Squid Server

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support.

Squid was originally designed to run as a daemon on Unix-like systems. A Windows port was maintained up to version 2.7. New versions available on Windows use the Cygwin environment. Squid is free software released under the GNU General Public License.

History

Squid was originally developed as the ''Harvest object cache'', part of the Harvest project at the University of Colorado Boulder. Further work on the program was completed at the University of California, San Diego and funded via two grants from the National Science Foundation. Duane Wessels forked the "last pre-commercial version of Harvest" and renamed it to Squid to avoid confusion with the commercial fork called Cached 2.0, which became NetCache.Duane Wessel
Squid and ICP: Past, Present, and Future
Proceedings of the Australian Unix Users Group. September 1997, Brisbane, Australia Squid version 1.0.0 was released in July 1996. SquidNT, a port of the Squid proxy server was merged into the main Squid project in September 2006.

Squid is now developed almost exclusively through volunteer efforts.

Basic functionality

After a Squid proxy server is installed, web browsers can be configured to use it as a proxy HTTP server, allowing Squid to retain copies of the documents returned, which, on repeated requests for the same documents, can reduce access time as well as bandwidth consumption. This is often useful for Internet service providers to increase speed to their customers, and LANs that share an Internet connection. Because the caching servers are controlled by the web service operator, caching proxies do not anonymize the user and should not be confused with anonymizing proxies.

A client program (e.g. browser) either has to specify explicitly the proxy server it wants to use (typical for ISP customers), or it could be using a proxy without any extra configuration: "transparent caching", in which case all outgoing HTTP requests are intercepted by Squid and all responses are cached. The latter is typically a corporate set-up (all clients are on the same LAN) and often introduces the privacy concerns mentioned above.

Squid has some features that can help anonymize connections, such as disabling or changing specific header fields in a client's HTTP requests. Whether these are set, and what they are set to do, is up to the person who controls the computer running Squid. People requesting pages through a network which transparently uses Squid may not know whether this information is being logged. Within UK organisations at least, users should be informed if computers or internet connections are being monitored.

Reverse proxy

The above setup—caching the contents of an unlimited number of webservers for a limited number of clients—is the classical one. Another setup is " reverse proxy" or "webserver acceleration" (using ). In this mode, the cache serves an unlimited number of clients for a limited number of—or just one—web servers.

As an example, if ''slow.example.com'' is a "real" web server, and ''www.example.com'' is the Squid cache server that "accelerates" it, the first time any page is requested from ''www.example.com'', the cache server would get the actual page from ''slow.example.com'', but later requests would get the stored copy directly from the accelerator (for a configurable period, after which the stored copy would be discarded). The end result, without any action by the clients, is less traffic to the source server, meaning less CPU and memory usage, and less need for bandwidth. This does, however, mean that the source server cannot accurately report on its traffic numbers without additional configuration, as all requests would seem to have come from the reverse proxy. A way to adapt the reporting on the source server is to use the X-Forwarded-For HTTP header reported by the reverse proxy, to get the real client's IP address.

It is possible for a single Squid server to serve both as a normal and a reverse proxy simultaneously. For example, a business might host its own website on a web server, with a Squid server acting as a reverse proxy between clients (customers accessing the website from outside the business) and the web server. The same Squid server could act as a classical web cache, caching HTTP requests from clients within the business (i.e., employees accessing the internet from their workstations), so accelerating web access and reducing bandwidth demands.

Media-range limitations

For example, a feature of the HTTP protocol is to limit a request to the range of data in the resource being referenced. This feature is used extensively by video streaming websites such as YouTube, so that if a user clicks to the middle of the video progress bar, the server can begin to send data from the middle of the file, rather than sending the entire file from the beginning and the user waiting for the preceding data to finish loading.

Partial downloads are also extensively used by Microsoft Windows Update so that extremely large update packages can download in the background and pause halfway through the download, if the user turns off their computer or disconnects from the Internet.

The Metalink download format enables clients to do segmented downloads by issuing partial requests and spreading these over a number of mirrors.

Squid can relay partial requests to the origin web server. In order for a partial request to be satisfied at a fast speed from cache, Squid requires a full copy of the same object to already exist in its storage.

If a proxy video user is watching a video stream and browses to a different page before the video completely downloads, Squid cannot keep the partial download for reuse and simply discards the data. Special configuration is required to force such downloads to continue and be cached.

Supported operating systems

Squid can run on the following operating systems:

* AIX
* BSDI
* Digital Unix
* FreeBSD
* HP-UX
* IRIX
* Linux
* macOS
* NetBSD
* NeXTStep
* OpenBSD
* OS/2 (including ArcaOS and eComStation)OS/2 Ports by Paul Smedley
OS/2 Ports
* SCO OpenServer
* Solaris
* UnixWare
* Windows

See also

* Web accelerator which discusses host-based HTTP acceleration
* Proxy server which discusses client-side proxies
* Reverse proxy which discusses origin-side proxies
* Comparison of web servers

References

Further reading

*
*

External links

*

Squid Blog

Squid User's Guide

Squid Transparent Proxy For DD-WRT

Squid reverse proxy
— Create a reverse proxy with Squid

Configuration Manual
— ViSolve Squid Configuration Manual Guide

Configuration Manual
— Authoritative Squid Configuration Options
* — Setup squid on solaris

SQUID – Installation on CentOS, Fedora and Red Hat

{{DEFAULTSORT:Squid (Software)
Free proxy servers
Reverse proxy
Proxy server software for Linux
Unix network-related software
Gopher clients
Cross-platform free software