From Squid User's Information Notice: This information and facts is outdated as of 2.6.
1 Accelerator Mode 1.one When to work with Accelerator Mode one.one.one Acceleration of the slow server
1.one.two Changing a mixture cacheweb server with Squid
one.one.3 Transparent CachingProxy
1.one.4 Protection one.2 Accelerator Configuration Solutions 1.two.one The httpd_accel_host choice
one.2.2 The httpd_accel_port method
one.2.three The httpd_accel_with_proxy solution
one.two.four The httpd_accel_uses_host_header possibility
one.two.5 Choice replacements in Squid 2.six one.2.5.1 httpd_accel_* for transparent proxy
1.2.five.two httpd_accel_host
1.two.5.3 httpd_accel_port
one.two.five.4 httpd_accel_uses_host_header
1.two.five.5 Squid Version two.6 1.3 Associated Configuration Alternatives one.three.one The redirect_rewrites_host_header possibility
one.three.2 Refresh patterns
one.3.3 Entry Handle one.4 Example Configurations 1.four.1 Accelerating Requests to a Slow Server
one.4.two Replacing a combination WebCache serverxx Accelerator Mode Some cache servers can act as world wide web servers (or vice versa). These servers accept requests in both the traditional web-request format (exactly where only the route and filename are presented), and while in the proxy-specific format (in which the whole URL is presented).
The Squid designers have determined to not let Squid be configured within this way. This avoids several complex difficulties, and minimizes code complexity, producing Squid additional reputable. All in all, Squid is really a web site cache, not a world wide web server.
By adding a translation layer into Squid, we will accept (and realize) web requests, seeing as the format is primarily exactly the same. The extra layer can re-write incoming website requests,
Office 2007 Pro Key, shifting the vacation spot server and port. This re-written request is then treated as a typical request: the remote server is contacted, the information requested along with the final results cached. This allows you to get Squid to pretend to become a website server, re-writing requests to ensure that they can be passed on to some other website server.
When to make use of Accelerator Mode Accelerator mode should not be enabled except you will need it. There's a constrained set of conditions in which it really is required, so if among the subsequent setups applies to you, it is important to possess a look into the remainder of this chapter.cc
Acceleration of the slow server Squid can sit in front of a slow server, caching the server's outcomes and passing the data on to clients. This really is very valuable once the origin server (the server that could be really serving the original data) is incredibly slow, or is across a slow line). In the event the origin server is across a slow line, you could just move the origin server closer towards the clients, but this may perhaps not be potential for administrative reasons. Don't use Squid to cache internet server around the exact machine for velocity up, given that present day website server (e.g. httpd) is swifter than Squid in serving static contents generally.
Changing a mixture cacheweb server with Squid For anyone who is from the practice of replacing a mixture cacheweb server, your customer devices could be configured to chat for the cache on port eighty. Fairly than reconfiguring all of you consumers, you can get Squid to listen for incoming connections on port 80 (shifting the real server to a further port or server.) When Squid finds that it's received a world wide web request,
Office Pro Plus 2007, it is going to ahead the request for the origin server, in order that the machine continues to perform as both a net and cache server.
Transparent CachingProxy Squid will be configured to magically intercept outgoing net requests and cache them. Simply because the outgoing requests are in web-server format, it must translate them to cache-format requests. Transparent caching is covered in detail while in the subsequent area.
Security Squid may very well be put in front of an insecure website server to protect it in the outdoors entire world: not simply to end undesirable clients from accessing the machine, but in addition to avoid individuals from exploiting bugs in the server code.
Accelerator Configuration Options Be sure to note as of Squid two.six these possibilities are actually replaced with parameters which have been stated inside http_port part with the squid.conf file. Their use in Squid two.6 continues to be deprecated, please examine under for his or her replacements.
