Slashdot Mirror

← Back to Domains

Domain: squid-cache.org

Stories and comments across the archive that link to squid-cache.org.

Comments · 216

  1. Many servers and Squid by Citrix · · Score: 2 · on Supporting Tens Of Thousands Of Users With Apache?

    If you decide to go with more then one web server take a look at Squid. It can reverse proxy web request to make many servers look like one. You should be able to split the user names on alpha ranges.

    From the Squid FAQ

    The Squid redirector can make one accelerator act as a single front-end for multiple servers. If you need to move parts of your filesystem from one server to another, or if separately administered HTTP servers should logically appear under a single URL hierarchy, the accelerator makes the right thing happen.

    This doesn't quite solve your ftp problem. I did a quick search and didn't find anything that would direct a ftp to a different server based off of username. It shouldn't be hard to adapt a ftp proxy to do this for you, but I've never tried.

    It wouln't be hard to write a quick php/cgi help page that given the user name would provide the used with the correct server address. Or you could make a few dns entries like a.ftp.host, b.ftp.host, etc and if the users name was tom they would use t.ftp.host.

    Or you could ask Geocites for their user management software ;~)
    Leknor
    http://Leknor.com

  2. Many servers and Squid by Citrix · · Score: 2 · on Supporting Tens Of Thousands Of Users With Apache?

    If you decide to go with more then one web server take a look at Squid. It can reverse proxy web request to make many servers look like one. You should be able to split the user names on alpha ranges.

    From the Squid FAQ

    The Squid redirector can make one accelerator act as a single front-end for multiple servers. If you need to move parts of your filesystem from one server to another, or if separately administered HTTP servers should logically appear under a single URL hierarchy, the accelerator makes the right thing happen.

    This doesn't quite solve your ftp problem. I did a quick search and didn't find anything that would direct a ftp to a different server based off of username. It shouldn't be hard to adapt a ftp proxy to do this for you, but I've never tried.

    It wouln't be hard to write a quick php/cgi help page that given the user name would provide the used with the correct server address. Or you could make a few dns entries like a.ftp.host, b.ftp.host, etc and if the users name was tom they would use t.ftp.host.

    Or you could ask Geocites for their user management software ;~)
    Leknor
    http://Leknor.com

  3. Re:Federal Funds by Gleef · · Score: 2 · on Checking Out Library Censorship

    dlapine asks:

    One side note here is that NetNanny is one of the only filtering programs for Windows that releases the blocked site list and allows the user to alter it. This gives the knowledgeable sysadmin some leeway. If someone knows of useable Linux filtering software, please let me know.

    Squid is not only a great caching proxy server for Linux, it also offers very powerful access controls. More info on various ways of using them, including people who distribute editable porn blocking lists for Squid, can be found in the Squid FAQ.

    ----

  4. Re:Federal Funds by Gleef · · Score: 2 · on Checking Out Library Censorship

    dlapine asks:

    One side note here is that NetNanny is one of the only filtering programs for Windows that releases the blocked site list and allows the user to alter it. This gives the knowledgeable sysadmin some leeway. If someone knows of useable Linux filtering software, please let me know.

    Squid is not only a great caching proxy server for Linux, it also offers very powerful access controls. More info on various ways of using them, including people who distribute editable porn blocking lists for Squid, can be found in the Squid FAQ.

    ----

  5. Ditch AOL by ibpooks · · Score: 1 · on AOL Class-Action Suit Over Pop-Up Ads

    Easy choice....ditch AOL, use Squid and SquidGuard to filter whatever in the hell you don't want displayed.

  6. Re:Umm.. a mirror please by Alex+Pennace · · Score: 1 · on Hemos Gets Hitched

    Too bad Hemos.net is the host. It appears to be slashdotted. Why couldn't Slashdot host it locally?

    Presuming the files have appropriate HTTP headers, they should be cached in various places around the net. You ARE using a caching proxy, right? There is no excuse for not using one...

