Squid Proxy Server

NRCFOSS 1
 Introduction
• Squid proxy server is designed to cache web content as
clients requests,it checks for presence of local copy of
request, if found servers it directly.This not only saves
bandwidth usage but accelerates web speed.
• Duane Wessels of the National Laboratory for Applied
Network Research (funded by the National Science
Foundation) leads code development.
• Squid is free, licensed under the GNU Public License.
Squid runs on nearly all flavors of Unix, including Linux.

NRCFOSS 2
 Internet object caching

• Internet object caching is a way to store requested Internet

objects (i.e., data available via the HTTP, FTP, and gopher
protocols) on a system closer to the requesting site than to
the source. Web browsers can then use the local Squid
cache as a proxy HTTP server, reducing access time as
well as bandwidth consumption.

NRCFOSS 3
 Supported OS

• Linux • IRIX
• FreeBSD • SunOS/Solaris
• NetBSD • NeXTStep
• OpenBSD • SCO Unix
• BSDI • AIX
• Mac OS/X • HP-UX
• OSF/Digital Unix/Tru64 • OS/2

NRCFOSS 4
 System Requirements
• A web proxy cache requires a generous amount of memory
and a fast disk I/O subsystem.
• Memory is needed to maintain lists of cached objects, and
disks must be capable of keeping up with a steady flood of
random reads and writes.
• Typically processor speed is not a limiting factor, and a
modest processor can make a satisfactory proxy server
given the appropriate I/O and memory configuration.

NRCFOSS 5
 Downloading Squid
• You must download a source archive file of the form
squid-x.y.z-src.tar.gz (eg, squid-1.1.6-src.tar.gz) from the
following sites,
• ftp://ftp.squid-cache.org/pub/
• http://www.squid-cache.org/mirrors.html
• Patch programs are available from the GNU FTP site
ftp://ftp.gnu.org/gnu/patch for upgrading to new versions.

NRCFOSS 6
 Compiling Squid
• To compile Squid, you will need an ANSI C compiler.
Almost all modern Unix systems come with pre-installed
compilers which work just fine.
• The old SunOS compilers do not have support for ANSI C,
and the Sun compiler for Solaris is a product which must
be purchased separately.
• If you are uncertain about your system's C compiler, The
GNU C compiler is available at the GNU FTP site
ftp://ftp.gnu.org/gnu/gcc
• In addition to gcc, you may also want or need to install the
binutils package.
• You will need Perl installed on your system.
NRCFOSS 7
 Compiling Squid
• For Squid-1.0 and Squid-1.1 versions, you can just type
make from the top-level directory after unpacking the
source files. For example:
% tar xzf squid-1.1.21-src.tar.gz
% cd squid-1.1.21
% make

NRCFOSS 8
 Compiling Squid
• For Squid-2 you must run the configure script yourself
before running make:
% tar xzf squid-2.0.RELEASE-src.tar.gz
% cd squid-2.0.RELEASE
% ./configure
% make

NRCFOSS 9
 Configuring Squid
• The configure script can take numerous options. The most
useful is --prefix to install it in a different directory. The
default installation directory is /usr/local/squid/. To change
the default, you could do:
% cd squid-x.y.z
% ./configure --prefix=/some/other/directory/squid
• To see all available options, type


  

NRCFOSS 10
 Configuring Squid
• If there is a mismatch between the header files and DNS
library that Squid has found. There are a couple of things
you can try.
• First, try adding -lbind to XTRA_LIBS in src/Makefile.
• If -lresolv is already there, remove it.

NRCFOSS 11
 Configuring Squid
• If that doesn't seem to work, edit your arpa/inet.h file and
comment out the following:
#define inet_addr __inet_addr
#define inet_aton __inet_aton
#define inet_lnaof __inet_lnaof
#define inet_makeaddr __inet_makeaddr
#define inet_neta __inet_neta
#define inet_netof __inet_netof
#define inet_network __inet_network
#define inet_net_ntop __inet_net_ntop
#define inet_net_pton __inet_net_pton
#define inet_ntoa __inet_ntoa
#define inet_pton __inet_pton
#define inet_ntop __inet_ntop
#define inet_nsap_addr __inet_nsap_addr
NRCFOSS
#define inet_nsap_ntoa __inet_nsap_ntoa 12
 Installing Squid
• After compiling Squid, you can install it with this simple
command:

  
• If you have enabled the ICMP features then you will also
want to type


   

• After installing, you will want to edit and customize the
squid.conf file. By default, this file is located at
/usr/local/squid/etc/squid.conf.