The record of accelerator options is quick,
Office 2007 Professional Key, and setup is rather easy. Once we have a doing work accelerator cache, you might must design the appropriate access-list rules. (Considering you probably want consumers exterior your nearby network to be capable to access your server, you can't straight forward use source-IP handle rulesets any more.)
The httpd_accel_host solution You will need to set the hostname in the accelerated server here. It's only achievable to have 1 location server, so you can only have a person occurence of this line. For anyone who is heading speed up in excess of a person server, or transparently cache customers (as described in the up coming chapter), you certainly will really have to utilize the word virtual as a substitute of the hostname here.
The httpd_accel_port possibility Accelerated requests can only be forwarded to a single port: you can find no table that associates accelerated hosts as well as a location port. Squid will connect for the port that you set the httpd_accel_port worth to. When acting like a front-end for the net server around the community machine, you may put in place the net server to pay attention for connections on a distinctive port (8000, as an example), and set this squid.conf preference to match the identical value. If, about the other hand,
Office Ultimate 2007 Key, you might be forwarding requests to a set of slow backend servers, they are going to just about surely be listening to port eighty (the default web-server port), and this opportunity will should be set to 80.
The httpd_accel_with_proxy option For those who utilize the httpd_accel_host alternative, Squid will end recognizing cache requests. So that your cache can operate both equally as an accelerator and being a net cache, you will need to set the httpd_accel_with_proxy method to on.
The httpd_accel_uses_host_header possibility A common HTTP request consists of three values: the kind of transfer (routinely a GET, which is used for downloads); the path and filename to get retrieved (or executed, inside the circumstance of the cgi program); along with the HTTP edition.
This layout is good when you only have an individual website on the machine. On systems exactly where you've got in excess of one internet site, even though,
Office 2007 Standard Key, it can make existence complicated: the request won't include ample important information, considering the fact that it doesn't involve information regarding the destination domain. Most running systems help you have IP aliases, where you've gotten more than one IP tackle per network card. By allocating an individual IP per hosted internet site, you would run one particular world wide web server per IP address. When the software programs have been manufactured much more efficient, 1 running program could act like a server for many sites: the only requirement was you had an individual IP deal with per domain. Server applications would acquire out which from the IP addresses purchasers had been linked to, and would serve info from unique directories for every IP.
One can find a constrained number of IP addresses, and they are swift working out. Some methods also have a minimal amount of IP aliases, which implies that you just cannot host greater than a (quite arbitrary) amount of internet sites on machine. When the consumer have been to pass the location host identify alongside the route and filename, the world wide web server could pay attention to only one IP tackle, and would track down the suitable destination directores by seeking inside of a straight forward hostname table.
From edition one.1 on, the HTTP common necessitates a distinctive Host header, which is handed as well as each individual outgoing request. This header also would make transparent caching and acceleration more convenient: by pulling the host value from the headers, Squid can translate a ordinary HTTP request to a cache-specific HTTP request, which may then be dealt with by the regular Squid code. Turning about the httpd_accel_uses_host_header preference allows this translation. You'll need to work with this alternative when accomplishing transparent caching.
It is significant to be aware that acls are checked before this translation. You must combine this option with stringent source-address checks, so that you are not able to use this opportunity to speed up various backend servers (this can be several to vary inside a later on edition of Squid).
Opportunity replacements in Squid 2.six On this element in the Squid documentation only the possibility replacements and their correlation with the now deprecated possibilities shall be outlined, please refer for the text over as to what every preference does. Please note that a lot of this really is taken right from your Squid 2.six Changes document.
most likely, most setup migration from 2.five to 2.six will want to start out rewriting this par with the conf from scratch :
httpd_accel_* for transparent proxy This has all been replaced by a parameter called transparent that acheives this, make sure you refer to your area on Transparent ProxyCache for a great deal more important information
httpd_accel_host Replaced by defaultsite http_port solution and cache_peer originserver method.
httpd_accel_port No lengthier required. Server port defined by the cache_peer port.
httpd_accel_uses_host_header Replaced by vhost http_port method
Squid Edition two.6 http_port 3128 transparent And transparent
always_direct make it possible for all You will should locate the proper put and add this line.This replaces the 4 lines above.