  7. Re:What to fight by Paranoid+Diatribe · · Score: 1 · on Software That Can Censor 'Sexual Images.' Or Not.
    This is already in the works.

    Check out www.squidGuard.org for what is likely the closest thing to an open source filter project. It runs as a redirector plugin for Squid proxy server.

    I checked it out one day, to use as a JunkBuster on steroids. I'm really impressed with it. You can craft categories (such as porn, banner adds, tracking sites like doubleclick) and determine who they affect by source machine, destination machine, and even by the time of day. If you're really clever with regular expressions you can do a really good job with it. It has the same failings as any other block-list based filter, but it's open for all to contribute. The site even has a canned set of lists. You can even "anonymize" the logs, so as to only see that there is a problem, and not that it's Bob in Accounting.

    Mind you, I don't like censoring -- even at the workplace. However, I will concede that I may be asked someday to set up such a system. And given the recent "scandals" with the commecial filter vendors, I could only recommend this solution. Besides... it's open source! :-)

  8. Re:Where do I get that list? by martinde · · Score: 1 · on Firewall + Censorware = Trouble

    Mind you, I haven't tried these but here you go.

  9. HTTP Caches to the Rescue by Alex+Pennace · · Score: 2 · on Judge Bars eBay Crawler

    The problem may be easily solved if Bidder's Edge made use of some sort of distributed HTTP cache which would already have the relevant HTTP objects stored and would avoid requests of eBay's servers. These caches are populated by other individuals making use of them through other local caches (you ARE making use of a local HTTP cache, aren't you?)

  10. Load balancing may be what you want. by SwellJoe · · Score: 1 · on Good Uses For Modem Teaming?
    Sounds like what you need is load balancing. There are a couple of good options for this.

    The most popular these days is Layer 4 switching, which splits traffic as evenly as it can by monitoring the traffic on each pipe and directing requests accordingly. Linux Virtual Server can provide L4 switching capabilities from any old box you've got lying around.

    Cisco also produces intelligent routers that can perform a sort of load balancing. Another option is a cache heirarchy using Squid. Squid can perform basic load balancing functions through it's parent/sibling relationship features.

    Probably the best thing to do is set up LVS as an L4 switch to load balance between Squids (one squid per pipe), with the Squid sharing cached content information via cache digests.

    Using an L4 switch + cache setup you will not only effectively share the bandwidth you will also get faster response times and less bandwidth usage overall.

    http://www.linuxvirtualserver.org: Is the website to go to to find out about LVS. Also, the LVS kernel patches are now default in Red Hat 6.2 and above, plus Red Hat includes a web based administration frontend called Pirahna.

    http://www.squid-cache.org: The Squid homepage.

    Hope this helps.

  11. Server-level by ibpooks · · Score: 1 · on Mozilla Junkbuster-like Feature Removed

    There's a much better way to block banner ads than at the browser level. Simply use Squid Proxy Server and the GNU filtering package squidGuard. That way there's no possibility of the damn SPAMMERS to get to your desktop.

