SQUID PROXY SERVER
Kushal Bansal
10703053
TRAINING
Modules covered:
•RH 033
•RH 133
•RH 253
DECIDING
PROJECT
•Interesting servers
•ProxyServers: Special as restrict users and very
important in current scenario
•Biggest configuration file
•Capabilities
WHAT IS PROXY
SERVER??
•A web proxy server is a useful service to have on your
network, or between your network and the Internet, as it
provides an extra security layer that insulates your users
from the Internet
•A proxy-server provides Internet access to different users
at same time i.e. by sharing a single Internet connection ,
content filtering, sharing, security etc.
SQUID
•Squid offers a rich access control, authorization and
logging environment to develop web proxy and content
serving applications
•Squidis a caching proxy for the Web supporting HTTP,
HTTPS, FTP, and more. It reduces bandwidth and
improves response times by caching and reusing
frequently-requested web pages.
SQUID cont..
•Operating Systems
•GNU GPL
•Website Content Acceleration and Distribution
Why
Proxy Server?
•Can't I just buy more bandwidth??
•Exponential growth in web content
•content should be validated, revalidated and cached
•extrafeatures e.g. powerful access control,
authorization, logging, traffic management
Cont..
•ForContent Delivery Providers: distribute your content
worldwide
•For ISPs: Save on bandwidth, improve user experience
•ForWebsites: Scale your application without massive
investment in hardware and development time
ACCELERATOR MODE
•Some cache servers can act as web servers (or vice
versa).
•Squidnot configured in this way(only web cache, not
web server), translation concept used
•Hitrate increases due to caching
•Don’t use everywhere
CASE STUDY:
WIKIMEDIA
“[The Squid systems] are currently running at a hit-rate
of approximately 75%, effectively quadrupling the
capacity of the Apache servers behind them. This is
particularly noticeable when a large surge of traffic
arrives directed to a particular page via a web link from
another site, as the caching efficiency for that page will
be nearly 100%”-Wikimedia Deployment Information.
INSTALLATION
•OS
•Hardware Requirements
•32 MB of RAM are required for every GB
•Disk random seek time
•Amount of system memory
•Sustained disk throughput
•CPU power
Cont..
•2 ways
•Using yum server
1. install yum server
2. Yum –y install squid-*
Cont…
•UsingRPM
1. rpm -ivh squid-2.3.STABLE4-10.i386.rpm
CONFIGURATION
•Configuration file of squid is
/etc/squid/squid.conf
•Open using vim editor
PORTNO
• Communication with external world
•Default is 3128
•Choose wisely
• e.g. http_port 8080
ACL ELEMENTS
•access to Internet can be controlled using
•Acl elements and access lists
•particulartime interval, caching, access to particular or
group of sites
IMPORTANAT
ACL ELEMENTS
•src : Source i.e. client's IP addresses
•dst : Destination i.e. server's IP addresses
•srcdomain : Source i.e. client's domain name
•dstdomain : Destination i.e. server's domain name
•time : Time of day and day of week
Cont..
•url_regex : URL regular expression pattern matching
•urlpath_regex: URL-path regular expression pattern
•proxy_auth : User authentication through external
processes
•maxconn : Maximum number of connections limit from a
single client IP address
ACL STATEMENT
FORMAT
•acl acl_element_name type_of_acl_element
values_to_acl
•e.g.
acl linux src 10.0.0.1
ACCESS LIST
•http_access: Allows