Configuration for acceleration of a backend host
http_port 80 defaultsite=<backend ip>
acl port80 port eighty
http_access let port80
always_direct allow all
Related Configuration Selections So far, we have only coated the Config solutions that directly relate to accelerator mode.
The redirect_rewrites_host_header possibility Refresh patterns Accelerating a slow net server is only invaluable when the cache can keep copies of returned pages (to ensure it could possibly refrain from contacting the back-end server.) As you know with regards to the backend server, it is easy to specify refresh patterns that suit the machine specifically. Refresh patterns aren't coated here (they are coated in-depth in Chapter 11), but it truly is worth wanting at how your website alterations, and tuning your refresh patterns to match.
If, around the other hand, you might be making use of simply applying accelerator mode to replace a mixture cache (or to act being a secure front-end for one more server), you can disable caching of that online site altogether: otherwise you just stop up duplicating info (once about the origin web site, when for your cached copy) with no benefit.
Access Handle Presumably you might want many people from outdoors your network to become ready to entry the net server that Squid is accelerating. In case you have based your accessibility lists around the examples within this book, you are going to locate that devices around the outside are not able to access the internet page currently being accelerated. The accelerated request is handled exactly like a regular http request, so consumers accesing the web-site from your exterior world will undoubtedly be rejected as your acl rules deny access from IPs which can be not on your network. By utilizing the dst acl type, you could add distinct exclusions in your accessibility lists to allow requests to your accelerated host.
Within the subsequent instance, we have changed the config to ensure that the first rule matches (and helps) any request on the machine at IP 10.0.0.5, the accelerated machine. If we did not have the port acl with the below principles, someone could request a URL which has a varied port quantity having a request that explicitly specifies a non-standard port. If we had been to leave out this rule, it could allow a model cracker poke across the program with requests for stuff like
Example Configurations Let's cover two instance setups: an individual, the place that you are simply just by using Squid's accelerator operate in order that the machine has the two a web server and also a cache server on port eighty; two, where you may be making use of Squid as an accelerator to speed up a slow machine.
Accelerating Requests to a Slow Server When accelerating a slow server, you can get that communicating with peer caches is more rapidly than communicating using the accelerated host. Inside the following instance, we remove every one of the possibilities that avoid Squid from caching the server's success. We also assume the accelerated host is listening on port eighty, considering that there exists no conflict with Squid hoping to pay attention to your exact same port. The moment you have got tested that connecting to Squid brings up the proper pages, you might really have to improve the DNS entry to point for your cache server..
Replacing a mixture WebCache serverxx First, let's cover the most popular utilization of accelerator mode: replacing a combination webcache server with Squid. When Squid is acting as an accelerator (speeding up a slow net server), Squid will accept requests on port 80 (on any IP deal with) and pass them to a cache server on the various machine (also on port 80). Simply because it really is unlikely you want to utilize two machines wherever you're able to use a person (unless you will be transforming to Squid because of to server overload), we will should configure Squid to pass requests on the nearby machine. Squid will have to accept incoming requests on port eighty (utilising the http_port option), and pass the requests on to your internet server on one more port (considering the fact that only one process can listen for requests on port 80 at a time). I in most cases get web site servers to listen for requests on port 8000. Seeing that you want Squid to perform equally as an accelerator and as being a cache server, you'll need to make use of the httpd_accel_with_proxy preference. The cache in this example is the nearby machine: there may be virtually without doubt no reason to cache effects from this server. I could have made use of an quite conservative refresh_pattern inside under instance, but rather I decide to use the no_cache tag: in this way I can make utilization of my predefined acl. The always_direct tag while in the under example might be highly valuable if you possess a peer cache: you don't want the request passed on to a peer machine.