Re: Square 1

From: Henrik Nordstrom <>
Date: Tue, 30 Dec 1997 08:00:44 +0100

Paul Matthews wrote:

> Thank you for the succinct reply. It helps some. I still have a
> few questions. Please be kind enough to offer suggestions. I am
> unclear what a "web proxy server" means.

> 1. The term "proxy" is a bit ambiguous. Does it mean to conceal
> the real host (as in firewalling)? Or is this usage meant to show
> that it relieves one or more hosts from excess workload? [I really
> did not understand, but I assumed the latter.]

My understanding is something like "let another do the hard work", but
it might not be correct ;-)

But this can be used (and is heavily used) in firewalls as well, to let
the firewalls do the work making it appear as if the firewalls initiated
the traffic, and adds the possibility to filter the traffic at

> 2. When you say "server" do you include a network gateway machine?
> Or does squid have to run on a web server? I run a Linux box
> essentially as an ISDN router. Will squid function on the
> gateway/router to cache http and ftp traffic between my LAN of 5
> workstations and the Internet?

Yes. A router machine is a kind of server in my vocabulary.

> 3. I really did read the install instructions. However, they are
> very brief. Can you offer any suggestions as to which options to
> implement for an Internet gateway box?

Not many needed. After installing you should
1. Read squid.conf
2. Modify squid.conf to suit your situation, this typically involves
   a) Set up ACL entries to only grant usage from your internal network
   b) Modify the size and location of the cache directory
3. Start it
4. Modify the web browser to use your squid machine as proxy, on port

> 4. Why is the httpd-accel mode http_port 80? How would you use
> remote administration in this case?

This is for accelerating a heavily loaded web server. This is another
use of Squid not related to the normal proxying (works the other way
around, sort of).

> 5. Can you offer any general warnings/suggestions/things to look
> out for?

If you are firewalling the internal network, you should be careful when
you set up the ACL entries. If security is a very high concern you
should set up packet filtering on ports TCP 3128 and UDP 3130 as well.

And you need to have a some memory available. Squid uses quite a bit of
memory. But this is probably not a big issue on such a small network.

5 stations is maybe a little bit to few to get effective caching.

Henrik Nordström
Sparetime Squid Hacker
Received on Mon Dec 29 1997 - 23:32:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:06 MST