Book description
Squid is the most popular Web caching software in use today, and it works on a variety of platforms including Linux, FreeBSD, and Windows. Squid improves network performance by reducing the amount of bandwidth used when surfing the Web. It makes web pages load faster and can even reduce the load on your web server. By caching and reusing popular web content, Squid allows you to get by with smaller network connections. It also protects the host on your internal network by acting as a firewall and proxying your internal web traffic. You can use Squid to collect statistics about the traffic on your network, prevent users from visiting inappropriate web sites at work or school, ensure that only authorized users can surf the Internet, and enhance your privacy by filtering sensitive information from web requests. Companies, schools, libraries, and organizations that use web-caching proxies can look forward to a multitude of benefits.Written by Duane Wessels, the creator of Squid, Squid: The Definitive Guide will help you configure and tune Squid for your particular situation. Newcomers to Squid will learn how to download, compile, and install code. Seasoned users of Squid will be interested in the later chapters, which tackle advanced topics such as high-performance storage options, rewriting requests, HTTP server acceleration, monitoring, debugging, and troubleshooting Squid.Topics covered include:
- Compiling and installing Squid
- Running Squid
- Using Squid's sophisticated access controls
- Tuning disk storage for optimal performance
- Configuring your operating system for HTTP interception
- Forwarding Requests to other web caches
- Using redirectors to rewrite user requests
- Monitoring Squid with the cache manager and SNMP
- Using Squid to accelerate and protect HTTP servers
- Managing bandwidth consumption with Delay Pools
Publisher resources
Table of contents
- Dedication
- Preface
- 1. Introduction
- 2. Getting Squid
- 3. Compiling and Installing
- 4. Configuration Guide for the Eager
-
5. Running Squid
- 5.1. Squid Command-Line Options
- 5.2. Check Your Configuration File for Errors
- 5.3. Initializing Cache Directories
- 5.4. Testing Squid in a Terminal Window
- 5.5. Running Squid as a Daemon Process
- 5.6. Boot Scripts
- 5.7. A chroot Environment
- 5.8. Stopping Squid
- 5.9. Reconfiguring a Running Squid Process
- 5.10. Rotating the Log Files
- 5.11. Exercises
-
6. All About Access Controls
-
6.1. Access Control Elements
- 6.1.1. A Few Base ACL Types
-
6.1.2. ACL Types
- 6.1.2.1. src
- 6.1.2.2. dst
- 6.1.2.3. myip
- 6.1.2.4. dstdomain
- 6.1.2.5. srcdomain
- 6.1.2.6. port
- 6.1.2.7. myport
- 6.1.2.8. method
- 6.1.2.9. proto
- 6.1.2.10. time
- 6.1.2.11. ident
- 6.1.2.12. proxy_auth
- 6.1.2.13. src_as
- 6.1.2.14. dst_as
- 6.1.2.15. snmp_community
- 6.1.2.16. maxconn
- 6.1.2.17. arp
- 6.1.2.18. srcdom_regex
- 6.1.2.19. dstdom_regex
- 6.1.2.20. url_regex
- 6.1.2.21. urlpath_regex
- 6.1.2.22. browser
- 6.1.2.23. req_mime_type
- 6.1.2.24. rep_mime_type
- 6.1.2.25. ident_regex
- 6.1.2.26. proxy_auth_regex
- 6.1.3. External ACLs
- 6.1.4. Dealing with Long ACL Lists
- 6.1.5. How Squid Matches Access Control Elements
- 6.2. Access Control Rules
-
6.3. Common Scenarios
- 6.3.1. Allowing Local Clients Only
- 6.3.2. Blocking a Few Misbehaving Clients
- 6.3.3. Denying Pornography
- 6.3.4. Restricting Usage During Working Hours
- 6.3.5. Preventing Squid from Talking to Non-HTTP Servers
- 6.3.6. Giving Certain Users Special Access
- 6.3.7. Preventing Abuse from Siblings
- 6.3.8. Denying Requests with IP Addresses
- 6.3.9. An http_reply_access Example
- 6.3.10. Preventing Cache Hits for Local Sites
- 6.4. Testing Access Controls
- 6.5. Exercises
-
6.1. Access Control Elements
- 7. Disk Cache Basics
- 8. Advanced Disk Cache Topics
- 9. Interception Caching
-
10. Talking to Other Squids
- 10.1. Some Terminology
- 10.2. Why (Not) Use a Hierarchy?
- 10.3. Telling Squid About Your Neighbors
- 10.4. Restricting Requests to Neighbors
- 10.5. The Network Measurement Database
- 10.6. Internet Cache Protocol
- 10.7. Cache Digests
- 10.8. Hypertext Caching Protocol
- 10.9. Cache Array Routing Protocol
- 10.10. Putting It All Together
- 10.11. How Do I ...
