Wednesday, November 18, 2009


Squid was relatively easy to set up. There were a few pitfalls, as there are with most programs that seem rather critical to internet usage.

For the most part there was very little deviation from from the regular config, so instead of listing my whole configuration, I'm going to simply list the options I chose and why.

Note: this was written using Squid3

ACL list
In order to define who has access and who doesn't, you probably have noticed that squid.conf has an acl list. In version 3, the acl section is around line 400. It's important to edit this so that the squid server allows connections from your localnet and your localhost.
acl localhost src
acl localnet src
I saw many ways to configure the localnet ip address, some being relatively simple ( but this way seems the most obvious, and a bit less confusing.
It's of course important to then set:
http_access allow localnet
http_access allow localhost

By default the port is set to 3128. But you already knew that. If for some reason you know how to set up a transparent proxy, you can type "transparent" after the port you want to transparently listen. Transparency is a post in and of itself.
What you should realize is that "accel" doesn't refer to accelerating the connection in any way. Unless you know what this means (which I still haven't figured out) you probably shouldn't use it.

Replacement Policies (the cache)
There are two places the cache is stored in: memory and hard disk. For the most part the cache can be left alone, but it makes sense to at least mess around with how the cache works.
The Replacement policy that I used were:
heap GDSF : for the memory
heap LFUDA : for the disk cache
From the config file:

The heap GDSF policy optimizes object hit rate by keeping smaller popular objects in cache so it has a better chance of getting a hit. It achieves a lower byte hit rate than LFUDA though since it evicts larger (possibly popular) objects.

The heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached.

So while LFUDA is most important (saving bandwidth) for our purposes, GDSF might as well be used for memory to increase memory hits.

Paths to know:
/var/spool/squid - where the cache is stored
/var/log/squid - where to access the logs:
access.log should ping whenever someone connects. it's nice to see how effective the server is
cache.log is often used for logging
/etc/squid - where the logs are stored
/etc/init.d/squid - to restart the server

These paths MAY OR MAY NOT have a 3 after them, depending on your version.

Some of the resources I found helpful are:
Squid - The Definite Guide :
Squid by Oskar Pearson :

Hand in hand with Squid is SquidGuard.

No comments:

Post a Comment