Back to Top

0 Reduce Your Enterprise's Bandwidth Charges with Squid Linux Proxy Servers

Squid Server is basically a caching and forwarding web proxy setup. It filters routine traffic and speed up the web server by caching web, DNS and other queries. Squid caches web objects and stores at remote server location for further repeat use. This way frequently requested files and objects (images etc.) need not be downloaded again and saves significant bandwidth charges.

It is mostly mounted on a master server with all original filtered files tracked over a network. It works by copying the initially accessed content by users and making them available for network computers. Squid automatically expires and deletes the unwanted or un-accessed content files if not requested within set period time and this way stays complete and updated with information.

The concept of squid initiated when a number of users repeatedly demanded the media or streaming videos which took a large amount of data transfer over the network and causing bandwidth congestion. Squid is an open source and freely available under GPL (General public license). 

Perquisites for Setup

For using Squid Proxy Setups, you need a Linux distributions OS which already includes some Squid packages. Although it is designed for Linux OS, it can also work on Windows based software. 

Usually, a 32MB RAM required for every 1GB of disc space. Squid server may need more disk space. Fast working disks are always preferred. SCSI for disks on a proxy server is often a wise decision. SCSI offers multiple read and writes and can access as many as 7 different drives at a point. Any latest currently available (say i3 or i5 Intel) CPU with enough RAM and fast disk can handle enough load of multiple network users. 

For load calculations and actual requirements study, refer article on deckle.co.uk, discussion on nabblehere.

Some useful tips using Squid Proxy Servers

Port numbers added to SSL ports must be added to safe ports list as well.

If you are using URL redirector programs, better be careful as Squid will pass the entire URL along with query parameter to that program and cause information to leak.

If you enable tproxy mode (Intercept mode), all other configured authentication mechanisms will be disabled.

ACL elements with dst as ACL types are slower in operation than ACLs with srcACL type whereas ACL elements with srcdomain as ACL types works slower in operation compared to ACLs with the dstdomain ACL type. As far as ACL naming are concerned, you cannot use one ACL name with multiple types.

It is recommended to block the POST and CONNECT requests types using url_rewrite_access as they may cause unexpected errors.

Rotating of log files is recommended instead of using large files; it gives good speed and enhances the performance.

You need to add a deny all line after the access rules to avoid any unwanted behavior with HTTP access control. By default Squid system will behave will do the opposite of last access rule.

If you wish to share the configuration with different Squid installation while testing, use 
--sysconfdir=/etc/squid/ option.

refresh_pattern to the non-cacheable responses or using them to alter already cached objects can be a serious deal. Be careful while using them.

If you do not secure the port properly it can cause a security risk. Ports must be set to standards such as 3128 or 8080. Any arbitrary ports number will work to solve the purpose.

Try not to use Squid process in debug mode as it may use more disc space for making a log of debugging output to the cache.log file.

http_reply_access directives must be used very carefully as Squid will go to original server bypassing the response denied by http_reply_access rule and if some unknown hacker demands some private data through malicious URL, the client will inherently pass the private information.

Always make sure to set the PID path properly. If it is kept to none, it may disturb the automatic log rotation or restarting Squid. Also, Squid exists at a time of system shutdown will not complete.

If you are willing to setup Squid Proxy Server Visit article on Linuxhomenetworking.com

Need for Creating Transparent Proxy

If you have Squid Setup on one master server, all other network workstations must be configured to the internal network to be able to work properly. To shorten this task and headache of setting up all of them, creating Transparent Proxy is a necessity.

Squid can be used as HTTPD accelerator if configured with an iptables redirect rule. This way it will become transparent to your network and all incoming HTTP requests can be handled through a transparent proxy.

It should be noted that transparent proxies cannot be used for HTTPS connections over SSL (port 443) as it will break the server to client SSL connection.

ravindrayadava have discussed basic questionnaires related to Squid Proxy Server which is very helpful.


Post a Comment

Related Posts Plugin for WordPress, Blogger...