Installing and Configuring Squid - More, More... Configuration!
(Page 3 of 4 )
All right so let's continue our configuration step-by-step approach that we started on the previous page. Remember, all of these options happen within the squid.conf file. Don't forget that these are not only network specific, but also your own needs should be considered. These are purely for exemplification of the bare minimum, and give an approach to the things to consider when designing the configuration file.
In order to simplify the article we assume that Squid will be the only proxy server in your network infrastructure. So in this case, we need to specify that Squid shouldn't send its queries through any port. We will do this by writing 0 to the icp_port.
icp_port 0
Of course, if there are other proxy servers, the situation changes. Moving further, it's time for us to design and create the required ACLs. We want to enable all kinds of access from the local host, and then give access to the computers from our LAN, too.
At the beginning of this article we said the proxy server is on 192.168.1.1, this may be 10.0.0.1 in your case, or who knows. In our case, the client computers can be found from 192.168.1.0/24. You should already be familiar with sub-netting (/24).
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.0/24
There you have it. The main ACLs are created. These are enough for Squid to work properly. Sure, this could be extended, and sometimes even quite complex, but it's up to you to configure further and define other ACLs. Now we will also specify in our configuration that the dynamically generated pages should not be cached; they must be retrieved online.
hierarchy_stoplist cgi-bin php asp ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
As you can see, we have opted for a Regular Expression to explain which pages are dynamic pages (cgi-bin, php, asp). If these are found, they won't be cached. All right, now the time has come for us to set the permissions. These are quite self-explanatory.
http_access allow localhost
http_access allow lan
http_access deny all
Practically, what we're doing here is allowing access to Squid only for the localhost itself, along with computers from the local area network. All other sources are denied.
We mentioned logs earlier; here, we set their path.
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
And finally, let's specify the PID of the process.
pid_filename /var/run/squid.pid
All in all, these should suffice for a minimal configuration. Now the awaited moment has arrived; we're going to make Squid update its configuration from the file we just modified, and then we will execute squid via the -NDCdl argument.
squid -f /etc/squid/squid.conf -z
squid -NDCd1
If everything goes smoothly, you'll get:
Ready to serve requests.
That's all for now; on the final page we will recommend a few resource libraries.
