Squid is a caching proxy server that can provide enhanced performance for HTTP,HTTPS and FTP. Squid will cache commonly accessed sites so that it can improve performance by 10-20% for Internet connections.
1.Accelerate Internet Connections for Internal Network
2.Protect the Internal Network When Surfing the Internet
3.Create Detailed Information About User Activity on the Internet
4.Prevent Inappropriate Activity by Users on the Internet
5.Enforce Use by Authorized Users Only
6.Filter Sensitive Material
7.Accelerate Web Server Pages
Ubuntu now installs squid 2.7 as the default which is focused on high-performance with features aimed at high traffic volume. This is in contrast to the other option squid 3.0 which has a greater focus on web filtering. Be sure that any modifications you make are viewed as version specific.
Because squid is now integrated with upstart the best way to control squid is using these commands:
Once you install Squid, you will need to be familiar with these locations that are important for Squid.
/etc/squid/squid.conf squid configuration file
/usr/share/doc/squid documentation and examples
/usr/lib/squid support files
/usr/sbin/squid squid daemon
/var/log/squid log directory
/var/spool/squid cache directory
The complete configuration file is found at /etc/squid/squid.conf. However, since the Squid configuration file has over 4960 lines it is not the easiest to work with. A basic configuration of Squid only needs one modification, if you are using private networks.
The hostname is automatically discovered by squid, however if you want to set a specific name you can use visible hostname.
The only line that must be set is to create a http_access variable that will allow users on the internal network to access the Internet. The line should look something like this:
http_access allow localnet
This line needs to be placed in a specific location, included in the example is the line number so it is easier to locate, note that the localhost is configured to work by default.
677 http_access allow localhost
678 http_access allow localnet
This is possible because the default settings now include these three private networks.
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
Once you have set this up restart squid with the following command.
squid start/running, process 13551
You will need to configure your firewall. Limit access so that clients can only go through port 3128. This will force them to use the proxy which will provide speed, save resources and protect your internal machines.
- Reduce Internet bandwidth charges
- Limit access to the Web to only authorized users.
- 1 Sponsors
- 2 Introduction
- 3 Download and Install The Squid Package
- 4 Starting Squid
- 5 The /etc/squid/squid.conf File
- 6 Forcing Users To Use Your Squid Server
- 7 Squid Disk Usage
- 8 Troubleshooting Squid
- 9 Conclusion
[root@bigboy tmp]# chkconfig squid on
[root@bigboy tmp]# service squid start [root@bigboy tmp]# service squid stop [root@bigboy tmp]# service squid restart
[root@bigboy tmp]# pgrep squid
visible_hostname bigboyAccess Control Lists
Restricting Web Access By IP Address