download

Network Services—Internet ServersAnd the 'last' two parameters to consider are the number of first-level and secondleveldirectories that will be created under the cache directory, to hold the cachedobjects. This configuration creates 16 directories under the cache directory and alsocreates 256 directories under each of these 16 directories, which will run into a total4096 directories. Each directory holds 256 files that total up to more than a millionfiles that can be stored according to our configuration.Now that you have finished configuring disk parameters, you should initialize thecache directory for the first time by running the squid –z command. It will take afew seconds to set up the whole cache directory and the necessary database files forthe first time.Now you are set to start the squid for the first time:# /usr/local/etc/rc.d/squid startThis will start the squid process. Squid listens on TCP port 3128 for incomingrequests so that you can set up your client's web browser's proxy configuration tosend their http requests port 3128 of your host.However, Squid's default policies restrict all requests from other hosts for securityreasons. You should set up an access-list in the squid.conf file and specifyyour trusted networks that the Squid should accept requests from. The Squidconfiguration file already has a fine set of examples on setting up access-lists withdifferent parameters. A simple example of restricting access to a few subnets wouldlook like this:acl our_networks src 192.168.21.0/24 10.1.2.0/23http_access allow our_networkshttp_access deny allThis example shows how to restrict HTTP service access to a few subnets, and denyall other requests coming from other source addresses.Squid can also restrict access based on a few other parameters, such as time-basedrestrictions, TCP port numbers, and regular expressions in URLs. It can alsoauthenticate users to give different access-levels.[ 232 ]