February 17, 2019

Do-It-Yourself Caching: Squid 2.3 - page 3

Why Caching is Essential

  • February 29, 2000
  • By Lisa Phifer

Unlike commercial products, Squid isn't configured through a command line or graphical user interface. To make a configuration change, edit etc/squid.conf or mime.conf files, then invoke:

/usr/local/bin/squid -k reconfigure

Changes can be checked for proper syntax by using the -k parse command-line option. Debug can be enabled when parsing the config file by using the -X option. A few changes (e.g., enabling or disabling the client access log) require Squid to be stopped and restarted; this can be accomplished with the -k shutdown option.

Squid can be monitored through log files, created by default in /usr/local/bin/logs. The cache.log contains system-level messages used to monitor status when starting, reconfiguring or stopping Squid. The access.log records client request activity (see Monitoring Squid). The store.log tracks objects being added to the cache; you'll probably want to disable this very large file by adding cache_store_log none to squid.conf. In fact, if you don't disable the store.log, you'll eventually run out of disk space.

Accessing shell commands and files require the administrator to log into the Squid server. Remote login session traffic can be secured with additional software (for example, Secure Shell).

Squid can also be remotely monitored through a browser-based Cache Manager GUI. Cache Manager is a CGI script. To run it, config changes may be required to the localhost web server. We added a link to /usr/local/squid/bin/cachemgr.cgi from our existing Apache cgi-bin directory, but we could have added a ScriptAlias to Apache's srm.conf file instead. If you want to limit access to Cache Manager, add a Location to Apache's access.conf file permitting execution by a specified host, domain, or authenticated user.

Config details for each web server vary; do whatever it takes to execute this CGI script and impose appropriate security restrictions.

With our version of Squid, manager access by the localhost was permitted by default. Older Squid versions may require squid.conf file updates to add the ACL http_access allow manager localhost. You can restrict actions available through Cache Manager by customizing cachemgr_passwd statements in squid.conf. The only active command provided by Cache Manager--shutdown--is password-protected by default. All other Cache Manager commands are passive; this GUI does not support remote configuration.

Most Popular LinuxPlanet Stories