – denying miss_access to neighbors
- What just happened?
- Requesting neighbor proxy servers
- Have a go hero – make a list of proxy servers in your network
- Forwarding requests to remote servers
- Ident lookup access
- Controlled caching of web documents
- URL rewrite access
- HTTP header access
- Custom error pages
- Have a go hero – custom access denied page
- Maximum size of the reply body
- Logging requests selectively
- Mixing ACL lists and rules – example scenarios
- Time for action – avoiding caching of local content
- Time for action – blocking video content
- Time for action – writing rules for special access
- Testing access control with squidclient
- Time for action – testing our access control example with squidclient
- Time for action – testing a complex access control
- Summary
-
5. Understanding Log Files and Log Formats
- Log messages
- Cache log or debug log
- Time for action – understanding the cache log
- Access log
- Time for action – understanding the access log messages
- Time for action – analyzing a syntax to specify access log
- Time for action – learning log format and format codes
- Time for action – customizing the access log with a new log format
- Selective logging of requests
- Time for action – using access_log to control logging of requests
- Referer log
- Time for action – enabling the referer log
- Time for action – translating the referer logs to a human-readable format
- User agent log
- Time for action – enabling user agent logging
- Emulating HTTP server-like logs
- Time for action – enabling HTTP server log emulation
- Log file rotation
- Other log related features
- Summary
-
6. Managing Squid and Monitoring Traffic
- Cache manager
- Time for action – installing Apache Web server
- Time for action – configuring Apache to use cachemgr.cgi
- Log file analyzers
- Time for action – installing Calamaris
- Time for action – generating stats in plain text format
- Time for action – generating graphical reports with Calamaris
- Summary
-
7. Protecting your Squid Proxy Server with Authentication
- HTTP authentication
- Basic authentication
- Time for action – exploring Basic authentication
- Time for action – configuring NCSA authentication
- Time for action – configuring PAM service
- Time for action – configuring MSNT authentication
- Time for action – configuring Squid to use SASL authentication
- Time for action – configuring RADIUS authentication
- Digest authentication
- Time for action – configuring Digest authentication
- Microsoft NTLM authentication
- Negotiate authentication
- Time for action – configuring Negotiate authentication
- Using multiple authentication schemes
- Writing a custom authentication helper
- Time for action – writing a helper program
- Making non-concurrent helpers concurrent
- Common issues with authentication
- Summary
-
8. Building a Hierarchy of Squid Caches
- Cache hierarchies
- Reasons to use hierarchical caching
- Problems with hierarchical caching
- Joining a cache hierarchy
- Time for action – joining a cache hierarchy
- Controlling communication with peers
- Time for action – configuring Squid for domain-based forwarding
- Time for action – forwarding requests to cache peers using ACLs
- Time for action – configuring Squid to switch peer relationship
- Peer communication protocols
- Summary
-
9. Squid in Reverse Proxy Mode
- What is reverse proxy mode?
- Configuring Squid as a server surrogate
- HTTP port
- HTTPS port
- Time for action – adding backend web servers
- Logging messages in web server log format
- Time for action – configuring Squid to ignore the browser reloads
-
Access controls in reverse proxy mode
- Squid in only reverse proxy mode
- Squid in reverse proxy and forward proxy mode
- Example configurations
- Web server and Squid server on the same machine
- Accelerating multiple backend web servers hosting one website
- Accelerating multiple web servers hosting multiple websites
- Have a go hero – set up a Squid proxy server in reverse proxy mode
- Pop quiz
- Summary
- 10. Squid in Intercept Mode
-
11. Writing URL Redirectors and Rewriters
- URL redirectors and rewriters
- Squid, URL redirectors, and rewriters
- Time for action – exploring the message flow between Squid and redirectors
- Time for action – writing a simple URL redirector program
- Writing our own URL redirector program
- Time for action – writing our own template for a URL redirector
- Configuring Squid
- A special URL redirector – deny_info
- Popular URL redirectors
- Summary
-
12. Troubleshooting Squid
- Some common issues
- Time for action – changing the ownership of log files
- Time for action – fixing cache directory permissions
- Time for action – creating swap directories
-
Time for action – finding the program listening on a specific port
- For Linux-based operating systems
- For OpenBSD and NetBSD
- For FreeBSD and DragonFlyBSD
- What just happened?
- URLs with underscore results in an invalid URL
- Squid becomes slow over time
- The request or reply is too large
- Access denied on the proxy server
- Connection refused when reaching a sibling proxy server
- Debugging problems
- Time for action – debugging HTTP requests
- Time for action – debugging access control
- Summary
-
A. Pop Quiz Answers
- Chapter 1, Getting Started with Squid
- Chapter 2, Configuring Squid
- Chapter 3, Running Squid
- Chapter 4, Getting Started with Squid’s Powerful ACLs and Access Rules
- Chapter 5, Understanding Log Files and Log Formats
- Chapter 6, Managing Squid and Monitoring Traffic
- Chapter 7, Protecting your Squid with Authentication
- Chapter 8, Building a Hierarchy of Squid Caches
- Chapter 9, Squid in Reverse Proxy Mode
- Chapter 10, Squid in Intercept Mode
- Chapter 11: Writing URL Redirectors and Rewriters
- Chapter 12: Troubleshooting Squid
- Index
Product information
- Title: Squid Proxy Server 3.1 Beginner's Guide
- Author(s):
- Release date: February 2011
- Publisher(s): Packt Publishing
- ISBN: 9781849513906
You might also like
book
Packet Analysis with Wireshark
Leverage the power of Wireshark to troubleshoot your networking issues by using effective packet analysis techniques …
book
Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition
Cisco® ASA All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition Identify, mitigate, and respond to …
book
Mastering Ubuntu Server - Second Edition
Get up-to-date with the finer points of Ubuntu Server using this comprehensive guide About This Book …
book
CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide
The official Cisco Press Certification Guide designed to help candidates prepare for the new SNCF 300-710 …