Proxy Servers Squid

Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet. Requests from local clients for Web services can be handled by the proxy server, speeding transactions as well as controlling access. Proxy servers maintain current copies of commonly accessed Web pages, speeding Web access times by eliminating the need to access the original site constantly. They also perform security functions, protecting servers from unauthorized access. Squid is a free, open source, proxy-caching server for Web clients, designed to speed Internet access and provide security controls for Web servers. It implements a proxy-caching service for Web clients that caches Web pages as users make requests. Copies of Web pages accessed by users are kept in the Squid cache, and as requests are made, Squid checks to see if it has a current copy. If Squid does have a current copy, it returns the copy from its cache instead of querying the original site. If it does not have a current copy, it will retrieve one from the original site. Replacement algorithms periodically replace old objects in the cache. In this way, Web browsers can then use the local Squid cache as a proxy HTTP server. Squid currently handles Web pages supporting the HTTP, FTP, and SSL protocols (Squid cannot be used with FTP clients), each with an associated default port (see Table 24-1). It also supports ICP (Internet Cache Protocol), HTCP (Hypertext Caching Protocol) for Web caching, and SNMP (Simple Network Management Protocol) for providing status information.

You can find out more about Squid at www.squid-cache.org. For detailed information check the Squid FAQ and the user manual located at their Web site. The FAQ is also installed in your /usr/share/doc under the squid directory.

As a proxy, Squid does more that just cache Web objects. It operates as an intermediary between the Web browsers (clients) and the servers they access. Instead of connections being made directly to the server, a client connects to the proxy server. The proxy then relays requests to the Web server. This is useful for situations where a Web server is placed behind a firewall server, protecting it from outside access. The proxy is accessible on the firewall, which can then transfer requests and responses back and forth between the client and the Web server. The design is often used to allow Web servers to operate on protected local networks and still be accessible on the Internet. You can also use a Squid proxy to provide Web access to the Internet by local hosts. Instead of using a gateway providing complete access to the Internet, local hosts can use a proxy to allow them just Web access (see Chapter 5). You can also combine the two, allowing gateway access, but using the proxy server to provide more control for Web access. In addition, the caching capabilities of Squid can provide local hosts with faster Web access.

Protocol

Description and Port

HTTP

Web pages, port 3128

FTP

FTP transfers through Web sites, port 3128

ICP

Internet Caching Protocol, port 3130

HTCP

Hypertext Caching Protocol, port 4827

CARP

Cache Array Routing Protocol

SNMP

Simple Network Management Protocol, port 3401

SSL

Secure Socket Layer

Table 24-1 Protocols Supported by Squid

Table 24-1 Protocols Supported by Squid

Technically, you could use a proxy server to simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a proxy-caching server.

Squid also provides security capabilities that let you exercise control over hosts accessing your Web server. You can deny access by certain hosts and allow access by others. Squid also supports the use of encrypted protocols such as SSL (see Chapter 23). Encrypted communications are tunneled (passed through without reading) through the Squid server directly to the Web server.

Squid is supported and distributed under a GNU Public License by the National Laboratory for Applied Network Research (NLANR) at the University of California, San Diego. The work is based on the Harvest Project to create a Web indexing system that included a highperformance cache daemon called cached. You can obtain current source code versions and online documentation from the Squid home page at www.squid-cache.org. The Squid software package consists of the Squid server, several support scripts for services like LDAP and HTTP, and a cache manager script called cachemgr.cgi. The cachemgr.cgi lets you view statistics for the Squid server as it runs.

You can start, stop, and restart the Squid server using the squid script, as shown here:

# service squid restart

You can also set the Squid server to start up automatically using the system-config-services tool (System | Administration | Server Settings | Services) or chkconfig.

Was this article helpful?

0 0

Post a comment