I’ve talked about Squid before. Squid is a caching Web proxy, designed to improve network speed and conserve bandwidth by caching Web content locally. How much it helps you depends on how you use the Web in that particular environment, but it’s usually worthwhile, seeing as the software is either free or costs next to nothing (it comes with most Linux distributions) and it doesn’t take much hardware to run it. Don’t use your Pentium-75, but you can deploy a standard desktop PC as a Squid server and it’ll work fabulously, unless you’ve got thousands of PCs hitting it. For a thousand bucks, you can seriously reduce your traffic and chances are it’ll pay for itself fairly quickly.
And ironically, Squid integrates beautifully with Internet Explorer 5.0 and newer.
Here’s what you do. Build up a minimal Linux server. For this, I prefer TurboLinux 6.01–it’s more lightweight than the current version, and you can still get patches for it that keep it from being h4x0r h34v3n. Pick the minimum base install, then add Squid and Apache. Yes, you need Apache. We’ll talk about that in a minute. I don’t like to have anything else on a Squid box, because Squid tends to be a big memory, CPU, and disk hog. Keep your computing resources as free as possible to accomodate Squid. (For that reason it would probably be better under a 2.4 kernel using ReiserFS-formatted partitions but I didn’t have time to test that.)
Once Squid is installed, modify /etc/squid/squid.conf. You’ll find a pair of lines that read “allow localhost” and “deny all.” That allows Squid to work only for the local machine, which isn’t what we want. Assuming you’re behind a firewall (you should be, and if you’re not, I’ll help you make a really big banner that says, “Welcome, l337 h4x0r5!”), change the “deny all” line to read “allow all.”
Next, make sure Apache and Squid are running. Go to /etc/rc.d/rc3.d and make sure there are scripts present that start Apache (httpd) and Squid. If there aren’t, go to /etc/rc.d/init.d and make copies of the Apache and Squid scripts. Give them a name that starts with S and a number, e.g. S50httpd.
Next, let Squid build and configure the directories and logs it needs with the command squid -NCd1. No, I don’t know what the -NCd1 means. I found it in a forum somewhere.
Now, go to your DNS and add an entry called wpad.yourdomainname. How you do this depends on the DNS you use. Someone else handles those duties at my job, so I just had him do it. Point that to your squid server.
return “PROXY 192.168.10.50:3128”;
Substitute your Squid server’s IP address for 192.168.10.50.
What’s this do? Well, when IE is set to autodetect your Proxy settings, it goes looking for http://wpad.yourdomainname/wpad.dat, which tells it where to find the Proxy server. You could use any Web server you wanted; I just use the Squid server on the theory that if the Squid server is for whatever reason unavailable, a Web server running on the same machine is the most likely to also be unavailable, so IE won’t find it and won’t use a proxy, giving you a degree of failover.
The cool thing is, this combination of Apache and Squid works well, and can be quickly implemented with almost no work since Internet Explorer by default goes looking for a proxy and most people don’t uncheck that checkbox in the control panel.
We did this to reduce traffic on a T1 line for a short period of time (it saves us from needing to get multiple T1s) and so far we’re very impressed with the results. I recommend you try it.