Contents 1 Intro 1.1 Squid: Optimising Web Delivery 1.2 Making the most of your Internet Connection 1.3 Website Content Acceleration and Distribution 1.4 Want to learn more? 2 Installation 3 Configuration 4 Transparent Proxy 5 Comments

Intro

Squid: Optimising Web Delivery

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.

Making the most of your Internet Connection

Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimise network throughput.

Website Content Acceleration and Distribution

Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce your server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world - copying only the content being used, rather than inefficiently copying everything. Finally, Squid's advanced content routing configuration allows you to build content clusters to route and load balance requests via a variety of web servers.

Want to learn more?

The Squid project provides a number of resources to assist users design, implement and support Squid installations. Please browse here for more information.

Installation

ipkg install squid

Configuration

Use the following /opt/etc/squid/squid.conf and change the first 3 lines of squid.conf,
XXX.XXX.XXX.XXX on the http_port line is the internal address of the FSG. (e.g. 192.168.0.1)
hostname in visible_hostname line is the hostname of the FSG. (e.g. fsg.example.com)
nnn.nnn.nnn.nnn in acl our_networks src line to the network address range you want use the proxy. (e.g. 192.168.0.0)

http_port XXX.XXX.XXX.XXX:3128
visible_hostname hostname
acl our_networks src nnn.nnn.nnn.nnn/24
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /opt/var/squid/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /opt/var/squid/cache

Transparent Proxy

To use the FSG as a Transparent proxy.

Change one line in the squid.conf so that

http_port XXX.XXX.XXX.XXX:3128

becomes

http_port XXX.XXX.XXX.XXX:3128 transparent

Change the lines in the /opt/etc/init.d/S80squid
So the iptables lines are put in.

#! /bin/sh

case "$1" in
    start)
        echo -n "Starting proxy server: "
        /opt/sbin/squid -f /opt/etc/squid/squid.conf
        #inside
        iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j DNAT --to-destination  xxx.xxx.xxx.xxx:3128
        #Outside
        iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port  80 -j REDIRECT --to-port 3128

        echo "done."
        ;;
    stop)
        echo -n "Stopping proxy server: "
        /opt/sbin/squid -f /opt/etc/squid/squid.conf -k shutdown
        echo "done."
        ;;
    reload|force-reload)
        echo -n "Reloading proxy server configuration files: "
        /opt/sbin/squid -f /opt/etc/squid/squid.conf -k reconfigure
        echo "done."
        ;;
    restart)
        echo -n "Restarting proxy server: "
        /opt/sbin/squid -f /opt/etc/squid/squid.conf -k shutdown
        sleep 2
        /opt/sbin/squid -f /opt/etc/squid/squid.conf
        echo "done."
        ;;
    *)
        echo "Usage: /opt/etc/init.d/S80squid {start|stop|reload|force-reload|restart}"
        exit 1
        ;;
esac

exit 0

Comments

Please submit comments in the Forum.