Transparent Caching/Proxy

From Squid User's Guide

Jump to: navigation, search

Transparent caching is the art of getting HTTP requests intercepted and processed by the proxy without any form of configuration in the browser (neither manual or automatic configuration). This involves firewalling & routing rules to have packets with destination port 80 forwarded to the proxy port, and some Squid configuration to tell Squid that it's being called in this manner which differs slightly from normal proxied requests.

Transparent Cache/Proxy with Squid version prior to 2.6

Prior to Squid 2.6 there was no quick and direct method of enabling Squid to be a transparent proxy. This has since changed in the latest stable version of Squid and it is highly recommended that the latest stable version of Squid be used in preference to any previous edition, unless there exists an overriding reason to use an older release of Squid.

In older versions of Squid, transparent proxy was almost a "hack", achieved through the use of the httpd_accel options. Transparent proxy can be achieved in these versions of Squid by appending/uncommenting the following four lines of code in the squid.conf file: 

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

The four lines inform Squid to run as a transparent proxy, below is a list of what each individual line acheives:

  • httpd_accel_host virtual - This tells the accelerator to work for any URL that it is given (the usual usage for the accelerator is to inform it which URL it must accelerate)
  • httpd_accel_port 80 - Informs the accelerator which port to listen to, the accelerator is a very powerful tool and much of its usage is beyond the scope of this section, the only knowledge required here is that this setting ensures that the transparent proxy accesses the websites we wish to browse via the correct HTTP port, where the standard is port 80.
  • httpd_accel_with_proxy on - By default when Squid has its accelerator options enabled it stops being a cache server, to reinstate this (this is obviously important as the whole purpose behind this configuration is a cache server) we turn the httpd_accel_with_proxy option on
  • httpd_accel_uses_host_header on - In a nutshell with this option turned on Squid is able to find out which website you are requesting

Transparent Cache/Proxy with Squid version 2.6 and beyond

In this version of Squid, transparent proxy has been given a dedicated parameter -- the transparent parameter -- and it is given as an argument to the http_port tag within the squid.conf file, as the following example demonstrates: 

http_port 192.168.0.1:3128 transparent

In this example, the IP address that Squid is set to listen to is 192.168.0.1 using port number 3128, and your firewall rules is already set up to transparently intercept port 80 and forward to this port. The transparent option is then used to inform squid that this IP and port should be listened to as a transparent proxy. This completes the configuration of Squid as a transparent proxy server (yes that's right, all done! (apart from the ACL rules and generic settings that you have should have set by now after reading the sections of this guide prior to this one)).

Please note that to use this then you will need to compile in the necessary feature into your Squid binary. Please read the information on transparent proxy in the Installing Squid section for more details on this. Do not be alarmed by a Squid binary recompile at this stage, Squid should not overwrite your edited squid.conf file but make sure to back it up just in case!

For a full solution for Squid > 2.6, including Iptables, you can see this article: http://www.lesismore.co.za/squid3.html

Retrieved from "http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy"
Personal tools