RE: [squid-users] Newbie questions

A proxy can server "protect" users from bad public internet sites, or
"protect" internal servers from bad internet users.

A proxy server proxies, or fetches, information for the user. Normally a
proxy server sits on the company network and retrieves information for the
users of the network. If the information has already been grabbed and
cached, then it doesn't regrab the information.

Ie: Sue comes into work and checks Google. An hour later Tom comes into work
and visits Google. Why download the graphic twice? Same for news stories,
etc.

A reverse proxy faces the other way. Rather than having a web server sitting
on the internet, it is hidden behind the proxy.

Before: The public internet users visit web1.website.com and get webpages.
They are also directly interfacing with this web server.

After: The public internet users visit web1.website.com, which is now the
reverse proxy, or squid running in accelerated mode. Squid visits the
internal webserver, not the users. Squid gets the information and passes it
back to the user.
Web1.website.com/web1 might get a user information from the company news
server
Web1.website.com/extranet might give users information from another internal
webserver.

The important part is that the web servers are more secure, because the
users only know of the Squid. Only port 80 (or port 443) needs to be open
through the firewall, connecting users from the net to Squid. Squid can then
use various other ports, on the user's behalf, and reach other servers...on
the user's behalf.

Squid can also be set up to load balance (which I know it can do but haven't
personally done) so that if you have multiple web servers, with the same
content, squid can direct users to the least used server.

If there is some other difference between "accelerated mode" and "reverse
proxy" I'd appreciate hearing about it. I picked up the book, Squid, the
Definitive Guide, which helped me a lot, but I am still not where I need to
be knowledge wise with Squid yet.

Chris Perreault

-----Original Message-----
From: Peter Marshall [mailto:peter.marshall@caris.com]
Sent: Wednesday, June 02, 2004 1:56 PM
To: Chris Perreault; squid-users@squid-cache.org
Subject: Re: [squid-users] Newbie questions

Thanks. Your comments were very helpful .. however, I did not understand
the last paragraph .... What did you mean by a "web facing proxy", and what
does accelerated mode do ... (I have seen that mentioned many times)

Peter

----- Original Message -----
From: "Chris Perreault" <Chris.Perreault@Wiremold.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, June 02, 2004 1:52 PM
Subject: RE: [squid-users] Newbie questions

The # lines are commented default settings. If you wanted to you could just
get rid of all the lines that began with a #.

I went through the original conf file and wherever a made a change I added
an extra line above the change, that read: "# added <date> ..by chris"

That way I could do a search on "# added" and scroll down through all the
lines I changed/added. Those would be the only lines that I'd need to run
Squid. This also assists in helping you keep track of changes, what works,
what needs removing/changing, etc.

As for a default conf file, there are so many different ways of setting it
up, different uses for it, that there would be a lot of "default" config
files.

Ie: you might want to use one form of authentication as a web facing proxy
server, that your internal users would be using. I might want to set it up
in a accelerated mode to protect and simplify access to our internal web
servers to the public internet users, using a different form of
authentication.

Chris

-----Original Message-----
From: Peter Marshall [mailto:peter.marshall@caris.com]
Sent: Wednesday, June 02, 2004 12:20 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Newbie questions

Hi all.

I just installed squid (last week), and have been playing around with it for
a bit ....

I would like to try and reduce the conf file by oh say ... 2000 lines :) ..
but I really don't understated what allot of the configurations are for ..
even after reading endless amounts of docs .... Does any one have a good
"default" squid config .. that only allows for normal http and ftp stuff.

My second question has to do with stats ... I have been trying mrtg .. I
have it installed .. but I can not figure out how to make it show a graph
... If someone knows how to do this I would Really appreciate it .... I fond
a page with a load of config files on it ... but I am not sure how to get
them to work. The page I found was this:
http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTG

Anyway, if someone who does not mind helping out a newbie would not mind
giving me a hand, I would REALLY appreciate it .... I am more stuck on the
last question .....

Thank you.
Peter Marshall
Received on Wed Jun 02 2004 - 12:38:09 MDT