1 / 31

SQUID (Proxy server)

SQUID (Proxy server). Introduction to Proxy Installation & Configuration of SQUID server. Presented By: Aslam Danish (08 CSS 13) Chirag Gupta (08 CSS 16). Topic to be covered:. Part I:. What is Proxy?? Purpose of using Proxy Improving performance using Proxy

ronaldcrodriguez
Download Presentation

SQUID (Proxy server)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SQUID (Proxy server) Introduction to Proxy Installation & Configuration of SQUID server • Presented By: • Aslam Danish (08 CSS 13) • Chirag Gupta (08 CSS 16)

  2. Topic to be covered: Part I: • What is Proxy?? • Purpose of using Proxy • Improving performance using Proxy • Filtering request using proxy Part II: • How Proxy works?? (Animated presentation) • Squid • Other Proxies • Squid Page Fetch Algorithm • Cacheable Objects • Non-cacheable Objects • Transparent Proxies (Pros & Cons) Part III: • Installation & Configuration Of Squid • Demo

  3. LAN INTERNET What is Proxy ?

  4. Main purpose of using proxies • Improve Performance • Act as Cache server • Cache web pages & provide them back without requesting the page again from website server. • Bandwidth control • Reduces the Bandwidth requirements for an large Organization. • Filter Requests • Prevent access to some web sites!!! • Prevent access to some protocols • Prevent access of network on Time Basis. • Surfing Anonymously • Browsing the WWW without any identification!!!   

  5. INTERNET 512 Kbps 1 Mbps 128 Kbps 64 Kbps Improving Performance • Caching • Reduces latency (Sites takes less time to open) • Reduces Network Traffic ( Reduces Data uses) • Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. • Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. • Bandwidth control • Policy-based Bandwidth Limits • Deny by content type

  6. Filtering Requests • Prevent access to some web sites!!! • Categories web sites • Educational • Advertisements & Pop-Ups • Chat • Games • Hacking • Peer-to-Peer • Check by content type • .Exe / .Com • .Mid / .MP3 / .Wav • .Avi / .Mpeg / .Rm

  7. How A Proxy works

  8. Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  9. Source IP 217.219.66.2 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Change Source IP Address IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  10. Source IP 209.191.93.52 Dest IP 217.219.66.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Change Source IP Address & Destination IP Address

  11. Source IP 209.191.93.52 Source IP 209.191.93.52 Dest IP 217.219.66.2 Dest IP 172.16.0.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Change Dest. IP Address IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  12. Source IP 209.191.93.52 Dest IP 172.16.0.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  13. SQUID

  14. SQUID • Squid is a free, open source, proxy caching server for Web clients • It operates as an intermediary between the Web browsers (clients) and the servers they access. • Technically, A proxy server can simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a server. • Squid is supported and distributed under a GNU Public by the National Laboratory for Applied Network (NLANR) at the University of California, San Diego.

  15. Squid supports following protocols: • It supports Transparent proxying. • It works on port no. 3128 • Other works that a Proxy does.

  16. Other proxies • Free-ware • Apache 1.2+ proxy support • Commercial • Netscape Proxy • Microsoft Proxy Server • NetAppliance’s NetCache • CacheFlow • Cisco Cache Engine

  17. Squid’s page fetch algorithm • Check cache for existing copy of object(lookup based on MD5 hash of URL) • If it exists in cache • Check object’s expire time; if expired, fall back to origin server • If object still considered fresh, return cached object to requester

  18. Squid’s page fetch algorithm • If object is not in cache, expired, or otherwise invalidated • Fetch object from origin server • If 500 error from origin server, and expired object available, returns expired object • Test object for cacheability; if cacheable, store local copy

  19. Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  20. Source IP 217.219.66.2 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Change Source IP Address Cached Pages: IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  21. Source IP 209.191.93.52 Dest IP 217.219.66.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Change Source IP Address & Destination IP Address

  22. Source IP 209.191.93.52 Source IP 209.191.93.52 Dest IP 217.219.66.2 Dest IP 172.16.0.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com Change Dest. IP Address IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  23. Source IP 209.191.93.52 Dest IP 172.16.0.2 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  24. Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.3 Gw : 172.16.0.1 Cached Pages: www.yahoo.com IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  25. Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52 INTERNET LAN Proxy Server IP : 172.16.0.3 Gw : 172.16.0.1 Cached Pages: www.yahoo.com Check for cached page Page Found IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  26. Source IP 209.191.93.52 Dest IP 172.16.0.3 INTERNET LAN Proxy Server IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com Retrieve page from cache IP : 172.16.0.1 No Need to contact Yahoo server IP : 217.219.66.2 Gw : 217.219.66.1

  27. Source IP 209.191.93.52 Dest IP 172.16.0.3 INTERNET LAN Proxy Server IP : 172.16.0.3 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1

  28. Cacheable objects • HTTP • Must have a Last-Modified: tag • If origin server required HTTP authentication for request, must have Cache-Control: public tag • Ideally also has an Expires or Cache-Control: max-age tag • FTP • Squid sets Expires time to fetch timestamp + 2 days

  29. Non-cacheable objects • HTTPS • HTTP • No Last-Modified: tag • Authenticated objects • URLs with cgi-bin or ? in them • POST method (form submission)

  30. Transparent Proxying • Router forwards all traffic to port 80 to proxy machine using a route policy • Pros • Requires no explicit proxy configuration in the user’s browser • Cons • Route policies put excessive CPU load on routers on many (Cisco) platforms • Often leads to mysterious page retrieval failures • Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports

  31. Thank You

More Related