- 10.12. Exercises
- 11. Redirectors
- 12. Authentication Helpers
-
13. Log Files
- 13.1. cache.log
- 13.2. access.log
- 13.3. store.log
- 13.4. referer.log
- 13.5. useragent.log
- 13.6. swap.state
- 13.7. Rotating the Log Files
- 13.8. Privacy and Security
- 13.9. Exercises
-
14. Monitoring Squid
- 14.1. cache.log Warnings
-
14.2. The Cache Manager
-
14.2.1. Cache Manager Pages
- 14.2.1.1. leaks: Memory Leak Tracking
- 14.2.1.2. mem: Memory Utilization
- 14.2.1.3. cbdata: Callback Data Registry Contents
- 14.2.1.4. events: Event Queue
- 14.2.1.5. squidaio_counts: Async IO Function Counters
- 14.2.1.6. diskd: DISKD Stats
- 14.2.1.7. config: Current Squid Configuration*
- 14.2.1.8. comm_incoming: comm_incoming( ) Stats
- 14.2.1.9. ipcache: IP Cache Stats and Contents
- 14.2.1.10. fqdncache: FQDN Cache Stats and Contents
- 14.2.1.11. idns: Internal DNS Statistics
- 14.2.1.12. dns: Dnsserver Statistics
- 14.2.1.13. redirector: URL Redirector Stats
- 14.2.1.14. basicauthenticator: Basic User Authenticator Stats
- 14.2.1.15. digestauthenticator: Digest User Authenticator Stats
- 14.2.1.16. ntlmauthenticator: NTLM User Authenticator Stats
- 14.2.1.17. external_acl: External ACL Stats
- 14.2.1.18. http_headers: HTTP Header Statistics
- 14.2.1.19. via_headers: Via Request Headers
- 14.2.1.20. forw_headers: X-Forwarded-For Request Headers
- 14.2.1.21. menu: This Cache Manager Menu
- 14.2.1.22. shutdown: Shut Down the Squid Process*
- 14.2.1.23. offline_toggle: Toggle offline_mode Setting*
- 14.2.1.24. info: General Runtime Information
- 14.2.1.25. filedescriptors: Process File Descriptor Allocation
- 14.2.1.26. objects: All Cache Objects
- 14.2.1.27. vm_objects: In-Memory and In-Transit Objects
- 14.2.1.28. openfd_objects: Objects with Swapout Files Open
- 14.2.1.29. io: Server-Side Network read( ) Size Histograms
- 14.2.1.30. counters: Traffic and Resource Counters
- 14.2.1.31. peer_select: Peer Selection Algorithms
- 14.2.1.32. digest_stats: Cache Digest and ICP Blob
- 14.2.1.33. 5min: 5 Minute Average of Counters
- 14.2.1.34. 60min: 60 Minute Average of Counters
- 14.2.1.35. utilization: Cache Utilization
- 14.2.1.36. histograms: Full Histogram Counts
- 14.2.1.37. active_requests: Client-Side Active Requests
- 14.2.1.38. store_digest: Store Digest
- 14.2.1.39. storedir: Store Directory Stats
- 14.2.1.40. store_check_cachable_stats: storeCheckCachable( ) Stats
- 14.2.1.41. store_io: Store IO Interface Stats
- 14.2.1.42. pconn: Persistent Connection Utilization Histograms
- 14.2.1.43. refresh: Refresh Algorithm Statistics
- 14.2.1.44. delay: Delay Pool Levels
- 14.2.1.45. forward: Request Forwarding Statistics
- 14.2.1.46. client_list: Cache Client List
- 14.2.1.47. netdb: Network Measurement Database
- 14.2.1.48. asndb: AS Number Database
- 14.2.1.49. carp: CARP Information
- 14.2.1.50. server_list: Peer Cache Statistics
- 14.2.1.51. non_peers: List of Unknown Sites Sending ICP messages
- 14.2.2. Cache Manager Access Controls
- 14.2.3. Reasons to Dislike the Cache Manager
- 14.2.4. Squid-RRD
-
14.2.1. Cache Manager Pages
- 14.3. Using SNMP
- 14.4. Exercises
- 15. Server Accelerator Mode
-
16. Debugging and Troubleshooting
-
16.1. Some Common Problems
- 16.1.1. “Failed to make swap directory”
- 16.1.2. “Address already in use”
- 16.1.3. “Could not determine fully qualified hostname”
- 16.1.4. “DNS name lookup tests failed”
- 16.1.5. “Illegal character in hostname”
- 16.1.6. “Running out of filedescriptors”
- 16.1.7. “icmpRecv: Connection refused”
- 16.1.8. Squid Becomes Slow After Running for Some Time
- 16.1.9. Debugging Access Controls
- 16.2. Debugging via cache.log
- 16.3. Core Dumps, Assertions, and Stack Traces
- 16.4. Replicating Problems
- 16.5. Reporting a Bug
- 16.6. Exercises
-
16.1. Some Common Problems
-
A. Config File Reference
- http_port
- https_port
- ssl_unclean_shutdown
- icp_port
- htcp_port
- mcast_groups
- udp_incoming_address
- udp_outgoing_address
- cache_peer
- cache_peer_domain
- neighbor_type_domain
- icp_query_timeout
- maximum_icp_query_timeout
- mcast_icp_query_timeout
- dead_peer_timeout
- hierarchy_stoplist
- no_cache
- cache_access_log
- cache_log
- cache_store_log
- cache_swap_log
- emulate_httpd_log
- log_ip_on_direct
- cache_dir
- cache_mem
