Squid 2.4 Stable1
Configuration Manual
 

 

 

Next

BY

Visolve.com - Your Support and Testing Partner

Visolve is an international corporation that provides technical services, for Internet based systems, for clients around the globe since 1995. We provide free basic support and also commercial support for open source products like Linux, Apache and Squid.


All rights reserved.
All trademarks used in this document are owned by their respective companies. This document makes no ownership claim of any trademark(s). If you wish to have your trademark removed from this document, please contact the copyright holder. No disrespect is meant by any use of other companies’ trademarks in this document.

Note : This document is not (yet) to be mirrored; copying for personal or company-wide use or printing is perfectly acceptable. Once the document is in a stable state, the document will be released under the GNU FreeDocumentation License.


Table ofContents

  1. Network options:

This section contains Network related configurations of Squid. This plays important role on deciding socket addresses of squid to communicate with Remote servers and Neighbour caches. Generally port is where Squid listens for  TCP and ICP requests and responses and IPAddress is to which squid binds and create socket addresses to complete the communication  withother servers. (Includes Remote servers and Neighbour caching servers).Socket Addresses are defined by Number of Interfaces which Cache server has.More information on multicast is here.

    II.             Options which affect the neighbour selection algorithm

This section comes to play only when Squid hierarchy is implemented for implementing multiple Squid cache boxes. Number of cache servers, Type of the configuration, Timeouts for communications between hierarchy and Objects which should not be cached locally are specified here. To configure this section,there is a need of prior knowledge in Squid hierarchy. Here one can fix a particular cache server for a specified domain.

  III.             Options which affect the cache size

This section allows configuration details for the resource usage by Squid, volume of cache data to be stored in the disk and policies used in cache replacement and memory replacement.

  1. Log file path names and cache directories

This section allows configuration of log files(size, name, path, activity) containing runtime information, errors. This data can be used to debug the system problems and also to analyse the cache pattern. For more information on controlling the log file size see logfile_rotate directive, Squid command line option (-k rotate) and man page on logrotate in Linux.

     V.             Options for external support programs

This gives config options for programs like Ftpuser, DNS, Redirectors and Authenticators contributed by sources other than Squid. External programs are place din Contrib directory of source distribution. This Section is needed when squid wants some external processes to perform simple task like redirecting the URL, DNS processes, internal Domain Name Servers, Authenticate program etc..,. Number of children for each of these processes can also be specified here.

  VI.             Options for tuning the cache

Performance of the squid much relies on configuration of this section. This decides how often the objects are refreshed by given the appropriate algorithm, size of the header and body for both reply and request ( for deciding latency),aborting the connections when client closes connection. Gives the opportunity to get high performance and customization for a particular use.

VII.             Timeouts

Nothing more than setting the time limits for the connections. The timeouts  sets the time limits that squid can wait for certain request to complete.If it exceeds the given time limit squid will return to client with an default error message specified for the particular timeouts.Increasing the timelimit without under standing these tags will be an performance issue.

VIII.             Access controls

Squid  cannot be used in an ISP environment without a sophisticated access control system. Indeed, Squid should not be used in ANY environment without some kind of basic authentication system. It is amazing how fast other Internet users will find out that they can relay requests through the cache, and then proceed to do so. Access control lists (acls) are often the most difficult part of the configuration of a Squid cache: the layout and concept is not immediately obvious to most people. This section tries to simplify the difficulties while configuring squid using acls. External programs like Redirectors and Authenticators can be used with acls defined here. As simple,Squid is a firewall.

  IX.             Administrative parameters

This tells squid which user and group has the right to run squid ,What host name should  be displayed while showing the errors and the cache administrator who can view the details of work done by the squid at runtime.

     X.             Options for the cache registration service

This section is for registering this cache server at http://ircache.nlanr.net/Cache/Tracker/, this service is provided to help cache administrators locate one another in order to join or create cache hierarchies

  XI.             Httpd-accelerator options

Squid can act as a load balancer or load reducer for particular webserver. Generally squid not only keeps clients happy but also the web servers by reducing load on server side. Some cache servers can act as web servers (or vis versa). These servers accept requests in both the standard web-request format (where only the path and filename are given), and in the proxy-specific format (where the entire URL is given). The Squid designers have decided not to let Squid be configured in this way. This avoids various complicated issues, and reduces code complexity, making Squid more reliable. All in all, Squid is a web cache, not a web server.

By adding a translation layer into Squid, we can accept (and understand) web requests, since the format is essentially the same. The additional layer can re-write incoming web requests, changing the destination server and port. This re-written request is then treated as a normal request: the remote server is contacted, the data requested and the results cached. This lets Squid to pretend to be a web server, re-writing requests so that they are passed on to some other web server.

For Transparent caching, Squid can be configured to magically intercept outgoing web requests and cache them. Since the outgoing requests are in web-server format,it needs to translate them to cache-format requests. Transparent redirection is prohibited by internet standard #5 "Internet Protocol".And HTTP assumes no transparent redirection is taking place.

This section allows various configuration related to accelerator mode and also for transparent mode.

XII.             Miscellaneous

This section covers configuration of limiting log file growth, displaying the customized information to the clients during errors meet or access denial, defining the memory pools for squid, Network management by enabling SNMP, Co-ordinating neighbour caches by enabling wccp, directing the requests either to origin server or neighbour cache.

  1. Delaypool parameters(all require delay_pools compilation options)

Delaypools do wonder with ACLs. Delay pools provide a way to limit the bandwidth of certain requests based on any list of criteria. Delay behavior is selected by ACLs (low and high priority traffic, staff Vs students or student Vs authenticated student or so on). In ISP  delaypools can be implemented to a particular network to improve the quality of service. .

XIII          Glossary

This gives the informations about the terms used in this guide.