Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:squid [2007/10/10 11:28] a |
linux:squid [2010/03/20 18:25] (current) a squid |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Squid ( web-cache proxy ) ====== | ||
+ | |||
* Viralator (http:// | * Viralator (http:// | ||
* squid-vscan (http:// | * squid-vscan (http:// | ||
* HAVP + Squid (http:// | * HAVP + Squid (http:// | ||
+ | * [[http:// | ||
+ | |||
+ | ==== How can I configure squid so that it never caches some web sites? ==== | ||
+ | |||
+ | Add the following line in / | ||
+ | |||
+ | acl NOCACHEDOMAIN dstdomain www.redhat.com | ||
+ | | ||
+ | |||
+ | It will not cache any content come from the domain www.redhat.com. In / | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | ===== Speed up your Internet access using Squid' | ||
+ | |||
+ | Refresh patterns determine what is saved and served from the cache. Ideally, you would want your squid to follow the directions of the Web servers serving the content to determine what is cacheable and for how long. These directions are set as HTTP headers that are processed and understood by Squid. Unfortunately, | ||
+ | |||
+ | Refresh patterns are of the format: | ||
+ | |||
+ | | ||
+ | |||
+ | where min and max are time values in minutes and percent is a percentage figure. The options are: | ||
+ | |||
+ | * override-expire -- ignores the expire header from the Web server. | ||
+ | * override-lastmod -- ignores the last modified date header from the Web server. | ||
+ | * reload-into-ims -- a reload request from a client is converted into an If-Modified-Since request. | ||
+ | * ignore-reload -- a client' | ||
+ | * ignore-no-cache -- a no-cache directive from the Web server which makes an object non-cacheable is ignored. | ||
+ | * ignore-no-store -- a no-store directive from the Web server which makes an object non-cacheable is ignored. | ||
+ | * ignore-private -- a private directive from the Web server which makes an object non-cacheable is ignored. | ||
+ | * ignore-auth -- objects requiring authorisation are non-cacheable. This option overrides this limitation. | ||
+ | * refresh-ims -- a refresh request from a client is converted into an If-Modified-Since request. | ||
+ | |||
+ | Consult your configuration file to see which of these options are available in your version of Squid. | ||
+ | |||
+ | Refresh patterns are effective if there is no expire header from the origin server, or your refresh pattern has an ignore-expire option. Example: | ||
+ | |||
+ | | ||
+ | |||
+ | This says: | ||
+ | |||
+ | * If there is no expire header for all objects whose names end in .gif or .GIF (that is, image files) then: | ||
+ | * if the age (that is how long the object has been on your cache server) is less than 1,440 minutes, then consider it fresh and serve it and stop | ||
+ | * else if the age is greater than 10,080 minutes, consider it stale and go to the origin server for a fresh copy and stop | ||
+ | * else if the age is in between the min and max values, use the lm-factor to determine freshness. lm-factor is the ratio of the age on your cache server to the period since creation or modification of the object on the origin server as a percentage. So if the object was created 10,000 minutes ago on the origin server and it has been on my cache server for 1,800 minutes (that is the age) the lm-factor is 1, | ||
+ | * If the lm factor is less than the percent in our refresh pattern (20%) then the object is considered fresh; serve it and stop | ||
+ | * else the object is stale, go for a fresh copy from the origin server. | ||
+ | |||
+ | For objects that scarcely change under the same file name, such as video, images, sound, executables, | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | By default, Squid will not cache dynamic content. Dynamic content is determined by matching against either " | ||
+ | |||
+ | | ||
+ | |||
+ | For the older versions of Squid, you will have to define an access control list (ACL) for the content providers you wish to make exceptions for, and use cache accept to exempt it before the cache deny rule. The following example is from the Squid wiki: | ||
+ | |||
+ | # Let the client' | ||
+ | acl youtube dstdomain .youtube.com cache allow youtube | ||
+ | # Now stop other dynamic stuff being cached | ||
+ | | ||
+ | acl QUERY urlpath_regex cgi-bin \? | ||
+ | cache deny QUERY | ||
+ | |||
+ | Below, we configure one global delay pool at 64Kbps (8KBps). Traffic for which the ACL of destination domain is windowsupdate.com during the peak period of 10:00-16:00 will be limited to 64Kbps. | ||
+ | |||
+ | acl winupdate dstdomain .windowsupdate.com | ||
+ | acl peakperiod time 10: | ||
+ | | ||
+ | | ||
+ | # 64 Kbit/ | ||
+ | | ||
+ | | ||
+ | |||
+ | After making changes like the ones above, my Squid' | ||
+ | |||
+ | ===== Proxy AIM, MSN, Gtalk, .. ===== | ||
+ | To proxy and to allow AIM, MSN, Yahoo and GTalk Instant Messenger traffic via with Squid, change/add the following line in the Squid configuration file. | ||
+ | |||
+ | **# Allow AIM protocols** | ||
+ | < | ||
+ | acl AIM_ports port 5190 9898 6667 | ||
+ | acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com .freenode.net | ||
+ | acl AIM_domains dstdomain .messaging.aol.com .aim.com | ||
+ | acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com irc.freenode.net | ||
+ | acl AIM_nets dst 64.12.0.0/ | ||
+ | acl AIM_methods method CONNECT | ||
+ | http_access allow AIM_methods AIM_ports AIM_nets | ||
+ | http_access allow AIM_methods AIM_ports AIM_hosts | ||
+ | http_access allow AIM_methods AIM_ports AIM_domains | ||
+ | </ | ||
+ | |||
+ | **# Allow Yahoo Messenger** | ||
+ | < | ||
+ | acl YIM_ports port 5050 | ||
+ | acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp | ||
+ | acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp | ||
+ | acl YIM_methods method CONNECT | ||
+ | http_access allow YIM_methods YIM_ports YIM_hosts | ||
+ | http_access allow YIM_methods YIM_ports YIM_domains | ||
+ | </ | ||
+ | |||
+ | **# Allow GTalk** | ||
+ | < | ||
+ | acl GTALK_ports port 5222 5050 | ||
+ | acl GTALK_domains dstdomain .google.com | ||
+ | acl GTALK_hosts dstdomain talk.google.com | ||
+ | acl GTALK_methods method CONNECT | ||
+ | http_access allow GTALK_methods GTALK_ports GTALK_hosts | ||
+ | http_access allow GTALK_methods GTALK_ports GTALK_domains | ||
+ | </ | ||
+ | |||
+ | **# Allow MSN** | ||
+ | < | ||
+ | acl MSN_ports port 1863 443 1503 | ||
+ | acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com | ||
+ | acl MSN_hosts dstdomain messenger.hotmail.com | ||
+ | acl MSN_nets dst 207.46.111.0/ | ||
+ | acl MSN_methods method CONNECT | ||
+ | http_access allow MSN_methods MSN_ports MSN_hosts | ||
+ | </ |