- cache_swap_low
- cache_swap_high
- maximum_object_size
- minimum_object_size
- maximum_object_size_in_memory
- cache_replacement_policy
- memory_replacement_policy
- store_dir_select_algorithm
- mime_table
- ipcache_size
- ipcache_low
- ipcache_high
- fqdncache_size
- log_mime_hdrs
- useragent_log
- referer_log
- pid_filename
- debug_options
- log_fqdn
- client_netmask
- ftp_user
- ftp_list_width
- ftp_passive
- ftp_sanitycheck
- cache_dns_program
- dns_children
- dns_retransmit_interval
- dns_timeout
- dns_defnames
- dns_nameservers
- hosts_file
- diskd_program
- unlinkd_program
- pinger_program
- redirect_program
- redirect_children
- redirect_rewrites_host_header
- redirector_access
- redirector_bypass
- auth_param
- authenticate_ttl
- authenticate_cache_garbage_interval
- authenticate_ip_ttl
- external_acl_type
- wais_relay_host
- wais_relay_port
- request_header_max_size
- request_body_max_size
- refresh_pattern
- quick_abort_min
- quick_abort_max
- quick_abort_pct
- negative_ttl
- positive_dns_ttl
- negative_dns_ttl
- range_offset_limit
- connect_timeout
- peer_connect_timeout
- read_timeout
- request_timeout
- persistent_request_timeout
- client_lifetime
- half_closed_clients
- pconn_timeout
- ident_timeout
- shutdown_lifetime
- acl
- http_access
- http_reply_access
- icp_access
- miss_access
- cache_peer_access
- ident_lookup_access
- tcp_outgoing_tos
- tcp_outgoing_address
- reply_body_max_size
- cache_mgr
- cache_effective_user
- cache_effective_group
- visible_hostname
- unique_hostname
- hostname_aliases
- announce_period
- announce_host
- announce_file
- announce_port
- httpd_accel_host
- httpd_accel_port
- httpd_accel_single_host
- httpd_accel_with_proxy
- httpd_accel_uses_host_header
- dns_testnames
- logfile_rotate
- append_domain
- tcp_recv_bufsize
- err_html_text
- deny_info
- memory_pools
- memory_pools_limit
- forwarded_for
- log_icp_queries
- icp_hit_stale
- minimum_direct_hops
- minimum_direct_rtt
- cachemgr_passwd
- store_avg_object_size
- store_objects_per_bucket
- client_db
- netdb_low
- netdb_high
- netdb_ping_period
- query_icmp
- test_reachability
- buffered_logs
- reload_into_ims
- always_direct
- never_direct
- header_access
- header_replace
- icon_directory
- error_directory
- maximum_single_addr_tries
- snmp_port
- snmp_access
- snmp_incoming_address
- snmp_outgoing_address
- as_whois_server
- wccp_router
- wccp_version
- wccp_incoming_address
- wccp_outgoing_address
- delay_pools
- delay_class
- delay_access
- delay_parameters
- delay_initial_bucket_level
- incoming_icp_average
- incoming_http_average
- incoming_dns_average
- min_icp_poll_cnt
- min_dns_poll_cnt
- min_http_poll_cnt
- max_open_disk_fds
- offline_mode
- uri_whitespace
- broken_posts
- mcast_miss_addr
- mcast_miss_ttl
- mcast_miss_port
- mcast_miss_encode_key
- nonhierarchical_direct
- prefer_direct
- strip_query_terms
- coredump_dir
- ignore_unknown_nameservers
- digest_generation
- digest_bits_per_entry
- digest_rebuild_period
- digest_rewrite_period
- digest_swapout_chunk_size
- digest_rebuild_chunk_percentage
- chroot
- client_persistent_connections
- server_persistent_connections
- pipeline_prefetch
- extension_methods
- request_entities
- high_response_time_warning
- high_page_fault_warning
- high_memory_warning
- ie_refresh
- vary_ignore_expire
- sleep_after_fork
- B. The Memory Cache
- C. Delay Pools
- D. Filesystem Performance Benchmarks
- E. Squid on Windows
- F. Configuring Squid Clients
- About the Author
- Colophon
- Copyright
Product information
- Title: Squid: The Definitive Guide
- Author(s):
- Release date: January 2004
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596001629
You might also like
book
SSH, The Secure Shell: The Definitive Guide, 2nd Edition
Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based …
book
HTTP: The Definitive Guide
Behind every web transaction lies the Hypertext Transfer Protocol (HTTP) --- the language of web browsers …
book
Kubernetes: Up and Running, 2nd Edition
Kubernetes radically changes the way applications are built and deployed in the cloud. Since its introduction …
book
Kubernetes: Up and Running, 3rd Edition
In just five years, Kubernetes has radically changed the way developers and ops personnel build, deploy, …