Squid is a highly featureful and extremely flexible web caching proxy daemon. Most configuration is performed by editing a simple configuration file called squid.conf which is usually located in /usr/local/squid/etc/squid.conf or, on Red Hat like systems /etc/squid/squid.conf. Each behavior is set by a directive followed by one or more options.

The Webmin interface provides access to most of the directives available for configuring Squid. Because Squid is a quite complex package, the Webmin interfaces opens with a series of icons to represent the different types of configuration options. The screenshot below shows the Squid main page.

Figure 12-1. Squid Proxy Main Page


Squid Proxy Server

These options are pretty self explanatory, though a couple of them are worth discussing. The Cache Manager Statistics icon, when clicked, will open the Squid cachemgr.cgi program to provide direct access to all of Squids various runtime values and statistics. The program provides realtime information about hit ratios, request rates, storage capacity, number of users, system load, and more. The Calamaris Log Analysis icon is only present if the calamaris access.log analyzer is present on your system. Calamaris is a nice perl script that will parse your access log files and provide a nice overview of the type of usage your cache is seeing. Note that by default the Calamaris Webmin tool will only parse the last 50,000 lines of your access log. This number can be raised in the Squid module configuration, but is not recommended on heavily loaded caches. The parsing of the access logs is a very system intensive task that could interfere with your system’s ability to continue answering requests.

Ports and Networking

The Ports and Networking page provides you with the ability to configure most of the network level options of Squid. Squid has a number of options to define what ports Squid operates on, what IP addresses it uses for client traffic and intercache traffic, and multicast options. Usually, on dedicated caching systems these options will not be useful. But in some cases you may need to adjust these to prevent the Squid daemon from interfering with other services on the system, or on your network.

Proxy port is the option used to set the network port on which Squid operates. This option is usually 3128 by default, and can almost always be left on this address, except when multiple Squids are running on the same system, which is usually ill-advised. This option corresponds to the http_port option in squid.conf.

ICP port is the port on which Squid listens for ICP, or Intercache Communication Protocol, messages. ICP is a protocol used by web caches to communicate and share data. Using ICP it is possible for multiple web caches to share cached entries so that if any one local cache has an object, the distant origin server will not have to be queried for the object. Further, cache hierarchies can be constructed of multiple caches at multiple privately interconnected sites to provide improved hit rates and higher quality web response for all sites. More on this in later sections. This option correlates to the icp_port directive.

Incoming TCP address is the address on which Squid opens an HTTP socket that listens for client connections and connections from other caches. By default Squid does not bind to any particular address, and will answer on any address that is active on the system. This option is not usually used, but can provide some additional level of security, if you wish to disallow any outside network users from proxying through your web cache. This option correlates to the tcp_incoming_address directive.

Outgoing TCP address defines the address on which Squid sends out packets via HTTP to clients and other caches. Again, this option is rarely used. It refers to the tcp_outgoing_address directive.

Incoming UDP address sets the address on which Squid will listen for ICP packets from other web caches. This option allows you to restrict which subnets will be allowed to connect to your cache on a multi-homed, or containing multiple subnets, Squid host. This option correlates to the udp_incoming_address directive.

Outgoing UDP address is the address on which Squid will send out ICP packets to other web caches. This option correlates to the udp_outgoing_address.

Multicast groups sets the multicast groups which Squid will join to receive multicast ICP requests. This option should be used with great care, as it is used to configure your Squid to listen for multicast ICP queries. Clearly if your server is not on the MBone, this option is useless. And even if it is, this may not be an ideal choice. Refer to the Squid FAQ on this subject for a more complete discussion. This option refers to the mcast_groups directive.

TCP receive buffer defines the buffer used for TCP packets being received. By default Squid uses whatever the default buffer size for your operating system is. This should probably not be changed unless you know what you’re doing, and there is little to be gained by changing it in most cases. This correlates to the tcp_recv_bufsize directive.

What Linux Junkies Say
Our Blog


Follow Us