Squid

From HerzbubeWiki
Jump to: navigation, search

Debian packages

squid


References

Debian article for configuring squid

http://www.debian-administration.org/articles/71

Homepage

http://www.squid-cache.org/


Configuration

squid

The main configuration file for squid is

/etc/squid/squid.conf

Another configuration file which I am going to ignore because it contains irrelevant settings

/etc/default/squid

By default, squid is listening on port 3128, on all interfaces. I want it to listen on port 8080, and only on interfaces that receive outgoing HTTP connections. This is what it looks like:

http_port 192.168.1.6:8080
http_port 192.168.2.1:8080
http_port 127.0.0.1:8080

(note that squid does not listen for https connections by default, and I also don't want it to cache those)

Allow access from the localhost and the 192.168.0.0 network:

acl localhost src 127.0.0.1/255.255.255.255
acl our_networks src 192.168.0.0/16
http_access allow localhost
http_access allow our_networks

(the localhost rules were already present in the default configuration; the default configuration also contains many more rules which are not listed here)

Administrative information:

cache_mgr webmaster@herzbube.ch

The Debian Administration article mentions a couple of options whose names begin with "httpd_accel". I could not find these options in the default configuration, nor was I able to find out conclusively why they are missing, what their purpose is, etc. The only hint I got so far is this FAQ entry on the Squid homepage which clarifies the terms "accelerator" and "proxy cache". It seems that what I want to do is not an accelerator, so for the moment I am going to ignore the options discusssed in the Debian article since they all seem to refer to accelerator stuff.


Transparent proxying

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port