Squid 2.4 Stable1 Configuration Manual |
||
Visolve is an international corporation that provides technical services, for Internet based systems, for clients around the globe since 1995. We provide free basic supportand also commercial support for open source products like Linux, ApacheandSquid.
Note : This document is not (yet) to be mirrored; copying for personal or company-wide use or printing is perfectly acceptable. Once the document is in a stable state, the document will be released under the GNU FreeDocumentation License.
Table ofContents
This section contains Network related configurations of Squid. This plays important role on deciding socket addresses of squid to communicate with Remote servers and Neighbour caches. Generally port is where Squid listens for TCP and ICP requests and responses and IPAddress is to which squid binds and create socket addresses to complete the communication withother servers. (Includes Remote servers and Neighbour caching servers).Socket Addresses are defined by Number of Interfaces which Cache serverhas.More information on multicast is here.
II. Options which affect the neighbour selection algorithm
This section comes to play only when Squid hierarchy is implemented for implementing multiple Squid cache boxes. Number of cache servers, Type of the configuration, Timeouts for communications between hierarchy and Objects which should not be cached locally are specified here. To configure this section,there is a need of prior knowledge in Squid hierarchy. Here one can fixa particular cache server for a specified domain.
This section allows configuration details for the resource usage by Squid, volume of cache data to be stored in the disk and policies used in cache replacementand memory replacement.
This section allows configuration of log files(size, name, path, activity) containing runtime information, errors. This data can be used to debug the system problems and also to analyse the cache pattern. For more information on controlling the log file size see logfile_rotate directive, Squid command line option (-k rotate) and man page on logrotate in Linux.
This gives configoptions for programs like Ftpuser, DNS, Redirectors and Authenticatorscontributed by sources other than Squid. External programs are placedin Contrib directory of source distribution. This Section is needed whensquid wants some external processes to perform simple task like redirectingthe URL, DNS processes, internal Domain Name Servers, Authenticate programetc..,. Number of children for each of these processes can also be specifiedhere.
Performance of the squid much relies on configuration of this section. This decides howoften the objects are refreshed by given the appropriate algorithm, sizeofthe header and body for both reply and request ( for deciding latency),aborting the connections when client closes connection. Gives the opportunityto get high performance and customization for a particular use.
Nothing more thansetting the time limits for the connections. The timeouts setsthe timelimits that squid can wait for certain request to complete.Ifit exceedsthe given time limit squid will return to client with an defaulterrormessage specified for the particular timeouts.Increasing the timelimitwithout under standing these tags will be an performance issue.
Squid cannot be used in an ISP environment without a sophisticated access controlsystem. Indeed, Squid should not be used in ANY environment without somekindof basic authentication system. It is amazing how fast other Internetusers will find out that they can relay requests through the cache, andthen proceed to do so. Access control lists (acls) are often the mostdifficult part of the configuration of a Squid cache: the layout andconceptis not immediately obvious to most people. This section triesto simplifythedifficulties while configuring squid using acls. ExternalprogramslikeRedirectors and Authenticators can be used with acls definedhere.As simple,Squid is a firewall.
This tells squid which user and group has the right to run squid ,What host name should be displayed while showing the errors and the cache administrator who can view the details of work done by the squid at runtime.
This section is for registering this cache server at http://ircache.nlanr.net/Cache/Tracker/, t his service is provided to help cache administrators locate one another in order to join or create cache hierarchies
Squid can act as a load balancer or load reducer for particular webserver. Generally squid not only keeps clients happy but also the web servers by reducing load on server side. Some cache servers can act as web servers (or vis versa). These servers accept requests in both the standard web-request format (where only the path and filename are given), and in the proxy-specific format (where the entire URL is given). The Squid designers have decided not to let Squid be configured in this way. This avoids various complicated issues, and reduces code complexity, making Squid more reliable. Allin all, Squid is a web cache, not a web server.
By adding a translation layer into Squid, we can accept (and understand) web requests, since the format is essentially the same. The additional layer can re-write incoming web requests, changing the destination server and port. This re-written request is then treated as a normal request: the remote server is contacted, the data requested and the results cached. This lets Squid to pretend to be a web server, re-writing requests so that they are passed on to some other web server.
For Transparent caching,
Squid can be configured to magically intercept outgoing web requests
and cache them. Since the outgoing requests are in web-server format,it needs
to translate them to cache-format requests. Transparent redirection
is probhibited by internet standard #5 "Internet Protocol".And HTTP assumes
no transparent redirection is taking place.
This section allows various configuration related to accelerator mode and also for transparent mode.
This section covers configuration of limiting logfile growth, displaying the custiomizedinformation to the clients during errors meet or access denial, definingthe memory pools for squid, Network management by enabling SNMP, Co-ordinatingneighbour caches by enabling wccp, directing the requests either to originserver or neighbour cache.
Delaypools do wonder with ACLs. Delay pools provide a way to limit the bandwidth of certain requests based on any list of criteria. Delay behavior is selected by ACLs (low and high priority traffic, staff vs students or student vsauthenticated student or so on). In ISP delaypools can be implementedto a particular network to improve the quality of service. .
XIII Glossary
This gives the informations about the terms used in this guide.