  12. Re:Accelerate your website -- it's awesome! by Doc+Hopper · · Score: 3 · on Squid, FreeBSD Rock the House at Caching Bake-Off
    Basically, reverse proxy caching works by you hijacking connections to your webservers from the outside world. IP Policy-based routing is the easiest example to understand, and is the method we use at Excite@Home E-Business, so I will detail it.
    A connection is destined for "www.excitestores.com", and ends up at the external DS/3 (T3, T1, insert your fast link here) port on our router. The router runs a rule against the packet and says "Hey, this is www traffic bound for the servers that are to be accelerated. Therefore my next hop is (insert IP address of cache here)!". It route-maps it to the cache server as it's next hop. The caching server is set up to "hijack" any incoming connections as if they are destined for itself, and makes the request to the origin web server on behalf of the requesting client. At this point, this does not differ too much from standard forward transparent proxying, except that you normally have an access control list that only permits transparent proxying of a limited set of URL's or IP addresses. You don't want to run an "open proxy" for the world to use to cache whatever they want.
    Of course, note here that there are alternate methods of accelerating sites depending on the cache you choose and your infrastructure. The basic idea is to get the packets to your cache instead of the web server, however you choose to do it. Common methods include placing the cache in the natural route of the packets, making the webserver address point to the cache and have a non-public DNS that the cache looks to to resolve a web site on a non-routeable private network, or specifying on the cache that incoming connections on a certain IP are to accelerate a particular origin server.
    Anyway, the benefits of this are enormous in our case. We have a (*&$load of modules compiled into our Apache server, tons of virtual hosts and modules to handle them all, and each daemon runs about 12 MB. Each web server has a gigabyte of RAM, therefore you do the math:
    1024/12=85 and 1/3 connections run us out of physical RAM on each web server. Realize this is a rough estimate; our web servers can handle much more, but performance degrades quickly with more connections being served from virtual memory. I've also not taken into account OS overhead, other services running on the servers, and any other thing you may think of. However, modem users, particularly, saturate web server connections because it is so slow to deliver objects to them.
    CNN.com, for instance, uses ICS caching boxes purely for connection management to handle these slower connections that could bog their servers down. Novell's ICS is rated at over 100,000 simultaneous connections on each box in reverse proxy mode. A big difference from 85 connections for one machine, no?
    I'd love to discuss this in more depth, if you require a better answer. Better yet, check the FAQ at Squid's site regarding transparent reverse proxying.

    Seriously, this is what takes web sites to the next level, regardless of whether you use Squid, ICS, NetCache, or another type of reverse cache. Keep smiling!

  13. Distributed caches with 'proxy.pac' by Nonesuch · · Score: 3 · on Squid, FreeBSD Rock the House at Caching Bake-Off
    One reason I like squid is that it makes it easy and inexpensive to build a hierarchy of distributed caches. Just take any ancient PC, load a free OS, and put it where it can help alleviate congestion.

    I've done a lot of work with 'proxy.pac' files in the last year- it's amazing how much decision-making power you can put into the autoproxy script, letting the client machine take on some of the responsibilities of smart proxying.

    For example, right now I have two distinct sites with their own Squid proxies, users at both sites use identical 'proxy.pac' files. The browser decides whether to go direct or via a proxy based on the host/domain of the destination, then chooses a proxy based on it's own source IP address.

    This means that every Netscape and IE browser in the enterpise has the same configuration, and even roaming users will always get their closest proxy server each time they connect.

    If a business unit later gets their own internet firewall and proxy, it takes a line or two in the global script, and clients automagically use the new proxy.

    You can also specify multiple proxies in the file- if the first one times out, all future requests (until the browser is restarted) will go to the next server in the list.

    Now if only Lynx would parse the (javascript) proxy.pac file...

  14. Use Squid by Alexey+Nogin · · Score: 2 · on Lightning Crashes, An Old Freedom Dies (Updated)

    Setup a Linux machine with a password-protected Squid cache and block or redirect back to Squid (using transparent proxy kernel feature) all attempts to go directly to port 80 (and probably 8080 too) on any host outside of the school.

  15. Re:Could you distribute servers? by TeddyR · · Score: 1 · on Forum: The Yahoo Denial of Service

    Thats what the "dream" of a proxy cache hiarchy system was supposed to achieve.

    as an example, nlanr's ircache project advocating the use of proxy cache servers all over to reduce the "load" on final servers,and reduce bandwidth requirements of border links. [any proxy cache software can be used, but they use squid



    Amarillo Linux Users Group

  16. Proxy caches! by Anonymous Coward · · Score: 0 · on Addendum to The Slashdot Effect Internet Paper

    I figure what this really shows is that either too few users use proxy caches or there's too much cachebusting. Squid Now!