Setting Up a Web Proxy with Squid

Squid is the most popular open source caching web proxy server.

This means that it fetches and holds local copies of pages and images from the web. Client machines requesting these objects obtain them from the Squid proxy server rather than directly. There are several good reasons (and possibly also some bad ones) why people use Squid and other caching web proxies.

♦ A web cache on the local network means that objects (web pages, images, and so on) that have already been requested do not need to be fetched again from their original location but can be served from the cache instead. This improves performance for users and reduces bandwidth usage.

♦ At the same time, using a proxy can give an organization a great deal of control over how and when users access the web and can log all web access. Squid can also be used to prevent access to "undesirable" sites, sometimes in conjunction with additional software that maintains "blacklists" of these.

♦ The use of a web proxy (and Squid also caches for FTP) means that you can set up a firewall in such a way that users do not have direct access from their PCs to the Internet; their HTTP and FTP traffic is handled by Squid, and their Simple Mail Transport Protocol (SMTP) traffic is handled by the mail server. Typically, users may have no direct TCP/IP access to the outside world. This simplifies security but may also rob users of the ability to connect to other services.

Once a web proxy is up and running (and, most probably, direct HTTP through the firewall is blocked), traditionally all users' browsers need to be configured with the appropriate proxy setting. This leads to administrative problems. There are a number of solutions to these, including a very elegant one that we shall discuss later.

Getting Squid to run on SUSE

Authentication and ACLs

The Squid log and using sarg

Transparent proxying

Using the Cache Manager and squidGuard ♦ ♦ ♦ ♦

Was this article helpful?

0 0

Post a comment