Configuring squid cache

From Notes_Wiki
Revision as of 11:43, 2 December 2012 by Saurabh (talk | contribs)

<yambe:breadcrumb>Squid proxy server configuration|Squid</yambe:breadcrumb>

Configuring squid cache

Configurable parameters related to squid cache

Configuring structure of squid_cache directory and amount of data stored

We can configure the size of squid_cache and where it is stored using directive like:

cache_dir aufs /squid_cache 60000 64 1024


Caching rpm files for long duration

We can ask squid to cache rpm packages for long time and to not cache metadata files like primary.sqlite.bz2 with configuration like:

refresh_pattern .*rpm$ 21600 100% 21600
refresh_pattern .*primary.sqlite.bz2$ 0 20% 120

Note: This can also be used to ensure that setup files, update files (esp. anti-virus and windows updates) etc. are cached for longer duration.


Denying access cache for local files

Last to deny access to cache to local data, so that local files are not cached. We can use something like this:

acl localip dst 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8
cache deny localip


It is always better to disallow access to local data using squid by using something like:

acl localip src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
http_access deny localip

since there is no need of going through proxy for accessing it.


Setting up parent or sibling caches using cache_peer

We can use cache_peer setting to redirect some of the requests to other squid proxies. For example if the other squid proxy is running on some privileged IP address and hence the request would only get response if sent from that proxy. This is often found in case of ACM / IEEE etc. on-line websites which allow access based on IP Address. Hence we can use cache_peer directive to transfer selected websites to other cache.

To do this we need to specify cache_peer using:

cache_peer 192.168.36.204 parent 8080 3130 no-query no-digest no-netdb-exchange

Then we have to specify which websites should be allowed to be access through this peer:

acl otherproxy url_regex "/etc/squid/divert.txt"
cache_peer_access 192.168.36.204 allow otherproxy
cache_peer_access 192.168.36.204 deny all

Note that here 'url_regex' is important and 'dst_domain' will not work. For some reason the module which checks domains for cache_peer_access expects us to enter complete domain when we use 'dst_domain'. Hence a.b.c wont match with domain b.c if we use 'dst_domain. That is why we must use 'url_regex' while configuring cache_peer_access.

In above manner redirecting complete traffic is as simple as adding a line containing '.' (everything) in file '/etc/squid/divert.txt'. Ensure that file '/etc/squid/divert.txt' is readable by user squid.


To prevent current squid to fetch the object directly no matter what and to always go through one of the parents we can use 'never_direct' configuration directive. Hence above requirement of going through other proxy for some website is even better achieved using

acl otherproxy url_regex "/etc/squid/divert.txt"
cache_peer_access 192.168.36.204 allow otherproxy
never_direct allow otherproxy
cache_peer_access 192.168.36.204 deny all

which ensures all urls in file 'divert.txt' are fetched through 192.168.36.204 proxy only and never directly even if 192.168.36.204 is inaccessible.


<yambe:breadcrumb>Squid proxy server configuration|Squid</yambe:breadcrumb>