The earlier discussion on the basic of bandwidth management that only uses masquerading on firewall nat to share the internet connection to each client for our network. And then we classify into the various kinds of connection packets and give different priorities to them. It depends on how much you want to classify and get your desired priority.
One step further more about bandwidth management, using proxy server on the network is going to be very dramatic role in obtaining the satisfaction of our clients in use of the internet connection. Actually, the browser itself has been using this method, but the ability is still limited by making the cache inside.
The static data from any sites that have been accessed, the browser will make the cache that stored inside, so if sometimes we access it again the static data from the sites is not requested again except the dynamic data, the result is the loading of the site will be faster compared with the first time we access it. Using squid as a proxy server will works similar like this with more reliable because many configuration inside which can be configured in accordance with our internet network. So the proxy server is the storage with big capacity for the static data files of any sites, but not only that, the proxy server can be used for other purposes a long as you can configure it.
By using a proxy server all the static web will collected into one storage place on the server, and releasing excess load on the browser. As far as my observation, the excessive cache on the browser especially when infected with the virus will actually make the browser will be slow and can make a problem for the clients. Therefore, proxy servers being a very important role in the optimization of the bandwidth management.
For those of you who are familiar with Windows operation systems, it still allow you to use squid proxy to build the proxy server on your network, you can download the squid proxy for windows here. The next is the steps how to install squid proxy server on the windows operation system. In this case I use windows 7.
1. Extract the zip file of squid, then copy the folder to C of the hard drive of your computer that used to be proxy server. for more clearly, let you see the picture below!
2. Find etc folder inside squid folder that have been copied, then remove the extension default to the existing files inside, so that all the files ending with ".conf". let's see the picture below!
3. Open the configuration file "squid.conf" to do some changes in it, it's up to you whatever editor that you use, in this case I use notepad++. Then check and change as the basic configuration as the rules below!
1 2 3 4 5 6 7 8 9 | http_port 3128 visible_hostname localhost http_access allow localhost http_access allow localnet acl localnet src 192.168.1.0/24 dns_nameservers 8.8.8.8 8.8.4.4 cache_mgr agratitudesign@gmail.com cache_mem 64 MB cache_dir ufs c:/squid/var/cache 4000 16 256 |
Here i use port 3128 for the network 192.168.1.0/24, after making the above changes to the squid configuration and then saved it in the same file
4. Next is the point of the squid installation steps, we will work through the "Command Prompt" and type the following:
- cd c:\squid\sbin <enter> : entered into sbin directory to run squid.exe
- squid -z <enter> : create the cache files swap directory
- squid -d 1 -D <enter> then press “CTRL+C” : just for diagnose
- squid -i <enter> : inserting squid to the windows services
- squid -O -D <enter> ; inserting squid to the windows registry
- squid -r <enter> ; this is later if you want to uninstall the squid
5. Running the Squid proxy, you have to go to "services.msc". Click on start menu of the windows, then in the search field type "services.msc" or it could be through a control panel, as you please! On the list of sevices looking for the squid, right click and start the squid service. Every times you perform or change any configuration you need to restart squid on the services. For more details let's see the pictures below!
6. Make sure the firewall especially on windows 7 does not hinder the squid proxy. Click on Start menu, then type the firewall in the search field. like the picture below! on windows firewall with advanced security, click Inbound Rules, and new rule. Then at the new inbound port rules select the port and click next button.
Next on the inbound rule wizard at protocol and ports, select tcp, and fill the port 3128 as the squid configuration. Two steps forward just click next and next button, the last name it the new rule with squid proxy! let you see the picture below! Up here we've made a new firewall rule for the Squid proxy.
7. In order to use the internet connection from the proxy server on browser such firefox, we have to setupthe internet option on windows, you can search on the start menu and type internet option. Then do the settings as shown like the picture below!
next you have to setup the browser to use the connection via proxy server in the connection settings! Here I use Mozilla Firefox for example. Find the option, will shown as the picture below! Then use system proxy settings on the configuration settings.
until here you have been connected for the internet connection via squid proxy server but still on the local browser. Please you can explore it for browser other. Settings on internet option of the browser is needed because the proxy still not transparent. If you want to use transparent seventh steps above will not required. I will discuss it on the next article
For optimizing and tuning the squid proxy server that you have been made, you must require to do a lot changes for the squid configuration. Surely it come from the experiment to get the internet connection from the proxy server with high performance. Here I will give you the configuration of squid.conf tooptimize and tuning squid proxy server, you can download squid.conf here! and you have to adjust the configuration depending on your network and the hardisk that using as the server. For more clearly let's watch the video on this article!
