Hello all
I run a small squid cache for a high school that due to location and
budget has a very limited internet connection and therefore must try
to conserve bandwidth. The school wishes to have content filtering
enacted to prevent students from accessing inappropriate content while
on school grounds. Currently the school has a service to filter
content using a parent proxy however this server is located in England
and the school is in Ontario, Canada.
The way it is set now squid will only connect to the parent proxy to
retrieve pages however it is very inefficient to run all the school's
http requests to europe and back. This is causing 2 problems:
1) Often when trying to load a webpage it appears to get "stuck" at
connecting to the server but hitting stop and then refresh will load
the page very quickly.
2) Downloads over HTTP start at only a few kb/s. Sometimes they stay
that way, other times after 4 or 5 minutes they speed up to most of
the school's available speed of around 180 kb/s. This problem used to
extend to FTP as well until I used always_direct for FTP transfers.
However this means there is no filtering of ftp traffic.
I disabled the parent cache and tested the speed and it was a
remarkable difference. No stutters when loading pages and no problems
with HTTP downloads but it also means no filtering. What I would like
to do is have squid check for permission to access the site from the
parent proxy but then directly connect to the hosting server to
actually make the transfer. I am not sure if it is even possible but
if anyone has some ideas I'd love to hear them.
I've included most of squid.conf for completeness sake:
http_port 192.168.3.1:3128
cache_peer parent-proxy.co.uk parent 2326 0
## Direct connections to FTP sites. FTP transfer suffered from
terrible performance until I did this
acl FTP proto FTP
acl HTTP proto HTTP
acl HTTPS proto HTTPS
cache_peer_access parent-proxy.co.uk allow HTTP
cache_peer_access parent-proxy.co.uk allow HTTPS
cache_peer_access parent-proxy.co.uk deny FTP
never_direct allow HTTP
never_direct allow HTTPS
always_direct allow FTP
#NTLM
auth_param basic program /usr/lib/squid/smb_auth -W domain -U domain_controller
auth_param basic children 10
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 1 hour
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow password
http_access deny all
http_reply_access allow all
Thanks in advance
Luke Taylor
Received on Wed Mar 26 2008 - 14:37:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT