Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo
 
Topic to be covered: What is Proxy?? Purpose of using Proxy Improving performance using Proxy Filtering request using proxy Part I: Part II: How Proxy works?? (Animated presentation) Squid Other Proxies Squid Page Fetch Algorithm Cacheable Objects Non-cacheable Objects Transparent Proxies (Pros & Cons) Part III: Installation & Configuration Of Squid Demo
What is Proxy ? Proxy Proxy is hardware / software Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet. Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information on the Internet. Proxy share a connection to others Proxy act as gateway Proxy act as Cache Server/Firewall Organization , universities , companies use proxy systems LAN INTERNET
Main purpose of using proxies Improve Performance Act as Cache server Cache web pages & provide them back without requesting the page again from website server. Bandwidth control Reduces the Bandwidth requirements for an large Organization. Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Prevent access of network on Time Basis. Surfing Anonymously Browsing the WWW without any identification!!!        
Improving Performance Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. Bandwidth control Policy-based Bandwidth Limits Deny by content type Caching Reduces latency (Sites takes less time to open) Reduces Network Traffic  ( Reduces Data uses) INTERNET 64 Kbps 128 Kbps 512 Kbps 1 Mbps
Filtering  Requests Prevent access to some web sites!!! Categories web sites Educational  Advertisements & Pop-Ups Chat  Games  Hacking  Peer-to-Peer Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm
 
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 LAN INTERNET Proxy Server Source IP  172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Source IP Address LAN INTERNET Proxy Server Source IP  217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP  172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Source IP Address  & Destination IP Address IP  : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP  209.191.93.52 Dest IP 217.219.66.2
IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Dest. IP Address IP  : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP  209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
 
SQUID Squid is a free, open source, proxy caching  server for  Web clients It operates as an intermediary between the Web  browsers (clients) and the servers they access. Technically, A proxy server can simply manage traffic  between a Web server and the clients that want  to communicate with it, without doing caching at  all. Squid combines both capabilities as a server. Squid is supported and distributed under a GNU Public  by the National Laboratory for Applied Network  (NLANR) at the University of California, San Diego.
Squid supports following protocols: It supports Transparent proxying. It works on port no. 3128 Other works that a Proxy does. Protocol Description and Port HTTP Web pages, port 80 FTP FTP transfers through Web sites, port 21 ICP Internet Caching Protocol, port 3130 HTCP  Hypertext Caching Protocol, port 4827 CARP Cache Array Routing Protocol SNMP  Simple Network Management Protocol, port 3401 SSL  Secure Socket Layer
Other proxies Free-ware Apache 1.2+ proxy support Commercial Netscape Proxy Microsoft Proxy Server NetAppliance’s NetCache CacheFlow  Cisco Cache Engine
Squid’s page fetch algorithm Check cache for existing copy of object   (lookup based on MD5 hash of URL) If it exists in cache Check object’s expire time; if expired, fall back to origin server If object still considered fresh, return cached object to requester
Squid’s page fetch algorithm If object is not in cache, expired, or otherwise invalidated Fetch object from origin server If 500 error from origin server, and expired object available, returns expired object Test object for cacheability; if cacheable, store local copy
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: LAN INTERNET Proxy Server Source IP  172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Source IP Address Cached Pages: LAN INTERNET Proxy Server Source IP  217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP  172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Source IP Address  & Destination IP Address IP  : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: LAN INTERNET Proxy Server Source IP  209.191.93.52 Dest IP 217.219.66.2
IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Change Dest. IP Address IP  : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP  209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
IP  : 172.16.0.2 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Cached Pages: www.yahoo.com  LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
IP  : 172.16.0.3 Gw : 172.16.0.1 IP  : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: www.yahoo.com  LAN INTERNET Proxy Server Source IP  172.16.0.3 www.yahoo.com Dest IP 209.191.93.52
Cached Pages: www.yahoo.com  IP  : 172.16.0.3 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Check for cached page LAN INTERNET Proxy Server Source IP  172.16.0.3 www.yahoo.com Dest IP 209.191.93.52 Page Found
IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 Retrieve page from cache IP  : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com  LAN INTERNET Proxy Server No Need to contact Yahoo server Source IP 209.191.93.52 Dest IP 172.16.0.3
IP  : 172.16.0.3 Gw : 172.16.0.1 IP  : 217.219.66.2 Gw : 217.219.66.1 IP  : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.3
Cacheable objects HTTP Must have a Last-Modified: tag If origin server required HTTP authentication for request, must have Cache-Control: public tag Ideally also has an Expires or Cache-Control: max-age tag FTP Squid sets Expires time to fetch timestamp + 2 days
Non-cacheable objects HTTPS HTTP No Last-Modified: tag Authenticated objects URLs with cgi-bin or ? in them POST method (form submission)
Transparent Proxying Router forwards all traffic to port 80 to proxy machine using a route policy Pros Requires no explicit proxy configuration in the user’s browser Cons Route policies put excessive CPU load on  routers on many (Cisco) platforms Often leads to mysterious page retrieval  failures Only proxies HTTP traffic on port 80; not FTP or  HTTP on other ports
 

More Related Content

Squid

  • 1.  
  • 2. Topic to be covered: What is Proxy?? Purpose of using Proxy Improving performance using Proxy Filtering request using proxy Part I: Part II: How Proxy works?? (Animated presentation) Squid Other Proxies Squid Page Fetch Algorithm Cacheable Objects Non-cacheable Objects Transparent Proxies (Pros & Cons) Part III: Installation & Configuration Of Squid Demo
  • 3. What is Proxy ? Proxy Proxy is hardware / software Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet. Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information on the Internet. Proxy share a connection to others Proxy act as gateway Proxy act as Cache Server/Firewall Organization , universities , companies use proxy systems LAN INTERNET
  • 4. Main purpose of using proxies Improve Performance Act as Cache server Cache web pages & provide them back without requesting the page again from website server. Bandwidth control Reduces the Bandwidth requirements for an large Organization. Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Prevent access of network on Time Basis. Surfing Anonymously Browsing the WWW without any identification!!!   
  • 5. Improving Performance Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. Bandwidth control Policy-based Bandwidth Limits Deny by content type Caching Reduces latency (Sites takes less time to open) Reduces Network Traffic ( Reduces Data uses) INTERNET 64 Kbps 128 Kbps 512 Kbps 1 Mbps
  • 6. Filtering Requests Prevent access to some web sites!!! Categories web sites Educational Advertisements & Pop-Ups Chat Games Hacking Peer-to-Peer Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm
  • 7.  
  • 8. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 LAN INTERNET Proxy Server Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
  • 9. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address LAN INTERNET Proxy Server Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
  • 10. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address & Destination IP Address IP : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2
  • 11. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Dest. IP Address IP : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
  • 12. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
  • 13.  
  • 14. SQUID Squid is a free, open source, proxy caching server for Web clients It operates as an intermediary between the Web browsers (clients) and the servers they access. Technically, A proxy server can simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a server. Squid is supported and distributed under a GNU Public by the National Laboratory for Applied Network (NLANR) at the University of California, San Diego.
  • 15. Squid supports following protocols: It supports Transparent proxying. It works on port no. 3128 Other works that a Proxy does. Protocol Description and Port HTTP Web pages, port 80 FTP FTP transfers through Web sites, port 21 ICP Internet Caching Protocol, port 3130 HTCP Hypertext Caching Protocol, port 4827 CARP Cache Array Routing Protocol SNMP Simple Network Management Protocol, port 3401 SSL Secure Socket Layer
  • 16. Other proxies Free-ware Apache 1.2+ proxy support Commercial Netscape Proxy Microsoft Proxy Server NetAppliance’s NetCache CacheFlow Cisco Cache Engine
  • 17. Squid’s page fetch algorithm Check cache for existing copy of object (lookup based on MD5 hash of URL) If it exists in cache Check object’s expire time; if expired, fall back to origin server If object still considered fresh, return cached object to requester
  • 18. Squid’s page fetch algorithm If object is not in cache, expired, or otherwise invalidated Fetch object from origin server If 500 error from origin server, and expired object available, returns expired object Test object for cacheability; if cacheable, store local copy
  • 19. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: LAN INTERNET Proxy Server Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
  • 20. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address Cached Pages: LAN INTERNET Proxy Server Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
  • 21. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address & Destination IP Address IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2
  • 22. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Dest. IP Address IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
  • 23. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
  • 24. IP : 172.16.0.3 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52
  • 25. Cached Pages: www.yahoo.com IP : 172.16.0.3 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Check for cached page LAN INTERNET Proxy Server Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52 Page Found
  • 26. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Retrieve page from cache IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server No Need to contact Yahoo server Source IP 209.191.93.52 Dest IP 172.16.0.3
  • 27. IP : 172.16.0.3 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.3
  • 28. Cacheable objects HTTP Must have a Last-Modified: tag If origin server required HTTP authentication for request, must have Cache-Control: public tag Ideally also has an Expires or Cache-Control: max-age tag FTP Squid sets Expires time to fetch timestamp + 2 days
  • 29. Non-cacheable objects HTTPS HTTP No Last-Modified: tag Authenticated objects URLs with cgi-bin or ? in them POST method (form submission)
  • 30. Transparent Proxying Router forwards all traffic to port 80 to proxy machine using a route policy Pros Requires no explicit proxy configuration in the user’s browser Cons Route policies put excessive CPU load on routers on many (Cisco) platforms Often leads to mysterious page retrieval failures Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports
  • 31.