Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.

Published byWillis Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as."— Presentation transcript:

1 Unit - III

2 Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as web pages, java script and downloaded files closer to the clients that request those objects. (2) When a new request is made for a cached object, the proxy server is searched instead of allowing the request to go to the source. Local cache server then looks for the requested object as proxy or substitute for the actual server.

3 (3) Using a caching proxy server has 2 fold i.e. (a) To provide accelerated web browsing by reducing access time. (b) To reduce bandwidth consumption. (4) The HTTP acceleration feature Speed up web browsing because cached pages need not be re-retrieved unless the original page has been updated since it was last cached.

4 (5) This web proxy discussed up to now is called as squid. This provides the basic caching & proxy function. (6) Squid also caches DNS lookups, to Speed up subsequent DNS queries, performs nonblocking DNS queries, and implements negative caching which means the squid remembers when a request was made for an object. (7) Squid can work as a transparent proxy with transparent proxing, web clients think they are communicating with the requested servers when in fact they are communicating with the proxy.

5 Configuration of SQUID [root#] rpmquery –qa squid Squid-2.5.STABLE 8-1 FC3.1 The configuration process includes the following steps: (1) Verifying the kernel configuration (2) Configuration squid (3) Modifying the net filter configuration (4) Starting squid (5) Testing the configuration

6 Verifying the kernel configuration (a) Verify the kernel configuration because the kernel features are needed such as IP forwarding and netfilter (iptables) support. (b) The most important kernel features user need is netfilter support because it handles the actual proxying of browser request.

7 (c) Specifically user needs to enable netfilter and the modules that support: (i) Connecting tracking (ii) IP tables (iii) Full network address translation (iv) support for redirect target (d)the first thing to do is enable IP forwarding on the system that will run the squid.

8 (e) IP forwarding enables the kernel to send or forward packets that arrive on network interface to another. (f) To check whether IP forwarding is enable or not there is a command as: sysctl -n net.ipv4.ip_forward (g) This command queries the kernel directly. If the output value is 1 then forwarding is enabled. if the value is 0 it is disabled.

9 (h) To enable, execute sysctl -w net.ipv4.ip_forward=1 (i) To permanently enable, modify sysctl-conf as vi / etc / sysctl.conf net.ipv4.ip_forward =1

10 Configuring Squid (a) Squid Configuration file on the system is /etc/squid/squid.conf, Squid is controlled by the initialization script is /etc/rc.d/init.d/squid which adds default values from / etc /sysconfig/squid

11 (b) There is only need to modify the squid configuration file, the configuration settings with which user is concern is as follows

12 cache_effective_groupSquidIndentifies squid group cache_effective_userSquidIdentifies squid user httpd_accel_hostNoneDefines host name of http server httpd_accel_with_proxyOffSquid runs both as accelerator and proxy httpd_accel_port80Defines port numberof http server httpd_accel_uses_host_headerOnEnables quid to work as transparent proxy httpd_accessDeny allDefines who access squid

13 (c) The list parameter cache_effective_user and cache_effective_group identify the user ID(UID) and group ID (GID) respectively. (d) httpd_accel_with__proxy, which has default value as OFF. It controls whether squid runs as a cache and proxy or just as a proxy. (e) httpd_accel_port to 80 and use httpd_accel_host to define the name of host running squid the default port no is 80.

14 (f) The value of httpd_accel_user_host_header by default is off means that the client have to configure these web clients to use a Proxy server and when set to on will make squid transparent proxy. (g) To configure the final values is httpd_access which controls who can access Squid server and therefore the default values is set to be deny all. if the Value permits all users to access the server.

15 Modifying netfilter (a) This rule sends HTTP requests to squid which services the request instead of the destination host. (b) To modify the netfilter there is a command as: (c) #iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j REDIRECT --to-port 3128.

16 (i) This command updates the NAT or network address translation table (-tnat), appending a rule to the prerouting chain(-A Prerouting). (ii) The rule that applied to TCP protocol packets (-p tcp) arriving on the network interface etho (-1 etho ) that are destined for port 80 (-dport 80). (iii) The modification that occurs is that packet to port 80 are redirected {REDIRECT) to port 3128 (-to- port 3128) which is the port on which squid listens.

17 Starting squid: (a) start squid server [root#]service squid start Starting Squid: [oK] (b) User can also use other option to start [root#] chkconfig squid ON

18 Testing the configuration: (a) To test the configuration do the some changes in web browser. (b) If user uses Mozilla firefox then select Edit - preferences dialog box (C) On the general tab, Click connection settings to open the connection settings dialog box. (d) Click the manual proxy radiobutton and type the hostname or IP address of the proxy server int the HTTP proxy test box and type 3128 in the accompanying port text box.

19 (e) Click OK to close the connection settings dialog box and ok again to save the changes and close the preferences dialog box. (f)Now user can be able to type the url and would see the resulting page.

Download ppt "Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
DVG-N5402SP.

DVG-N5402SP.
14 July 2004 1 CONFIGURING A PROXY SERVER IN LINUX BY ROHIT KAUL CS, BITS-PILANI.

14 July CONFIGURING A PROXY SERVER IN LINUX BY ROHIT KAUL CS, BITS-PILANI.
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
South Dakota Library Network MetaLib Management Basics IP Ranges / Proxy Servers South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD.

South Dakota Library Network MetaLib Management Basics IP Ranges / Proxy Servers South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD.

Similar presentations

Ads by Google