Kai Kiang wrote:
> I want to setup squid and squidguard in order to cache the web access
and
>restrict users from entering some sites, but I'm worry about the
>performance. Does anyone has experience with this configuration and can you
>share your experience with me? The web cache is mainly used to cache
>overseas sites to speed up web application access...
I have my ESSG :) box set up this way. It's still a 4.0.1 system, but I
think there's no conceptual difference...
You need three components:
1. squid (included in ESSG);
2. transproxy (transparent proxy, an ESSG addon necessary to force all HTTP
port 80 requests through squid);
3. squidguard (the ESSG addon that filters requests through the blocked
sites database).
I never made extensive performance checks on this configuration, because my
personal "feel-o-meter" :) did not notice any perceivable difference between
direct and cached access: I guess that the 50% hit that squid cache shows on
my system compensates that little slowness introduced by the tranparent
proxy and filtering process.
A caveat: Internet traffic at my site is not too high: several users
browsing the web at the same time from different subnets and some email
exchange on an ADSL line. I don't know how the system performs under heavy
load.
> And if I have a lot of users at several sites, do you think I'd better
to
>cache at each individual site or cache at a central spot such as a
>datacenter with much powerful cache server? Any comments?
It's not a simple answer to give: one should know details about the
bandwidth at each site and at the central site, about the different gateways
performances etc. etc.
>From a system manager's view, a central location would be better because
you'll have a single system to maintain (squid log to stow away, squidguard
databases to update, things like that), but it can be feasible only if your
network infrastructure between each site and the central spot can sustain
the network traffic, and then if the central gateway has the required
performances to make centralized internet access times roughly even to
scattered internet acces ones.
--
Pierluigi Miranda
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
