Re: [squid-users] running squid on a bastion host

From: Richard Fuser <m3@dont-contact.us>
Date: Tue, 15 Jul 2003 15:09:11 +1000

Hi Henrick,

Hope all is well.

Just a quick question, whats the best way to configure squid so it does not
cache anything at all?

I have configured a small cache (100MB) but I would imagine it would be
more efficient if squid does not even write anything to cache which would
reduce disk IO on the firewall.

There are 2 parents which will look at the squid running on our firewall
which will do the caching for us, the only purpose for the squid on the
firewall is to serve network requests (replacing socks)

Could the no_cache option in squid.conf be used?

Any other tips? anyone? I want to blow my users away with sheer squid power!

Regards,
Richard Fuser

On Tuesday 15 July 2003 03.28, Richard Fuser wrote:

> Planning to run it in a chrooted jail, with no cache and will not
> tell parents to icp query it for that reason.
>
> Could anyone provide any reccomendations on the configuration of
> squid of this purpose?

Disable the icp port.

Use the chroot_dir directive. This is more secure than manually
chrooting Squid.

> Also we currently make use of the libsocks5.conf file to determine
> which networks are internal and external (squid currently runs
> socksified). I know we can do this with ACL's in squid, just
> curious as to what the most efficient way is ? does anyone have any
> suggestions?

Squid needs to be socksified if you need to use SOCKS based parents.
Please note that Squid is not tested with any of the SOCKS wrappers,
and historically many SOCKS libraries have had problems running Squid
correcly.

If you have HTTP based parents then you can use cache_peer +
never_direct to select which traffic must go via parents. If your
parents should take different traffic then this is controlled via
cache_peer_access.

Regards
Henrik

--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Jul 14 2003 - 23:09:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:58 MST