Squid: The Definitive Guide by Duane Wessels is a great book for
someone with aspirations of setting up and getting the most out of
Squid. It is lengthy at just over 400 pages, but that is to be
expected and desired in O'Reilly's "The Definitive Guide" series.
One point worth mentioning is that Duane Wessels (the author, for
those with short synaptic cycles) is the one who started Squid and
still works on it today. Each chapter builds nicely on subsequent
chapters, so there isn't any skipping around. If you're just looking
to set it and forget it, this book is probably not for you. Otherwise,
read on.
The first three chapters are pretty basic: history of Squid,
downloading then installing. For those with no concern of going
through downloading and installing, there is a nice section describing
each configure switch and, while weighing in at a healthy 48 options,
it may be helpful to have this as a reference.
Chapter Four, Configuration Guide For the Eager, is an often desired,
but often left out chapter in technical books. By just reading
chapters one through four, it is possible to have a fully functional
setup of Squid, albeit not very secure or ready for the pounding
of the masses. You will, however, begin to understand how Squid
operates. This chapter discusses the most often used settings, such
as: minimum/maximum size of cached objects, log files and ACLs to
restrict addresses, etc.
Chapter Five, Running Squid, covers what you expect. It includes
such topics as, boot scripts, chrooting and rotating log files.
Again, basic stuff, but necessary for the sake of completeness.
Chapter Six, All About Access Controls, covers one of Squid's major
powers and attractions, access controls. ACLs give the administrator
extremely fine-grained tuning. Some of the choice highlights for
limiting access to addresses/domains include, but not limited to:
filter by subnet, MAC, IP address or administrator assigned group.
Furthermore, regular expressions can be used to filter URLs or URIs.
A most likely seldom used, but very cool, feature is the ability
to filter by BGP AS (Border Gateway Protocol Autonomous System)
numbers. HTTP request methods such as POST, PUT, DELETE, etc. can
also be filtered. Filtering by time or restricting access by user
name is also supported. Each topic is assiduously explained and
leaves little to be desired.
Chapters Seven and Eight cover disk caching with chapter Seven being
basic material and then Eight covering more advanced topics.
Discussions on object pruning, size limits, cache replacement
policies and many other cache optimizations are covered in these
chapters and are necessary to thoroughly understand if you are
situated in a relatively large environment or just want to squeeze
every bit of performance from your Squid.
Chapter Nine, Interception Caching, covers transparent proxying.
This chapter discusses the benefits (no need to configure clients)
and drawbacks (cannot do user authentication) of implementing such
a system. It then goes on to discuss how to configure Alteon/Nortel,
Foundry, Extreme Networks, Arrowpoint, iptables, pf and ipfw to
perform the routing to the Squid box.
Chapter ten, Talking to other Squids
Scalability is another favorable attribute of Squid. Running in
parallel with previous chapters, this chapter details the advantages
(load balancing and increasing your cache hits) and the disadvantages
(security problems with having to trust neighboring Squids) of a
caching hierarchy. In addition, it explains how to configure connect
timeouts and other tweaks to keep Squids aware of when their siblings
are down.
Chapter eleven, Redirectors, covers another great attribute of
Squid. Redirectors can be used, among other possibilities, to remove
advertisements in web pages or rewrite client requests based on
their given URL or URI. This chapter details how they work, from a
protocol level, and provides example configuration settings such
as sending only specific users through the redirector or conversely,
letting specific users bypass the redirector altogether.
Squid can be configured to use various user authentication methods
to allow or deny access. Chapter Twelve, Authentication Helpers,
covers these options. Squid can talk HTTP Basic, HTTP Digest and
NTLM. Each type is well explained in how it works and detailed in
how to setup.
Chapter Thirteen and Fourteen fully explain logging and monitoring.
The logging chapter explains the type of information each log file
catches, a full description of each error or information type (which
is a great reference that I made full use of) and configuration
directives that change what is logged or how it is logged. Monitoring
Squid covers the Squid Cache Manger (A web front-end to many great
statistics), a brief mention of using Squid-RRD and using SNMP.
Such monitoring statistics include, file descriptor allocation,
byte hit ratios, cache hits and cache misses and a wealth of other
useful information.
Chapter Fifteen, Server Accelerator Mode, explains Server Accelerator
Mode, which is also known as Surrogate Mode. It is a neat trick
where Squid stills runs as a proxy, however, the Squid server is
proxying the world (or a select few) to your server. One obvious
advantage includes performance (or Slashdot hardening if you will).
There are several config directives explained here as well as some
gotchas.
Chapter Sixteen, Debugging, is the is one of the few chapters that
I did not need to reference. Although, if you need to, there is
some good information provided.
Appendix A comes with a config file reference that actually provides
more information then the comments in the configuration file (Holy
moley!...they better trademark that idea before other authors catch
on!).
Appendix B briefly covers memory caching and optimization.
Appendix C shows how to use delay pools to limit user bandwidth.
Appendix D details file system performance benchmarks to show you
filesystem and operating system differences.
Appendix E discusses running Squid on Windows using Cygwin.
Appendix F covers auto configuration of Squid clients to avoid
needing to physically visit the many machines you administer.
In conclusion:
Pros: This is "The Book" for Squid. No skipping from chapter to
chapter, the author was also the designer and still one of the
maintainers, fuller descriptions of the configuration file directives
that the configuration file comments. It is a great reference.
Cons: Really the only thing that I didn't like was that he only
discussed HTTP proxying. There is a brief mention of FTP and SMTP,
but only a couple of sentences. To be fair, in the preface he did
mention that he would would of liked to written on these topics but
didn't have time.
Back in 1998 when I was running my own ISP, Squid was a lifesaver
because it allowed me to provide excellent web response to customers
over a very modest upstream connection.
When I moved on to consulting Squid was the answer to a wide variety
of client problems from employee Internet access control (Redirectors)
to company website performance (Server Accelerator Mode) to plain
old web page load times (Proxy Cache).
Now that I've moved in-house in a large corporation (30,000+
employees) and I've found out what commercial vendors are charging
for their solutions to each of these problems, I have gladly used
my knowledge of Squid to save us money.
Of course, that knowledge was not easily won, at least not for me.
Because Squid was an open source project there was a lot of information
available on the Web, but, of course, because Squid was an open
source project, it was hard to find a definitive answer to my
particular problem without asking a lot of dumb questions on
newsgroups or making a lot of trial and error attempts tweaking
compile time options, system changes and configuration file settings.
I have waited for this book for a long time.
I was concerned that it might be too detailed to be readable.
Thankfully, Duane Wessels, the primary architect of Squid , has
laid out this book to provide simple access at the Macro level. The
chapter arrangement and organization are very intuitive. And yet
the book still contains enough information to satisfy almost every
question.
The one caveat I would make to a reader is to maintain situational
awareness while delving into a chapter because, without noticing
it, you can suddenly be confronted with pages and pages of configuration
file details. There's no avoiding it, when a book says 'Definitive
Guide' on the cover you expect to have full coverage. It's just
that the book is so lucidly written that the transition from
high-level discussions to detailed facts might catch you un-aware.
And, really, it's that kind of feeling that lets you know that
you're reading a very valuable text. I spent the first hour after
I got this book skimming each chapter, happy at each additional
topic I discovered. Then I went back and asked it the two hardest
questions I have faced using Squid over the past year, in each case
the answer was easily found and fully explained (Mr. Wessels deserves
an award for making transparent proxying understandable).
The wait for this book was well worth it. I highly recommend it to
any person working with, or thinking about working with, Squid.
