Squid

A User's Guide

Oskar Pearson


Table of Contents
1. History and Credits
History and Credits
2. Installing Squid
Hardware Requirements
Gathering statistics
Hard Disks
RAM requirements
CPU Power
Choosing an Operating System
Experience
Features
Compilers
Basic System Setup
Default Squid directory structure
User and Group IDs
Getting Squid
Getting the Squid source code
Getting Binary Versions of Squid
Compiling Squid
Compilation Tools
Unpacking the Source Archive
Compilation options
Running configure
Compiling the Squid Source
Installing the Squid binary
3. Squid Configuration Basics
Version Control Systems
The Configuration File
Setting Squid's HTTP Port
Using Port 80
Email for the Cache Administrator
Effective User and Group ID
FTP login information
Access Control Lists and Access Control Operators
Simple Access Control
Ensuring Direct Access to Internal Machines
Communicating with other proxy servers
Your ISP's cache
Firewall Interactions
4. Starting Squid
Before Running Squid
Subdirectory Permissions
Running Squid
Testing Squid
Testing a Cache or Proxy Server with Client
Addition to Startup Files
5. Browser Configuration
Browsers
Basic Configuration
Advanced Configuration
Basic Configuration
Host name
Browser-cache Interaction
Testing the Cache
Cache Auto-config
Web server config changes for autoconfig files
Autoconfig Script Coding
Super Proxy Script
cgi generated autoconfig files
Future directions
Roaming
Browsers
Transparency
Ready to Go
6. Access Control and Access Control Operators
Uses of ACLs
Access Classes and Operators
Acl lines
A unique name
Type
Decision String
Types of acl
Acl-operator lines
The other Acl-operators
SNMP Configuration
Querying the Squid SNMP server on port 3401
Running multiple SNMP servers on a cache machine
Delay Classes
Slowing down access to specific URLs
The Second Pool Class
The Second Pool Class
The Third Pool Class
Using Delay Pools in Real Life
Conclusion
7. Cache Hierarchies
Introduction
Why Peer
Peer Configuration
The cache_peer Option
Peer Selection
Selecting by Destination Domain
Selecting with Acls
Other Peering Options
Multicast Cache Communication
Getting your machine ready for Multicast
Querying a Multicast Cache
Accepting Multicast Queries: The mcast_groups option
Other Multicast Cache Options
Cache Digests
Cache Hierarchy Structures
Two Peering Caches
Trees
Meshes
Load Balancing Servers
The Cache Array Routing Protocol (CARP)
8. Accelerator Mode
When to use Accelerator Mode
Acceleration of a slow server
Replacing a combination cache/web server with Squid
Transparent Caching
Security
Accelerator Configuration Options
The httpd_accel_host option
The httpd_accel_port option
The httpd_accel_with_proxy option
The httpd_accel_uses_host_header option
Related Configuration Options
The redirect_rewrites_host_header option
Refresh patterns
Access Control
Example Configurations
Replacing a Combination Web/Cache server
Accelerating Requests to a Slow Server
9. Transparent Caching
The Problem with Transparency
The Transparent Caching Process
Some Routing Basics
Packet Flow with Transparent Caches
Network Layout
Filtering Traffic
Unix machines
Routers (not done)
Layer-Four Switches (not done)
Kernel Redirection (not done)
Squid Settings (not done)
10. Not Yet Done: Squid Config files and options
11. Overall Layout (for writers)
12. GNU Free Documentation License
GNU Free Documentation License
List of Examples
3-1. Effective User and Group IDs
3-2. Theoretical Access List
3-3. Access Lists using Classes
3-4. CIDR vs Netmask Source-IP Notation
3-5. Example Complete ACL list
3-6. Using always and never_direct
4-1. Using the -h and -p client Options
4-2. Retrieving Pages directly from a remote site with client
4-3. Printing timing information for a page download
4-4. Accessing a site through the cache
4-5. Runcache command in the startup files
5-1. Restarting Apache
5-2. A very basic autoconfig file
5-3. Connecting to a cache server
5-4. Connecting to a cache server, with failover
5-5. dnsDomainIs
5-6. Using multiple dnsDomainIs calls
5-7. using the isInNet call
5-8. using isPlainHostName to decide if the connection should be direct
5-9. myIpAddress
5-10. shExpMatch
5-11. url.substring
5-12. A small organization's proxy config file
5-13. Dialup ISP autoconfig file
5-14.
6-1. Explicit allow, explicit deny (do not use this!, see later text for reasons)
6-2. Only an allow acl-operator
6-3. Corrected example 6-1, explicit deny all
6-4. Example 6-1 once the cache is considered stable
6-5. Using multiple acl Decision Strings per line
6-6.
6-7. Denying access to a small section of a larger block
6-8. Filtering out unwanted destination sites
6-9. Denying access to sites with the word sex in the URL
6-10.
6-11. Allowing Web access during the weekend only
6-12. Denying access to FTP sites
6-13. Breaking search site access
6-14.
6-15. Using ident usernames to deny cache access
6-16. Using Ident to classify users, and using Squid to deny classes
6-17. Using more than one acl operator on an http_access line
6-18. Specifying more than one acl per http_access line
6-19. Logging ident values from specific machines
6-20. Doing ident lookups for unknown machines
6-21. Allowing a subnet range to only get data we already have (hits)
6-22. Using the broken_posts acl-operator
6-23. Using the snmp_community acl type
6-24. Allowing SNMP access from only one machine
6-25. Using the snmp_community acl type
6-26. Limiting download speed by a word in the URL
6-27. Limiting both overall and per-user bandwidth usage
6-28. Using Class 3 Delay Pools
7-1. The cache_peer tag
7-2. The cache_peer_domain tag
7-3. Using acls to select peers
7-4. Passing suspect urls to a filtering cache
7-5. Ignoring Hierarchy Caches for a Local Top-Level Domain
7-6. Bypassing a parent for a local machine
7-7. Changing the Cache Type by Destination Domain
7-8.
7-9. Sending Queries to a Multicast Server
7-10. Listening for Multicast Queries
7-11. Using CARP Load Factor variables
8-1. Before Accelerator Configuration
8-2. After Accelerator Configuration
8-3. Forwarding Web Requests to a Server on the Same Machine
8-4. Accelerating a Slow Server