Section 38.5. Squid as Web Accelerator


38.5. Squid as Web Accelerator

In addition to the proxying aspects of Squid, it can also be used as a web accelerator. This is very similar in concept to Squid as a proxy server, but in this case, Squid is "closer" to the web server that is being queried. Squid sits "in front" of the web server, and when a request is made from any web browser for content that is on the web server, that request is handled by Squid. If Squid has the requested content in the cache, it is served directly to the client. If the content is not in the cache, Squid gets the content from the web server and then serves it to the client. This is useful in a number of situations:


If the original web server is too slow to handle all the requests

Because this setup puts less load on the web server itself (and more on Squid), performance increases.


If the original web server is on a slow line, which can't handle all of the traffic

If the Squid system is on a faster line, requests can come into Squid, and Squid will query the web server over the slow line only when a request cannot be fulfilled from the cache.

Let's look at an example configuration that would allow a Squid system to sit "in front" of a web server and handle incoming requests for it. Assume the Squid system has two network cards, one connected to a DSL router with an IP address of 1.1.1.1/255.255.255.0 and one connected to a switch with an IP address of 192.168.1.1/255.255.255.0. The web server we want to handle requests for is connected to the same switch and has an IP address of 192.168.1.2/255.255.255.0. It's running Apache, which is listening on port 80. Here is our example Squid.conf:

 http_port 80 # forward incoming requests to 192.168.1.2, port 80 httpd_accel_host 192.168.1.2 acl acceleratedHost dst 192.168.1.2/255.255.255.255 httpd_accel_port 80 acl acceleratedPort port 80 httpd_accel_with_proxy on acl all src 0.0.0.0/0.0.0.0 acl intranet src 192.168.1.0/255.255.255.0 # Allow requests when they are to the accelerated machine AND to the # right port http_access allow acceleratedHost acceleratedPort http_access allow intranet http_access deny all 

Let's look at what each of these lines does:


http_port

Tells Squid to listen for requests on TCP port 80, because that is the default port over which web browsers will attempt to communicate


httpd_accel_host

What internal web server we are handling requests for


acl accelerated Host

Create an ACL that identifies our internal web server


httpd_accel_port

What port our internal web server is listening on


acl acceleratedPort

Create an ACL for the internal web server port


acl all

Define the catchall ACL, referred to in a later http_access statement


acl intranet

Define the local intranet ACL, referred to in a later http_access statement


http_access allow acceleratedHost acceleratedPort

Allow requests for our internal web server


http_access allow intranet

Allow proxy requests from the intranet


http_access deny all

Deny everything else

This configuration has the added bonus of allowing the Squid system to act as a proxy server for the internal network, as well as a web accelerator for the web site .

Once we are satisfied that this configuration works, we need to ensure that the DNS entry for our web site points to the Squid system, since it will be handling all of the incoming web requests.

Squid is a powerful tool and can make your web surfing much more efficient and easier to manage. For more information, be sure to visit the official Squid web site at http://www.squid-cache.org. You might also be interested in some of the Squid add-on tools. These tools include log file parsers and web site blacklists, to name a few. You can find a good list at http://en.wikipedia.org/wiki/Squid_cache.




LPI Linux Certification in a Nutshell
LPI Linux Certification in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596005288
EAN: 2147483647
Year: 2004
Pages: 257

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net