Squid.conf for Squid 2.7 STABLE8 2015 Latest Update by Agratitudesign
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 | # WELCOME TO SQUID 2.7.STABLE8 # Proxy HIT Squid By Argratitudesign.blogspot.com # ----------------------------------------------------------------------------- # ACCESS CONTROLS # ----------------------------------------------------------------------------- acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localnet src 192.168.1.0/24 192.168.137.0/24 # RFC1918 possible internal network acl SSL_ports port 443 563 81 acl Safe_ports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535 acl CONNECT method CONNECT acl purge method PURGE http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all # NETWORK OPTIONS # --------------- http_port 3128 tcp_outgoing_tos 0x30 localnet zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 icp_port 0 htcp_port 0 icp_access allow all htcp_access allow all snmp_port 0 snmp_access allow all always_direct allow all # MEMORY CACHE OPTIONS # -------------------- cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir ufs c:/squid/var/cache 25000 16 256 store_dir_select_algorithm least- load maximum_object_size 128000 KB cache_swap_low 90 cache_swap_high 95 #update_headers off # LOGFILE PATHNAMES AND CACHE DIRECTORIES # --------------------------------------- access_log c:/squid/var/logs/access.log cache_log c:/squid/var/logs/cache.log cache_store_log c:/squid/var/logs/store.log logfile_rotate 5 log_ip_on_direct off log_icp_queries off buffered_logs off netdb_filename none emulate_httpd_log on # OPTIONS FOR TUNING THE CACHE # ---------------------------- cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320 refresh_pattern -i \. index .(html|htm)$ 0 75% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 1440 90% 10080 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 98 store_avg_object_size 13 KB #refresh_pattern ((facebook.com)|(69.63.181.11|69.63.181.12|69.63.1 89.11|69.63.189.16)).*\.(jpg|png|gif|swf|mp3|mp4|m pg|3gp|flv|swf|wmv|zip|rar) 12960 99% 12960 refresh_pattern -i \.facebook.com.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600 refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129690 refresh_pattern -i \.zynga.com.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 999999% 129609 refresh_pattern -i \.crowdstar.com.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 999999% 129609 refresh_pattern ^http:\/\/\ static \.ak\.fbcdn\.net*\.(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 999999% 129600 refresh_pattern ^http:\/\/\videoxl\.l[0-9]\.facebook.com\/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/\*.channel\.facebook\.com\/(.*)(js|css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/video\.ak\.facebook.com*\.(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/photos-[a-z]\.ak\.fbcdn\.net\/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 999999% 129600 refresh_pattern ^http://platform.ak.fbcdn.net/.* 720 100% 4320 refresh_pattern ^http://creative.ak.fbcdn.net/.* 720 100% 4320 refresh_pattern ^http://apps.facebook.com/.* 720 100% 4320 refresh_pattern ^http:\/\/ static \.ak\.fbcdn.net*\.(js|css|jpg|gif|png) 129600 999999% 129600 refresh_pattern ^http:\/\/\statics\.poker\. static \.zynga\.com\/(.*)(swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/\*.zynga.com*\.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http:\/\/\*.crowdstar.com*\.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 999999% 129600 refresh_pattern ^http://*.google-analytics.*/.* 720 100% 4320 refresh_pattern -i \.kaskus.com.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600 refresh_pattern -i \.kaskus.us.*\.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 999999% 129600 refresh_pattern ^http:\/\/\*.kaskus\.us*\.*(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 999999% 129600 # HTTP OPTIONS # ------------ server_http11 on collapsed_forwarding on vary_ignore_expire on #header_access From deny all #header_access Server deny all #header_access Link deny all #header_access Via deny all #header_access X-Forwarded- For deny all # TIMEOUTS # -------- forward_timeout 240 seconds connect_timeout 30 second peer_connect_timeout 5 seconds read_timeout 600 second request_timeout 60 second persistent_request_timeout 60 seconds client_lifetime 86400 second half_closed_clients off pconn_timeout 60 second shutdown_lifetime 10 second # ADMINISTRATIVE PARAMETERS # ------------------------- cache_mgr agratitudesign cache_effective_user squid cache_effective_group squid httpd_suppress_version_string on visible_hostname localhost # DNS OPTIONS # ----------- check_hostnames off dns_timeout 10 seconds dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4 hosts_file c:/squid/etc/hosts ipcache_size 8192 ipcache_low 90 ipcache_high 95 fqdncache_size 4096 # MISCELLANEOUS # -------------- memory_pools off forwarded_for off #reload_into_ims on coredump_dir c:/squid/var/cache pipeline_prefetch on offline_mode off client_db off |
you sould adjust some configuration that's depending on your system
http_port 3128
acl localnet src 192.168.1.0/24 192.168.137.0/24
dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4
cache_dir ufs c:/squid/var/cache 25000 16 256
access_log c:/squid/var/logs/access.log
cache_log c:/squid/var/logs/cache.log
cache_store_log c:/squid/var/logs/store.log
hosts_file c:/squid/etc/hosts
- coredump_dir c:/squid/var/cache