Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer.

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

Enabling Secure Internet Access with ISA Server

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Lesson 4: Web Browsing.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

What’s a Web Cache? Why do people use them? Web cache location Web cache purpose There are two main reasons that Web cache are used:  to reduce latency.

Copyright © 2002 Pearson Education, Inc. Slide 4-1 Choosing the Hardware for an E-commerce Site  Hardware platform  Refers to all the underlying computing.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

CSCI-1680 Web Performance and Content Distribution Based partly on lecture notes by Scott Shenker and John Jannotti Rodrigo Fonseca.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Cache. Introduction what is web cache?  Introducing proxy servers at certain points in the network that serve in caching Web documents for faster.

1 Enabling Secure Internet Access with ISA Server.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Course 201 – Administration, Content Inspection and SSL VPN

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Web Caching: Replication on the World Wide Web Jonathan Bulava CSC8530 – Distributed Systems Dr. Paul Schragger.

Securing Microsoft® Exchange Server 2010

Chapter 4: Core Web Technologies

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

System Administration and Maintenance. Proxy Server 1 Purpose – – To separate internal network from internet (NAT) To cache often used content User control:

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Module 9: Implementing Caching. Overview Caching Overview Configuring General Cache Properties Configuring Cache Rules Configuring Content Download Jobs.

Module 7: Advanced Application and Web Filtering.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)

3/5/2016Faculty : Trần Thị Ngọc Hoa1 From Proxy Server To ISA 2006  Overview  History  Functions  Caching Process  Caching Types  How does it work.

Web Cache. What is Cache? Cache is the storing of data temporarily to improve performance. Cache exist in a variety of areas such as your CPU, Hard Disk.

Web Server Administration Chapter 6 Configuring a Web Server.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Presented by Michael Rainey South Mississippi Linux Users Group

From infra admin's point of view

BUILD SECURE PRODUCTS AND SERVICES

Nithyamoorthy S Core Mind Technologies

Lab A: Planning an Installation

Presentation on Distributed Web Based Systems Submitted by WWW

Module 3: Enabling Access to Internet Resources

Barracuda Firewall The Next-Generation Firewall for Everyone

Enabling Secure Internet Access with TMG

WWW and HTTP King Fahd University of Petroleum & Minerals

CONNECTING TO THE INTERNET

F5 BIGIP V 9 Training.

HTTP request message: general format

Caching Temporary storage of frequently accessed data (duplicating original data stored somewhere else) Reduces access time/latency for clients Reduces.

Lesson 4: Web Browsing.

Securing the Network Perimeter with ISA 2004

Practical Censorship Evasion Leveraging Content Delivery Networks

Forefront Security ISA

Web Caching? Web Caching:.

Internet Applications

Distributed Systems CS

Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.

Firewalls Jiang Long Spring 2002.

Cloud Web Filtering Platform

Lesson 4: Web Browsing.

Content Distribution Networks + P2P File Sharing

Designing IIS Security (IIS – Internet Information Service)

Content Distribution Networks + P2P File Sharing

Presentation transcript:

Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer

Todays topic ● Who is Henrik? ● What is Squid? ● Squid usage at ISPs ● Squid corporate usage ● Squid for Content Publishers ● The Squid Project

Who is Henrik? ● Independent Open Source consultant ● Active Squid developer ● Working on Squid since 1996 ● Have also been seen in – Linux Netfilter/iptables – User Mode Linux – And many other projects

What is Squid? ● HTTP Proxy Cache ● Supports HTTP, FTP, Gopher and whois. For HTTP clients. ● Internet proxy ● Reverse proxy/accelerator ● Access control

What Squid is not ● Squid is not a firewall ● Squid is not a filter ● Squid is not a generic proxy for non-HTTP protocols.

Benefits of HTTP caching ● Reduced bandwidth usage ● Improved latency ● Reduces cost ● Scales performance

Caching within HTTP ● Defined by the HTTP specicications (RFC2616) ● Browser caches ● Shared caches ● Controlled by the content publisher ● Heuristic model ● If-Modified-Since

Cache tuning ● Explicit expiry ● Heuristic model, last-modified ● Default 20% max 72 hours ● Tuned on URL patterns

Internet Proxy ● Provides web access ● Delegation by user/browser ● Used by ISPs ● Corporations ● And some home users

ISP Usage ● Reduce bandwidth usage ● Improve latency ● Internet quality/cost still problematic in many parts of the world ● 50% hit ratio, 30% byte

Corporate Usage ● Audit trail ● Access controls ● Filtering ● Virus scanning (third party) – Via scanner proxy – Offloaded using ICAP ● Authentication ● Active Directory integration

ICAP ● Internet Contend Adaptation Protocol (RFC3507) ● Generic ● HTTP ”only” ● Mostly virus scanners

Cache busting ● Content providers not playing well ● Everything uncachable/private ● Random URLs ● Etc. ● Education needed. ● Caching Tutorial for Web authors and Webmasters, mnot.net

Reverse proxy / accelerator ● Delegation by the webauthor/webmaster. ● Official web ”server” ● Easily scale performance ● Peaks removed, almost constant load ● SSL Offload ● ESI ● Persistent connections ● Typically 95%-99% hit ratio

Persistent connections ● Increases browsing performance ● Resource intensive for many web servers ● Easily maintained by Squid

SSL Offload ● Moves SSL encryption to the accelerator ● Easier scaling ● Less need for special crypto hardware ● Application awareness

ESI ● Edge Side Includes ● Delegate page composing ● Simple XML based language ● Akamai, Oracle, IBM and others ● Semi-dynamic content

Efficient use ● Design with caching in mind ● Static / dynamic ● Avoid server side dynamic composing ● Use client capabilities / DOM ● Unique URLs for unique content

Example: Wikipedia ● Very large web site ● 50K hits/s, 4Mbps traffic ● 97% hit ratio ● Soon 90 Squid servers (75 today) ● Intelligent request roting (2 level CARP) ● Automatic cache updates (HTCP)

The Squid Project ● Started with an NSF grant ● Run by volonteers ● Paid contracts ● About 6-7 active ● Several minor contributors

Current status ● Squid-2.6, maintenance ● Squid-3.0, this week

Why Squid-3.0 ● Major code restructuring ● Easier maintenance ● ICAP support ● ESI support

Ongoing projects ● Increased performance ● Tools to mitigate cache busting effects ● IPv6 ● HTTP/1.1 ● Inline ICAP (eCAP) ● SSL Interception ● Further internal cleanups

HTTP/1.1 ● Basic support for Squid-2 ● Full support planned for 3.1

SSL Interception ● Man-in-the-middle attack on SSL ● Corporate policy denying encrypted traffic ● Faked trust delegation ● Controlled environment

Mitigation of CDN cache busting ● Youtube and others ● Probably unintentional ● Same object, many URLs ● Custom rules per CDN ● Available in Squid-2.HEAD ● Squid 2.7 and 3.1.

Future goals ● Easier configuration ● Much better performance

Questions?