Configuring squid cache
<yambe:breadcrumb>Squid proxy server configuration|Squid</yambe:breadcrumb>
Configuring squid cache
Configuring structure of squid_cache directory and amount of data stored
We can configure the size of squid_cache and where it is stored using directive like:
cache_dir aufs /squid_cache 60000 64 1024
Caching rpm files for long duration
We can ask squid to cache rpm packages for long time and to not cache metadata files like primary.sqlite.bz2 with configuration like:
refresh_pattern ^.*\.rpm$ 1440 50% 10080 refresh_pattern ^.*\.drpm$ 1440 50% 10080 refresh_pattern ^.*\.deb$ 1440 50% 10080 refresh_pattern ^.*\.exe$ 1440 50% 10080 refresh_pattern ^.*\.zip$ 1440 50% 10080 refresh_pattern ^.*\.rar$ 1440 50% 10080 refresh_pattern ^.*\.tar\.gz$ 1440 50% 10080 refresh_pattern ^.*\.tar\.bz2$ 1440 50% 10080 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
Note: This can also be used to ensure that setup files, update files (esp. anti-virus and windows updates) etc. are cached for longer duration.
Denying access cache for local files
Last to deny access to cache to local data, so that local files are not cached. We can use something like this:
acl localip dst 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8 cache deny localip
It is always better to disallow access to local data using squid by using something like:
acl localip src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 http_access deny localip
since there is no need of going through proxy for accessing it.
Setting up parent or sibling caches using cache_peer
We can use cache_peer setting to redirect some of the requests to other squid proxies. For example if the other squid proxy is running on some privileged IP address and hence the request would only get response if sent from that proxy. This is often found in case of ACM / IEEE etc. on-line websites which allow access based on IP Address. Hence we can use cache_peer directive to transfer selected websites to other cache.
To do this we need to specify cache_peer using:
cache_peer 192.168.36.204 parent 8080 3130 no-query no-digest no-netdb-exchange
Then we have to specify which websites should be allowed to be access through this peer:
acl otherproxy url_regex "/etc/squid/divert.txt" cache_peer_access 192.168.36.204 allow otherproxy cache_peer_access 192.168.36.204 deny all
Note that here 'url_regex' is important and 'dst_domain' will not work. For some reason the module which checks domains for cache_peer_access expects us to enter complete domain when we use 'dst_domain'. Hence a.b.c wont match with domain b.c if we use 'dst_domain. That is why we must use 'url_regex' while configuring cache_peer_access.
In above manner redirecting complete traffic is as simple as adding a line containing '.' (everything) in file '/etc/squid/divert.txt'. Ensure that file '/etc/squid/divert.txt' is readable by user squid.
To prevent current squid to fetch the object directly no matter what and to always go through one of the parents we can use 'never_direct' configuration directive. Hence above requirement of going through other proxy for some website is even better achieved using
acl otherproxy url_regex "/etc/squid/divert.txt" cache_peer_access 192.168.36.204 allow otherproxy never_direct allow otherproxy cache_peer_access 192.168.36.204 deny all
which ensures all urls in file 'divert.txt' are fetched through 192.168.36.204 proxy only and never directly even if 192.168.36.204 is inaccessible.
<yambe:breadcrumb>Squid proxy server configuration|Squid</yambe:breadcrumb>