Squid 2.4 Stable1
Configuration Manual



Visolve.com - Your Support and Testing Partner

Visolve is an international corporation that provides technical services, for Internet based systems, for clients around the globe since 1995. We provide free basic supportand also commercial support for open source products like Linux, ApacheandSquid.

All rights reserved.
All trademarks used in this document are owned by their respective companies. This document makes no ownership claim of any trademark(s). If you wish to have your trademark removed from this document, please contact the copyright holder. No disrespect is meant by any use of other companies’ trademarks in this document.

Note : This document is not (yet) to be mirrored; copying for personal or company-wide use or printing is perfectly acceptable. Once the document is in a stable state, the document will be released under the GNU FreeDocumentation License.

Table ofContents

  1. Network options:

This section contains Network related configurations of Squid. This plays important role on deciding socket addresses of squid to communicate with Remote servers and Neighbour caches. Generally port is where Squid listens for  TCP and ICP requests and responses and IPAddress is to which squid binds and create socket addresses to complete the communication  withother servers. (Includes Remote servers and Neighbour caching servers).Socket Addresses are defined by Number of Interfaces which Cache serverhas.More information on multicast is here.

    II.             Options which affect the neighbour selection algorithm

This section comes to play only when Squid hierarchy is implemented for implementing multiple Squid cache boxes. Number of cache servers, Type of the configuration, Timeouts for communications between hierarchy and Objects which should not be cached locally are specified here. To configure this section,there is a need of prior knowledge in Squid hierarchy. Here one can fixa particular cache server for a specified domain.

  III.             Options which affect the cache size

This section allows configuration details for the resource usage by Squid, volume of cache data to be stored in the disk and policies used in cache replacementand memory replacement.

  1. Log file path names and cache directories

This section allows configuration of log files(size, name, path, activity) containing runtime information, errors. This data can be used to debug the system problems and also to analyse the cache pattern. For more information on controlling the log file size see logfile_rotate directive, Squid command line option (-k rotate) and man page on logrotate in Linux.

     V.             Options for external support programs

This gives configoptions for programs like Ftpuser, DNS, Redirectors and Authenticatorscontributed by sources other than Squid. External programs are placedin Contrib directory of source distribution. This Section is needed whensquid wants some external processes to perform simple task like redirectingthe URL, DNS processes, internal Domain Name Servers, Authenticate programetc..,. Number of children for each of these processes can also be specifiedhere.

  VI.             Options for tuning the cache

Performance of the squid much relies on configuration of this section. This decides howoften the objects are refreshed by given the appropriate algorithm, sizeofthe header and body for both reply and request ( for deciding latency),aborting the connections when client closes connection. Gives the opportunityto get high performance and customization for a particular use.

VII.             Timeouts

Nothing more thansetting the time limits for the connections. The timeouts  setsthe timelimits that squid can wait for certain request to complete.Ifit exceedsthe given time limit squid will return to client with an defaulterrormessage specified for the particular timeouts.Increasing the timelimitwithout under standing these tags will be an performance issue.

VIII.             Access controls

Squid  cannot be used in an ISP environment without a sophisticated access controlsystem. Indeed, Squid should not be used in ANY environment without somekindof basic authentication system. It is amazing how fast other Internetusers will find out that they can relay requests through the cache, andthen proceed to do so. Access control lists (acls) are often the mostdifficult part of the configuration of a Squid cache: the layout andconceptis not immediately obvious to most people. This section triesto simplifythedifficulties while configuring squid using acls. ExternalprogramslikeRedirectors and Authenticators can be used with acls definedhere.As simple,Squid is a firewall.

  IX.             Administrative parameters

This tells squid which user and group has the right to run squid ,What host name should  be displayed while showing the errors and the cache administrator who can view the details of work done by the squid at runtime.

     X.             Options for the cache registration service

This section is for registering this cache server at http://ircache.nlanr.net/Cache/Tracker/, t his service is provided to help cache administrators locate one another in order to join or create cache hierarchies

  XI.             Httpd-accelerator options

Squid can act as a load balancer or load reducer for particular webserver. Generally squid not only keeps clients happy but also the web servers by reducing load on server side. Some cache servers can act as web servers (or vis versa). These servers accept requests in both the standard web-request format (where only the path and filename are given), and in the proxy-specific format (where the entire URL is given). The Squid designers have decided not to let Squid be configured in this way. This avoids various complicated issues, and reduces code complexity, making Squid more reliable. Allin all, Squid is a web cache, not a web server.

By adding a translation layer into Squid, we can accept (and understand) web requests, since the format is essentially the same. The additional layer can re-write incoming web requests, changing the destination server and port. This re-written request is then treated as a normal request: the remote server is contacted, the data requested and the results cached. This lets Squid to pretend to be a web server, re-writing requests so that they are passed on to some other web server.

For Transparent caching, Squid can be configured to magically intercept outgoing web requests and cache them. Since the outgoing requests are in web-server format,it needs to translate them to cache-format requests. Transparent redirection is probhibited by internet standard #5 "Internet Protocol".And HTTP assumes no transparent redirection is taking place.

This section allows various configuration related to accelerator mode and also for transparent mode.

XII.             Miscellaneous

This section covers configuration of limiting logfile growth, displaying the custiomizedinformation to the clients during errors meet or access denial, definingthe memory pools for squid, Network management by enabling SNMP, Co-ordinatingneighbour caches by enabling wccp, directing the requests either to originserver or neighbour cache.

  1. Delaypool parameters(all require delay_pools compilation options)

Delaypools do wonder with ACLs. Delay pools provide a way to limit the bandwidth of certain requests based on any list of criteria. Delay behavior is selected by ACLs (low and high priority traffic, staff vs students or student vsauthenticated student or so on). In ISP  delaypools can be implementedto a particular network to improve the quality of service. .

XIII          Glossary

This gives the informations about the terms used in this guide.