About squid.conf

The "http_port" option will tell Squid to listen for incoming connections at a specified TCP port. For reverse proxy, this is the port number where you'd expect an actual Web server query, typically port 80/tcp.

"icp_port" for non-caching server and reverse proxy -- Disable this by setting this option as 0.

In the next three lines, we are suggesting no cache for reverse Squid proxy. First, based on ACLs, deny any caching. The "no_cache" line will deny caching based on any source ("src 0/0" in the "acl" line means any source IP address, effectively all traffic). Second, avoid creating any caching directory. The "cache_dir" statement is using "null" storage module to avoid having a caching directory altogether, otherwise you will at least need to create a cache infrastructure directory, even if you decide on no caching at all. Here, directory "/tmp" must exist, but no caching information will be written there. This step is optional.

"hosts_file" lets you specify a file that defines a host mapping known to the Squid server only. As per our setup, DNS is pointing www.mywebserver.xxx to the IP address of the Squid server (known to the Internet). However, the Squid server has to redirect the HTTP request to the real backend, mywebserver. The hosts_file associates a host name with the real IP address of the host. It is good to keep this Squid hosts_file separate from the system /etc/hosts file to avoid confusion. This file has the same syntax as the system /etc/hosts file.

"cache_effective_user" is the name of the user through which squid will run/process proxy requests. We have already created a "squid" user for this purpose.

The "visible_hostname" setting appears in Squid responses. Squid may refuse to run if this value is not set. This setting can be any string -- either a real hostname or just some text string.

"httpd_accel_host" is the IP address/hostname of the real Web server running behind Squid. If you are using a hostname, be sure a "hosts_file" variable is set up properly and is pointing to the correct file. "httpd_accel_port" is the port at which the real HTTP server is running. This can be different than port 80 (even if Squid is listening at port 80). If you are running Squid on the same server as the real Web server and Squid is listening at port 80, you may have to run a Web server on a different port, such as port 8080. In that case, your option may look like:

httpd_accel_host 127.0.0.1
httpd_accel_port 8080

If you are using Squid in front of more than one back end Web server, Squid should act as a virtual Web server and redirect requests as per the hostname appearing in the URL. (Just like when you set up virtual servers in Apache). In this case, the two options httpd_accel_host & httpd_accel_port should be replaced by the options below.

httpd_accel_host virtual httpd_accel_uses_host_header on #required for virtual hosts

These options will redirect incoming requests based on URL value. Suppose we are running two Web servers behind squid. These servers are known to the world as: http://www.mywebserver1.xxx and http://www.mywebserver2.xxx. Let's say the "hosts" file points to the real IP addresses of the Web servers as follows: 10.0.0.1 www.mywebserver1.xxx and 10.0.0.2 www.mywebserver2.xxx.

When squid receives these requests, the request to the first Web server will be forwarded to 10.0.0.1, which is running a Web server at port 80, and a request to the second Web server will be forwarded to 10.0.0.2 at port 80. Note that you should not use the "http_accel_port" variable here. The "httpd_accel_host virtual" setting will reveal the real Web server and port. I would prefer this option even if I were running squid for a single Web server. See "squid.conf" file for more on httpd_accel_* options.

"acl" and "http_access" are very important sections that will be discussed in detail later. This section will be used extensively to protect your Web server(s). Visit and understand this section in squid.conf file first.