Friday, October 23, 2009

Linux Securirty Notes 14: Squid notes 5: ACL - Cache Management

Squid ACL Cache Management:
    Here we can will have a look in to the squid cache management. We can make squid to start caching only a certain number of websites, or u can turn off all the caching ability or even we can run with full caching ability of squid.

Setting up squid as a non-caching service:
    In this mode the squid will not cache any of the request. And will be running only for logging the access and honouring the ACLs defined according to the company rule.

Disable caching for request from all the source address
# vim squid.conf
------------
acl    noncaching_hosts    src 0.0.0.0/0.0.0.0
no_cache    deny    noncaching_hosts
------------
# reload squid
    no_cache tag is used to configure the caching management in ACL. Here with the deny option no_cache makes all the request from the given src address to run in non cache-mode. So monitor the access.log file for any "HITs" to verify. "HITS" are denoted for the caching sites and "MISS" for non caching sites. So from now itself we will get only the MISS in access.log.

Disable caching for specific sites in Internet/Intranet:
# vim squid.cond
---------
acl    no_cache_sites    dstdomain    .domain.com
no_cache    deny    no_cache_sites
---------
# reload squid
    This will make squid to disable caching only for the given domain. But all other domains will be cached. A number of domains can be defined to a file as well.

Disable caching for dynamic sites (sites which runs on .php/.asp/.pl/.cgi/.jsp etc)
       
# vim squid.conf
---------
acl    no_cache_dynamic_sites    url_regex    "/etc/squid/no_cache_sites"
no_cache    deny no_cache_dynamic sites
---------
# vim /etc/squid/no_cache_sites
---------
\.php$
\.cgi$
\.jsp
\.pl$
\.asp$
---------
# reload squid
    This will make squid to not cache the sites with has the expression listed in the file.

Caching based on the User access using IP address:
End result should be no cache activity for the request from Admins(192.168.100.0) and executive (192.168.200.3)But every one else should be cached.

# vim squid.conf
--------
acl no_cache_users    src    192.168.100.0/24    192.168.200.3
no_cache    deny    no_cache_users
--------
# reload squid
    Here all the request from the network 192.168.100.0/24 and IP address 192.168.200.3 will not be cached. But all other request will be cached.
Posted by at
Labels: , , ,

No comments:

Post a Comment

tag ur valuable ideas below

Subscribe to: Post Comments (Atom)