Shulou(Shulou.com)06/03 Report--

Squid is a software that caches Internet data, which receives download requests from users and automatically processes the downloaded data. When a user wants to download a home page, he can send an application to Squid to download it instead of Squid, then Squid connects to the applied website and requests the home page, and then sends the home page to the user while keeping a backup. When other users apply for the same page, Squid immediately sends the saved backup to the user.

According to the different types of agents, Squid agents can be divided into forward agents and reverse agents. According to the different ways of implementation, forward agents can be divided into standard agents and transparent agents.

1. Standard proxy buffer server

A standard proxy buffering service is used to cache static web pages (e.g. html files, image files, etc.) to a host on the local network (i.e. proxy server). When the cached page is accessed for the second time, the browser will request data directly from the local proxy server instead of the original web site. This saves valuable network bandwidth and improves access speed. However, to achieve this, the IP address and port number of the proxy server must be clearly specified on the browser of each internal host. When the client is on the Internet, every time the request is sent to the proxy server for processing, and the proxy server determines whether to connect to the remote web server to obtain data according to the request. If there is a target file in the local buffer, you can transfer the file directly to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.

two。 Transparent proxy buffer server

The transparent proxy buffering service has exactly the same function as the standard proxy server. However, the proxy operation is transparent to the client's browser (that is, there is no need to specify the IP and port of the proxy server). The transparent proxy server blocks network traffic and filters out HTTP (port 80) traffic accessing the outside. If the request of the client is buffered locally, the buffered data is sent directly to the user, and if there is no buffering locally, the request is sent to the remote web server. The rest of the operation is exactly the same as the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or Ipchains. Transparent proxies are particularly useful for ISP (Internet server providers) because no settings are required for browsers.

3. Reverse proxy buffer server

Reverse proxy is a completely different proxy service from the first two kinds of agents. Use it to reduce the load on the original WEB server. The reverse proxy server undertakes the request for the static page of the original WEB server to prevent the original server from being overloaded. It is located between the local WEB server and the Internet, handles all requests to the WEB server, and prevents direct communication between the WEB server and the Internet. If the page requested by the Internet user is buffered on the proxy server, the proxy server sends the buffered content directly to the user. If there is no buffer, first send a request to the WEB server to retrieve the data, and then send it to the user after the local cache. This approach reduces the load on the WEB server by reducing the number of requests to the WEB server.

You can take a look at this article: illustrating forward proxy, reverse proxy, and transparent proxy will help you understand the concept of proxy.

In pfsense, Squid transparent proxy is more commonly used. This tutorial will show you how to set up a Squid transparent proxy on pfSense 2.33. In this example, the version number of Squid is 3.5.24x2.

Install Squid

1. Navigate to System > Package Manager (plug-in Management).

two。 Click the Available Packages (available plug-ins) tab.

3. Turn the page down to find squid.

4. Click'+'to install.

Squid GeneralSettings (General Settings)

1. Navigate to the Services > Squid Proxy Server > General tab

2. Enable Squid Proxy (enable Squid proxy)-Check toenable (set to enable)

3. Keep Settings/Data (retain settings / data)-if you do not want to retain a large amount of cached data after deleting Squid, it is recommended that you do not choose it.

4. Proxy Interface (proxy Interface)-Select LAN.

5. Allow Users on Interface- if selected, users connected to the interface selected in the Proxy Interface field will be allowed to use the agent. There is no need to add the subnets of the interface to the list of allowed subnets.

6. Other settings can use default values.

TransparentProxy Setting (transparent proxy settings)

1.Transparent HTTP Proxy (transparent proxy)-Check to enable (set to enabled), when enabled, all requests for destination port 80 will be forwarded to the proxy server.

2.Transparent Proxy Interface (transparent proxy Interface)-Select LAN.

3.Bypass Proxy for Private Address Destination (bypass agent private address destination)-must be selected, otherwise you will not be able to get on the network (tested in a virtual machine). (if it is not set, there will be an error: the URL (URL) you requested cannot be obtained.

4. Other settings default.

LoggingSettings (log settings)

Can not be set (especially when the hard disk capacity is insufficient)!

1.Enable Access Logging (enable access log)-Check toenable (set to enabled).

2.Log Store Directory (log save directory)-there is usually no need to change the directory, so keeping the default value is sufficient. If you do need to change the path, remember not to add a "/" at the end of the path.

3.RotateLogs (log rotation)-defines how many days the log file will be retained. If it is not set, it will be saved all the time.

4. Others use default values.

HeadersHandling, Language and Other Customizations (title handling, language and other settings)

1.Visible Hostname (visible hostname)-if the proxy server displays any errors, this will be displayed on the client computer. You can keep the same name as the hostname of the pfSense server.

2.Administrator's Email (administrator mailbox)-if an error occurs, this will also be displayed on the client.

3.Error Language (error prompt language)-Select the language to display when an error message occurs on the client.

4. The other options can be kept by default.

Squid HardDisk Cache Settings (hard disk cache settings)

1. Click the Local Cache tab and turn the page down to find Squid Hard Disk Cache Settings

2. Hard Disk Cache Size (hard disk cache size)-the maximum hard disk cache allocated to Squid. It is recommended that you set the value above 4GB.

3. Hard Disk Cache System (hard disk caching system)-the default setting is recommended.

4. Level 1 Directories-specifies the number of hard disk cache level 1 directories. You can set up to 256. The more directories, the slower you start, but you can speed up caching under certain conditions.

5. Hard Disk Cache Location (hard disk cache location)-if the hard drive is sufficient to store the cache size specified in the hard disk cache size, keep the default setting. If not, select a different stored path and remember not to add "/" at the end of the file path.

6. Minimum Object Size (minimum object size)-objects smaller than the specified size (in KB) are not saved on disk. Default value: 0 (which means there is no minimum) the recommended default value.

7.Maximum Object Size (maximum object size)-objects larger than the specified size (in MB) are not saved on disk. Default value: 4 (MB). Tip: if the increased speed is more important than saving bandwidth, it should be set to a lower value. Default values are recommended.

Squid MemoryCache Settings (memory cache settings)

1. Memory Cache Size (memory cache size)-the more memory that can be cached for Squid, the faster the caching process. It is recommended to use more than 2GB. But do not exceed 50% of the total memory.

2. Maximum Object Size in RAM (maximum object size in RAM)-objects that are higher than the allocated size are not stored in the memory cache. The default value (256 KB) is recommended.

3. Memory Replacement Policy (memory replacement Policy)-determines which objects are purged from memory when storage space is needed. It is recommended to default heap GDSF.

Squid AccessControl Lists (access control list)

Set up as needed!

1. Click the ACLs tab.

2.Allowed Subnets (allowed subnets)-enter subnets that are allowed to use proxies in CIDR format (192.168.111.0 Universe 24). One line for each entry. If AllowUsers on Interface (allow Interface users) is selected on the SquidGeneral Settings tab, you do not need to add the proxy Interface subnet to this list.

3. Other settings are guaranteed to default.

After the above settings, the Squid agent is running normally.

If there is a problem that the parsing time of visiting the website is too long, open the DNS parsing.

This is a basic Squid transparent proxy configuration process. Squid 3.5.24room2 has many functions, other more complex configurations, please study by yourself!

For the video tutorial, please click.

2017-06-03

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.