May 24, 2021 That's what Linux should learn
Squid is one of the most popular high-performance proxy service software in Linux system, which is often used as a pre-cache service for Web sites, and can request and cache page data from the website server instead of users. S imply put, the Squid service program requests the required data from the site source server, pictures, etc. at the user's request, and stores the data returned by the server on the server running the Squid service program. When a user requests the same data again, the data on the storage server can be delivered directly to the user, which not only reduces the user's wait time, but also relieves the load on the site server.
Squid service program has the characteristics of simple configuration, high efficiency, rich functions, it can support HTTP, FTP, SSL and other protocols of data caching, can be based on access control list (ACL) and access list (ARL) to perform content filtering and rights management functions, but also based on a variety of conditions to prevent users from accessing threatening or inappropriate website resources, so it can protect the security of the intranet, improve the user's network experience, help save network bandwidth.
Because the cache agent service not only consumes the CPU computing performance, memory and hard disk hardware resources with more servers, but also needs a large network bandwidth to ensure the transmission efficiency of the data, which will cause a large network bandwidth overhead. Therefore, many IDC or CDN service providers in China will place cache proxy node servers in second- and third-tier cities to reduce operating costs.
When using the Squid service provider to provide a cache proxy service to the user, there is a split between forward proxy mode and reverse proxy mode.
The so-called forward proxy mode, refers to the user through the Squid service program to obtain site pages and other resources, as well as based on the access control list (ACL) function to restrict the user's access to the website behavior, in the specific service mode is divided into standard proxy mode and transparent proxy mode. T he standard forward proxy mode is to cache the website data to the server locally, improve the efficiency of the data resources when accessed again, but the user must fill in the proxy server's IP address and port number information in the browser and other software when surfing the Internet, otherwise the proxy service is not used by default. The role of transparent forward proxy mode is basically the same as that of standard forward proxy mode, the difference is that the user does not need to manually specify the proxy server's IP address and port number, so this proxy service is relatively transparent to the user.
The topology of using the Squid service provider to provide forward proxy services is shown in Figure 16-1. I f the host in the local area network wants to access the external network, it must be provided by the Squid server agent, so that when the Squid server receives the user's instructions, it will make a request to the outside, and then return the received data to the user who issued the instructions, thus realizing the user's agent's internet demand. In addition, from the topology map, it is not difficult to see that the host in the enterprise to access the Internet, must go through the company's gateway server, since this is a traffic must pass through, so enterprises will generally deploy Squid service programs to the company server location, and through the ACL (access control list) function later on the enterprise employees to audit and limit the Internet.
Figure 16-1 The Squid service provider provides a forward proxy service
Reverse proxy mode refers to allowing multiple node hosts to cache site data in reverse, thus speeding up user access. B ecause in general, the site will generally load a large number of text, pictures and other static resources, and they are relatively stable data information, when the user initiates the site page of these static resources access requests, we can use the Squid service provider to provide a reverse proxy mode to respond. Moreover, if there happens to be static resources that the user wants to access in the reverse proxy server, sending the cached static resources directly to the user not only speeds up the user's website access, but also reduces the load on the site server to some extent.
The topology of using the Squid service provider to provide a reverse proxy service is shown in Figure 16-2. W hen an extranet user tries to access a Web site, the actual request is processed by the Squid server. T he reverse proxy server delivers cached static resources faster to off-network users, speeding up the access of site pages to users. And because the static resource request in the site page data has been processed by Squid server, so the website server is responsible for dynamic data query on it, and thus reduce the load pressure of the website server in the server room.
The reverse proxy pattern provided by the Figure 16-2 Squid service provider
In summary, forward agent mode is generally used in enterprise LAN, so that enterprise users can access Internet resources through Squid services, which can not only reduce the cost of public network bandwidth to a certain extent, but also to the user access to the site content regulatory restrictions, once the intranet users access the site content and prohibited rules match, will automatically block the site. Reverse proxy mode is generally for large and medium-sized sites to provide caching services, it saves static resources in the site in the domestic multiple node rooms, when a user initiates a static resource access request, can be nearly assigned nodes for users and transfer resources, so it has been widely used in large and medium-sized sites.