NRCFOSS 13
 Basic Configuration
• Some basic Configuration is to be done in Configuration
file. By default this file is in the following path
"usr/local/squid/etc/squid.conf". In the configuration file
uncomment and edit the following lines.

cache_dir
Set cache_dir to an area that has a large amount of hard
disk space in order to devote to caching.
Cache_dir ufs /usr/local/squid/cache 100 16 256 is
common.
http_port
Check http_port, 3128 is a default.
NRCFOSS 14
 Basic Configuration
http_access
By default http_access is denied to all. You have to set
ACL rules as per your requirements. This is important
because it prevents people from stealing your network
resources

cache_effective_user & cache_effective_ group

Set cache_effective_user and cache_effective_ group to a
user and group. This user should have the permission to
read and write in the cache directory and in the log files.

NRCFOSS 15
 Configuring squid for proxy
• By default, squid is configured in proxy mode. In order to
cache web traffic and to use the squid system as a proxy,
you have to configure your browser, which needs at least
two pieces of information:
• the proxy server's host name
• the port that the proxy server is accepting requests on

NRCFOSS 16
 Configuring squid for transparency

• Using squid transparently is a two part process.

• First that squid be configured properly to accept non-proxy
requests (performed in the squid module)
• Second that web traffic gets redirected to the squid port
(achieved in three ways namely policy based routing,
Using smart switching or by setting squid Box as a
gateway).

NRCFOSS 17
 Configuring squid for transparency

• Getting transparent caching to work requires the following

steps:
• For some operating systems, you have to configure and
build a version of Squid which can recognize the hijacked
connections and discern the destination addresses.
• For Linux this seems to work automatically.

NRCFOSS 18
 Configuring squid for transparency
• For BSD-based systems, you probably have to configure
squid with the --enable-ipf-transparent option, and you
have to configure squid as:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

• Next you have to configure your cache host to accept the

redirected packets - any IP address, on port 80 - and
deliver them to your cache application.
• This is typically done with IP filtering/forwarding features
built into the kernel. In Linux they call this ipfilter (kernel
2.4.x), ipchains (2.2.x) orNRCFOSS
ipfwadm (2.0.x). 19
 Configuring squid for Reverse Proxy

• To run Squid as an accelerator, you probably want to listen

on port 80. And you have to define the machine you are
accelerating for. This is done in squid module,

http_port 80
httpd_accel_host visolve.com
httpd_accel_port 81
httpd_accel_single_host on
httpd_accel_with_proxy on

NRCFOSS 20
 Configuring squid for Reverse Proxy

• If you are using Squid as an accelerator for a virtual host

system, then instead of a 'hostname' here you have to use
the word virtual as:

http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_with_proxy on
httpd_accel_single_host off

NRCFOSS 21
 Verification of Config. file
• To verify your configuration file you can use the -k parse
option
% /usr/local/squid/sbin/squid -k parse
• If this outputs any errors then these are syntax errors or
other fatal misconfigurations and needs to be corrected
before you continue.
• If it is silent and immediately gives back the command
prompt then your squid.conf is syntactically correct and
could be understood by Squid.

NRCFOSS 22
 Starting Squid
• After you've finished editing the configuration file, you
can start Squid for the first time. First, you must create the
swap directories. Do this by running Squid with the -z
option:

/usr/local/squid/sbin/squid -z

• NOTE: If you run Squid as root then you may need to first create
/usr/local/squid/var/logs and your cache_dir directories and assign
ownership of these to the cache_effective_user configured in your
squid.conf.

NRCFOSS 23
 Starting Squid
• Once that completes, you can start Squid and try it out.
Probably the best thing to do is run it from your terminal
and watch the debugging output. Use this command:

/usr/local/squid/sbin/squid -NCd1

• If everything is working okay, then your console displays:

"Ready to serve requests"

NRCFOSS 24
 Starting Squid
• If you want to run squid in the background, as a daemon
process, just leave off all options:

/usr/local/squid/sbin/squid

• Check the cache.log file in your logs directory. This file

generates run time error messages that Squid generates.

NRCFOSS 25
 Checking the run status of Squid
• You can use the squidclient program:
% squidclient http://www.netscape.com/ > test
• There are other command-line HTTP client programs
available as well. Two that you may find useful are wget
and echoping.
• Another way is to use Squid itself to see if it can signal a
running Squid process:
% squid -k check
And then check the shell's exit status variable.
• Also, check the log files, most importantly the access.log
and cache.log files.
NRCFOSS 26
 References
• http://www.squid-cache.org/Doc/FAQ/
• http://librenix.com/?inode=4483
• http://squid.visolve.com/squid/sqguide.htm

NRCFOSS 27