A proxy can server "protect" users from bad public internet sites, or "protect" internal servers from bad internet users.
A proxy server proxies, or fetches, information for the user. Normally a proxy server sits on the company network and retrieves information for the users of the network. If the information has already been grabbed and cached, then it doesn't regrab the information. Ie: Sue comes into work and checks Google. An hour later Tom comes into work and visits Google. Why download the graphic twice? Same for news stories, etc. A reverse proxy faces the other way. Rather than having a web server sitting on the internet, it is hidden behind the proxy. Before: The public internet users visit web1.website.com and get webpages. They are also directly interfacing with this web server. After: The public internet users visit web1.website.com, which is now the reverse proxy, or squid running in accelerated mode. Squid visits the internal webserver, not the users. Squid gets the information and passes it back to the user. Web1.website.com/web1 might get a user information from the company news server Web1.website.com/extranet might give users information from another internal webserver. The important part is that the web servers are more secure, because the users only know of the Squid. Only port 80 (or port 443) needs to be open through the firewall, connecting users from the net to Squid. Squid can then use various other ports, on the user's behalf, and reach other servers...on the user's behalf. Squid can also be set up to load balance (which I know it can do but haven't personally done) so that if you have multiple web servers, with the same content, squid can direct users to the least used server. If there is some other difference between "accelerated mode" and "reverse proxy" I'd appreciate hearing about it. I picked up the book, Squid, the Definitive Guide, which helped me a lot, but I am still not where I need to be knowledge wise with Squid yet. Chris Perreault -----Original Message----- From: Peter Marshall [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 02, 2004 1:56 PM To: Chris Perreault; [EMAIL PROTECTED] Subject: Re: [squid-users] Newbie questions Thanks. Your comments were very helpful .. however, I did not understand the last paragraph .... What did you mean by a "web facing proxy", and what does accelerated mode do ... (I have seen that mentioned many times) Peter ----- Original Message ----- From: "Chris Perreault" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 02, 2004 1:52 PM Subject: RE: [squid-users] Newbie questions The # lines are commented default settings. If you wanted to you could just get rid of all the lines that began with a #. I went through the original conf file and wherever a made a change I added an extra line above the change, that read: "# added <date> ..by chris" That way I could do a search on "# added" and scroll down through all the lines I changed/added. Those would be the only lines that I'd need to run Squid. This also assists in helping you keep track of changes, what works, what needs removing/changing, etc. As for a default conf file, there are so many different ways of setting it up, different uses for it, that there would be a lot of "default" config files. Ie: you might want to use one form of authentication as a web facing proxy server, that your internal users would be using. I might want to set it up in a accelerated mode to protect and simplify access to our internal web servers to the public internet users, using a different form of authentication. Chris -----Original Message----- From: Peter Marshall [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 02, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: [squid-users] Newbie questions Hi all. I just installed squid (last week), and have been playing around with it for a bit .... I would like to try and reduce the conf file by oh say ... 2000 lines :) .. but I really don't understated what allot of the configurations are for .. even after reading endless amounts of docs .... Does any one have a good "default" squid config .. that only allows for normal http and ftp stuff. My second question has to do with stats ... I have been trying mrtg .. I have it installed .. but I can not figure out how to make it show a graph ... If someone knows how to do this I would Really appreciate it .... I fond a page with a load of config files on it ... but I am not sure how to get them to work. The page I found was this: http://howto.aphroland.de/HOWTO/MRTG/SquidMonitoringWithMRTG Anyway, if someone who does not mind helping out a newbie would not mind giving me a hand, I would REALLY appreciate it .... I am more stuck on the last question ..... Thank you. Peter Marshall
