Squid cache
From Wikipedia, the free encyclopedia
Squid is a popular free software proxy server and web caching daemon, released under the GNU General Public License. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for a group of people sharing network resources, to aiding security by filtering traffic. It is primarily designed to run on Unix-like systems.
Squid has been developed for many years and is considered complete and robust. It supports many protocols, although it is primarily used for HTTP and FTP. Some support is available for TLS, SSL, Internet Gopher and HTTPS [1]. However, even the most recent official version of Squid lacks IPv6 support.
Contents |
[edit] Web proxy
Caching is a way to store requested Internet objects (e.g. data like web pages) available via the HTTP, FTP, and gopher protocols on a system closer to the requesting site. Web browsers can then use the local Squid cache as a proxy HTTP server, reducing access time as well as bandwidth consumption. This is often useful for Internet service providers to increase speed to their customers, and LANs that share an Internet connection. Because it is also a proxy (i.e. it behaves like a client on behalf of the real client), it can provide some anonymity and security. However, it also can introduce significant privacy concerns as it can log a lot of data including URLs requested, the exact date and time, the name and version of the requesters' web browser and operating system, and the page that the requester got to the requested page from.
A client program (e.g. browser) either has to explicitly specify the proxy server it wants to use (typical for ISP customers), or it could be using a proxy without any extra configuration: "transparent caching", in which case all outgoing HTTP requests are intercepted by Squid and all responses are cached. The latter is typically a corporate set-up (all clients are on the same LAN) and often introduces the privacy concerns mentioned above.
Squid has some features that can help anonymize connections, such as disabling or changing specific header fields in a client's HTTP requests. Whether these are set, and what they are set to do, is up to the person who controls the computer running Squid. People requesting pages through a network which transparently uses Squid will usually have no idea if this information is being logged. See the documentation for header_access and header_replace for further details.
[edit] Reverse proxy
The above set-up—caching the contents of an unlimited number of webservers for a limited number of clients—is the classical one. Another set-up is "reverse proxy" or "webserver acceleration" (using httpd_accel_host). In this set-up, the cache serves an unlimited number of clients for a limited number of—or just one—web servers.
Suppose slow.example.com is a "real" web server, and www.example.com is a Squid cache server that "accelerates" it. The first time any page was requested from www.example.com, the cache server would get the actual page from slow.example.com, but for the next hour/day/year (matter of cache configuration) every next request would get this stored copy directly from the accelerator. The end result, without any action by the clients, is less traffic to the source server, meaning less CPU and memory usage, and less need for bandwidth. This does, however, mean that the source server cannot accurately report on its traffic numbers.
It is possible for a single Squid server to serve both as a normal and a reverse proxy simultaneously.
[edit] Compatibility
Squid can run on the following operating systems:
- Linux
- FreeBSD
- OpenBSD
- NetBSD
- BSDI
- Mac OS X
- OSF and Digital Unix
- IRIX
- SunOS/Solaris
- NeXTStep
- SCO Unix
- AIX
- HP-UX
Recent versions of Squid will also compile and run on Windows NT.
As of July 2006, the current stable version is 2.6; there is also a 3.0 version in development.
[edit] External links
[edit] Information
- Squid Cache- official project homepage
- ViSolve Squid Support: details on all options, configuration tips and more
- Squid - A User's Guide: Overview, basic configuration, access control and more
- Squid Runners : Easy Installation
- Logfile Analysis- Squid-Cache list of logfile analyzers
- Squid + PF- Transparent proxying with Squid and PF.
- Deployment Architecture with Squid example
- SquidNT: Information and precompiled binaries for running on windows.
- How to setup Squid proxy with SSH tunnel
[edit] Add-ons
- Squidguard- A flexible plugin for advanced filtering.
- ufdbGuard- A faster plugin for advanced filtering.
- URL database - A commercial URL database for ufdbGuard.
- DansGuardian- Smart filtering, can be used together with Squid.
- Calamaris- Squid logfile report
- Squeezer2- Squid logfile report
- Kraken Reports- Squid logfile report for Microsoft Windows
- .Traf- Squid logfile report for Microsoft Windows
[edit] Check cache behaviour
- Analyze.forret.com: analyze HTTP headers and compare to Squid policy