Presentation is loading. Please wait.

Presentation is loading. Please wait.

Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer.

Published byMagdalen Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer."— Presentation transcript:

1 Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer

2 Todays topic ● Who is Henrik? ● What is Squid? ● Squid usage at ISPs ● Squid corporate usage ● Squid for Content Publishers ● The Squid Project

3 Who is Henrik? ● Independent Open Source consultant ● Active Squid developer ● Working on Squid since 1996 ● Have also been seen in – Linux Netfilter/iptables – User Mode Linux – And many other projects

4 What is Squid? ● HTTP Proxy Cache ● Supports HTTP, FTP, Gopher and whois. For HTTP clients. ● Internet proxy ● Reverse proxy/accelerator ● Access control

5 What Squid is not ● Squid is not a firewall ● Squid is not a filter ● Squid is not a generic proxy for non-HTTP protocols.

6 Benefits of HTTP caching ● Reduced bandwidth usage ● Improved latency ● Reduces cost ● Scales performance

7 Caching within HTTP ● Defined by the HTTP specicications (RFC2616) ● Browser caches ● Shared caches ● Controlled by the content publisher ● Heuristic model ● If-Modified-Since

8 Cache tuning ● Explicit expiry ● Heuristic model, last-modified ● Default 20% max 72 hours ● Tuned on URL patterns

9 Internet Proxy ● Provides web access ● Delegation by user/browser ● Used by ISPs ● Corporations ● And some home users

10 ISP Usage ● Reduce bandwidth usage ● Improve latency ● Internet quality/cost still problematic in many parts of the world ● 50% hit ratio, 30% byte

11 Corporate Usage ● Audit trail ● Access controls ● Filtering ● Virus scanning (third party) – Via scanner proxy – Offloaded using ICAP ● Authentication ● Active Directory integration

12 ICAP ● Internet Contend Adaptation Protocol (RFC3507) ● Generic ● HTTP ”only” ● Mostly virus scanners

13 Cache busting ● Content providers not playing well ● Everything uncachable/private ● Random URLs ● Etc. ● Education needed. ● Caching Tutorial for Web authors and Webmasters, mnot.net

14 Reverse proxy / accelerator ● Delegation by the webauthor/webmaster. ● Official web ”server” ● Easily scale performance ● Peaks removed, almost constant load ● SSL Offload ● ESI ● Persistent connections ● Typically 95%-99% hit ratio

15 Persistent connections ● Increases browsing performance ● Resource intensive for many web servers ● Easily maintained by Squid

16 SSL Offload ● Moves SSL encryption to the accelerator ● Easier scaling ● Less need for special crypto hardware ● Application awareness

17 ESI ● Edge Side Includes ● Delegate page composing ● Simple XML based language ● Akamai, Oracle, IBM and others ● Semi-dynamic content

18 Efficient use ● Design with caching in mind ● Static / dynamic ● Avoid server side dynamic composing ● Use client capabilities / DOM ● Unique URLs for unique content

19 Example: Wikipedia ● Very large web site ● 50K hits/s, 4Mbps traffic ● 97% hit ratio ● Soon 90 Squid servers (75 today) ● Intelligent request roting (2 level CARP) ● Automatic cache updates (HTCP)

20 The Squid Project ● Started with an NSF grant ● Run by volonteers ● Paid contracts ● About 6-7 active ● Several minor contributors

21 Current status ● Squid-2.6, maintenance ● Squid-3.0, this week

22 Why Squid-3.0 ● Major code restructuring ● Easier maintenance ● ICAP support ● ESI support

23 Ongoing projects ● Increased performance ● Tools to mitigate cache busting effects ● IPv6 ● HTTP/1.1 ● Inline ICAP (eCAP) ● SSL Interception ● Further internal cleanups

24 HTTP/1.1 ● Basic support for Squid-2 ● Full support planned for 3.1

25 SSL Interception ● Man-in-the-middle attack on SSL ● Corporate policy denying encrypted traffic ● Faked trust delegation ● Controlled environment

26 Mitigation of CDN cache busting ● Youtube and others ● Probably unintentional ● Same object, many URLs ● Custom rules per CDN ● Available in Squid-2.HEAD ● Squid 2.7 and 3.1.

27 Future goals ● Easier configuration ● Much better performance

28 Questions?

Download ppt "Squid HTTP Proxy Henrik Nordström Open Source Consultant Squid developer."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
What’s a Web Cache? Why do people use them? Web cache location Web cache purpose There are two main reasons that Web cache are used:  to reduce latency.

What’s a Web Cache? Why do people use them? Web cache location Web cache purpose There are two main reasons that Web cache are used:  to reduce latency.
Copyright © 2002 Pearson Education, Inc. Slide 4-1 Choosing the Hardware for an E-commerce Site  Hardware platform  Refers to all the underlying computing.

Copyright © 2002 Pearson Education, Inc. Slide 4-1 Choosing the Hardware for an E-commerce Site  Hardware platform  Refers to all the underlying computing.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
CSCI-1680 Web Performance and Content Distribution Based partly on lecture notes by Scott Shenker and John Jannotti Rodrigo Fonseca.

CSCI-1680 Web Performance and Content Distribution Based partly on lecture notes by Scott Shenker and John Jannotti Rodrigo Fonseca.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Web Cache. Introduction what is web cache?  Introducing proxy servers at certain points in the network that serve in caching Web documents for faster.

Web Cache. Introduction what is web cache?  Introducing proxy servers at certain points in the network that serve in caching Web documents for faster.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Similar presentations

Ads by Google