RE: [squid-users] Accelerator and ICP

> -----Original Message-----
> From: Richard 'toast' Russo [mailto:russor@msoe.edu]
> Sent: Friday, June 03, 2005 11:29 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Accelerator and ICP
>
>
> I'm setting up a squid proxy to reduce load on a partner's origin servers.

> Right now I have two machines, and am using Apache mod_proxy, because it
> was quick to setup, but I'd like to switch to squid so I can check my
> cache peer before going to the origin server, and also generate better
> statistics. (The partner really wants us to reduce the amount of traffic
> going to their servers)
>
> It looks like I definitely want to do something like
>
> http_port 80
> httpd_accel_host partner.example.org
> httpd_accel_port 80
>
> And maybe I need to add
>
> httpd_accel_with_proxy on
> cache_peer otherhost sibling 3128 3130
>
> I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
> servers up to proxy the world for everybody (especially if I don't write
> good acls)
>
> Would it be better to setup squid as a 'regular' proxy on port 3128, and
> configure apache on port 80 to be an accelerator proxy using squid?
>
> Thanks,
>
> Richard

For what it's worth, good ACLs in this case (assuming that all this Squid is
doing is acceleration duty) would simply be something like:

   acl partner dst partner.example.org
   http_access deny !partner

Or if you don't like double negatives:

   acl partner dst partner.example.org
   http_access allow partner
   http_access deny all

Serving as an accelerator is much lighter duty for Squid than serving as a
general web cache. While you could set the two boxes up as cache peers, I
don't think you would see much benefit, as each box should be able to cache
the entire website. Cache peers are really useful when you have more to
cache than you can fit on one box (like the entire internet).

Chris
Received on Mon Jun 06 2005 - 11:22:24 MDT