RE: [squid-users] Accelerator and ICP

On Mon, 6 Jun 2005, Chris Robertson wrote:

>> -----Original Message-----
>> From: Richard 'toast' Russo [mailto:russor@msoe.edu]
>> Sent: Friday, June 03, 2005 11:29 PM
>> To: squid-users@squid-cache.org
>> Subject: [squid-users] Accelerator and ICP
>>
>>
>> I'm setting up a squid proxy to reduce load on a partner's origin servers.
>
>> Right now I have two machines, and am using Apache mod_proxy, because it
>> was quick to setup, but I'd like to switch to squid so I can check my
>> cache peer before going to the origin server, and also generate better
>> statistics. (The partner really wants us to reduce the amount of traffic
>> going to their servers)
>>
>> It looks like I definitely want to do something like
>>
>> http_port 80
>> httpd_accel_host partner.example.org
>> httpd_accel_port 80
>>
>> And maybe I need to add
>>
>> httpd_accel_with_proxy on
>> cache_peer otherhost sibling 3128 3130
>>
>> I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
>> servers up to proxy the world for everybody (especially if I don't write
>> good acls)
>>
>> Would it be better to setup squid as a 'regular' proxy on port 3128, and
>> configure apache on port 80 to be an accelerator proxy using squid?
>>
>> Thanks,
>>
>> Richard
>
> For what it's worth, good ACLs in this case (assuming that all this Squid is
> doing is acceleration duty) would simply be something like:
>
> acl partner dst partner.example.org
> http_access deny !partner
>
> Or if you don't like double negatives:
>
> acl partner dst partner.example.org
> http_access allow partner
> http_access deny all
>

Thanks, this is a lot simpler than I thought it would be. :)

> Serving as an accelerator is much lighter duty for Squid than serving as a
> general web cache. While you could set the two boxes up as cache peers, I
> don't think you would see much benefit, as each box should be able to cache
> the entire website. Cache peers are really useful when you have more to
> cache than you can fit on one box (like the entire internet).
>

I need two boxes for redundancy. And actually I'll need four boxes over
two colos if this stays in production very much longer. I'm hoping this
cache is a temporary fix for some big configuration issues with our normal
cache that are beyond my immediate control. So far, our partners have
seen a 50% reduction in traffic attributed to our site with two distinct
caches... And the stats I've run suggest I can reduce that even further
with the caches talking to each other.
Received on Mon Jun 06 2005 - 21:36:23 MDT