Securing-Optimizing-RH-Linux-1_2_349
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
349
log_icp_queries off
This option log_icp_queries specify if you want ICP (ICP is used to exchange hints about the
existence of URLs in neighbor caches) queries to be logged to access.log file or not. Since we
dont use the ICP feature in Squid accelerator mode, we can turn safety this option to OFF.
cachemgr_passwd my-secret-pass all
This option cachemgr_passwd specify a password that will be require for accessing the
operations of the cachemgr.cgi program utility. This CGI utility program is designed to run
through a web interface and outputs statistics about Squid configuration and performance. The
<my-secret-pass> is the password you have chosen and the keyword <all> specifies to set this
password to be the same for all actions you can perform in this program. See The cachemgr.cgi
program utility of Squid, bellow in this chapter for more information.
buffered_logs on
This option buffered_logs if turned ON can speed up the writing of some log files slightly. This
is an optimization feature.
Configuration of the /etc/squid/squid.conf file as a proxy-caching mode
With some minor modification of the squid.conf file we have definite above to run Squid in httpd-
accelerator mode, we can run Squid as proxy-caching server. In proxy cache server, all users in
your corporate network use Squid to access the Internet. With this configuration you can have
complete control and apply special policy on what can be viewed, acceded, downloaded, you can
also control bandwidth usage, connection time and so on. Proxy cache server can be configured
to run as stand-alone server for your corporate or to use and share caches hierarchy with other
proxy server around the Internet.
With the first example bellow we show you how to configure Squid as stand-alone server and
then speak a little bit about a cache hierarchy configuration, where two or more proxy-cache
servers cooperate by serving documents to each other.
Edit the squid.conf file (vi /etc/squid/squid.conf) and add/change the following options for proxy
cache that run as a stand-alone server:
http_port 8080
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB