In addition to the proxying aspects of Squid, it can also be used as a web accelerator. This is very similar in concept to Squid as a proxy server, but in this case, Squid is "closer" to the web server that is being queried. Squid sits "in front" of the web server, and when a request is made from any web browser for content that is on the web server, that request is handled by Squid. If Squid has the requested content in the cache, it is served directly to the client. If the content is not in the cache, Squid gets the content from the web server and then serves it to the client. This is useful in a number of situations:
Because this setup puts less load on the web server itself (and more on Squid), performance increases.
If the Squid system is on a faster line, requests can come into Squid, and Squid will query the web server over the slow line only when a request cannot be fulfilled from the cache.
Let's look at an example configuration that would allow a Squid system to sit "in front" of a web server and handle incoming requests for it. Assume the Squid system has two network cards, one connected to a DSL router with an IP address of 1.1.1.1/255.255.255.0 and one connected to a switch with an IP address of 192.168.1.1/255.255.255.0. The web server we want to handle requests for is connected to the same switch and has an IP address of 192.168.1.2/255.255.255.0. It's running Apache, which is listening on port 80. Here is our example Squid.conf:
http_port 80 # forward incoming requests to 192.168.1.2, port 80 httpd_accel_host 192.168.1.2 acl acceleratedHost dst 192.168.1.2/255.255.255.255 httpd_accel_port 80 acl acceleratedPort port 80 httpd_accel_with_proxy on acl all src 0.0.0.0/0.0.0.0 acl intranet src 192.168.1.0/255.255.255.0 # Allow requests when they are to the accelerated machine AND to the # right port http_access allow acceleratedHost acceleratedPort http_access allow intranet http_access deny all
Let's look at what each of these lines does:
http_port
Tells Squid to listen for requests on TCP port 80, because that is the default port over which web browsers will attempt to communicate
httpd_accel_host
What internal web server we are handling requests for
acl accelerated Host
Create an ACL that identifies our internal web server
httpd_accel_port
What port our internal web server is listening on
acl acceleratedPort
Create an ACL for the internal web server port
acl all
Define the catchall ACL, referred to in a later http_access
statement
acl intranet
Define the local intranet ACL, referred to in a later http_access
statement
http_access allow acceleratedHost acceleratedPort
Allow requests for our internal web server
http_access allow intranet
Allow proxy requests from the intranet
http_access deny all
Deny everything else
This configuration has the added bonus of allowing the Squid system to act as a proxy server for the internal network, as well as a web accelerator for the web site .
Once we are satisfied that this configuration works, we need to ensure that the DNS entry for our web site points to the Squid system, since it will be handling all of the incoming web requests.
Squid is a powerful tool and can make your web surfing much more efficient and easier to manage. For more information, be sure to visit the official Squid web site at http://www.squid-cache.org. You might also be interested in some of the Squid add-on tools. These tools include log file parsers and web site blacklists, to name a few. You can find a good list at http://en.wikipedia.org/wiki/Squid_cache.