Securing-Optimizing-RH-Linux-1_2_348
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
348
This option cache_mem specifies the amount of memory (RAM) to be used for caching the so
called: In-Transit objects, Hot Objects, Negative-Cached objects. This is an optimization feature.
Its important to note that Squid can uses much more MB than the value you specify in this
parameter and for this reason, if you have 48 MB free for Squid, you must put 48/3 = 16 MB here.
cache_dir ufs /cache 200 16 256
This option cache_dir specify in order: which kind of storage system to use (ufs), the name of
the cache directory (/cache) of Squid, the disk space in megabytes to use under this directory
(200 Mbytes), the number of first-level subdirectories to be created under the cache directory (16
Level-1), and the number of second-level subdirectories to be created under each first-level
cache directory (256 Level-2). In accelerator mode, this option is directly related with the size of
all files you want to serve with your Apache web server.
emulate_httpd_log on
This option emulate_httpd_log if set to ON specifies Squid to emulate the log file format of
Apache web server. This is very useful if you want to use a third party program like Webalizer to
analyze Web Server (httpd) log file.
redirect_rewrites_host_header off
This option redirect_rewrites_host_header if set to OFF, specify Squid to not rewrites any
Host: header in redirected requests. Its recommended to set this option to OFF if you are
running Squid in accelerator mode.
replacement_policy GDSF
This option replacement_policy specify the cache policy Squid will use to determine which
objects in the cache must be replaced when the proxy need to make disk space. The Squid LRU
policy is used by default if you are not specifying the --enable-heap-replacement option during
the compile time. In our configuration, we choose the GDSF (Greedy-Dual Size Frequency) policy
as our default policy. See http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html and
http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html for more information.
acl all src 0.0.0.0/0.0.0.0 and http_access allow all
These options acl and http_access specifies and define an access control lists to be applied on
the proxy server Squid. Our acl and http_access options are not restriction and allow every
one to connect on the proxy server since we use this proxy to accelerate the public Apache Web
Server. See your Squid documentation for more information when using Squid in non-accelerator
mode.
cache_mgr admin
This option cache_mgr specify the email-address of the administrator responsible of the Squid
proxy server. This person is the one who will receive mail if Squid encounter problems. You can
specify the name or the complete email address in this option.
cache_effective_user squid and cache_effective_group squid
These options cache_effective_user and cache_effective_group specify the UID/GID the cache
will run on. Dont forget to never run Squid as root. In our configuration we use the UID squid
and the GID squid.
httpd_accel_host 208.164.186.3 and httpd_accel_port 80
These options httpd_accel_host and httpd_accel_port specify to Squid the IP address and port
number where the real HTTP Server (i.e. Apache) is. In our configuration, the real HTTP Web
Server is on the IP address 208.164.186.3 (www.openarch.com) and on the port (80). The
www.openarch.com is another host name on our network and since the Squid Proxy Server
doesnt reside on the same host of Apache HTTP Web Server, then we can use the port (80) for
our Squid Proxy Server, and the port (80) for our Apache Web Server and the illusion is perfect.