Re: [squid-users] Pessimal behavior with Windows Update (Long)

2005-06-28 Thread Richard 'toast' Russo 

On Mon, 27 Jun 2005, Brett Glass wrote:

4. Encourage Microsoft to modify Windows Update so that it can "discover" a 
server on which updates are preloaded or cached. Currently, SUS and WUS 
require modification to a client machine's registry; this is practical for 
organizations with IT staffs but not for ISPs. An ISP should be able to run a 
Web cache, FTP server, or Web server to which Windows updates are downloaded 
once and then distributed downstream. Microsoft has a financial incentive to 
do this, because its updates are currently distributed through Akamai (which 
undoubtedly charges it by the bit for downloads). Alas, we can't hold our 
breath waiting for Microsoft to do such a thing. Therefore, the modifications 
to Squid mentioned above are essential to providing an efficient solution -- 
not only to Windows Update issues but also to issues with similar updating 
systems from Intuit and other software vendors.




Not that this solves the general problem, but for your specific case, have 
you approached Akamai to request they put one of their caches in your 
facility?  Looking at this 
 
It looks like it shouldn't be too hard to get them to do that.



The first three of these items should be implemented as soon as possible, so 
that administrators of Squid caches can safely cache Microsoft's updates. Now 
that the largest of these have grown to more than 700 megabytes, the need is 
urgent.


--Brett Glass





--
Success! You are foaf http://openid.enslaves.us/

RE: [squid-users] Accelerator and ICP

2005-06-06 Thread Richard 'toast' Russo 

On Mon, 6 Jun 2005, Chris Robertson wrote:


-Original Message-
From: Richard 'toast' Russo [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 11:29 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Accelerator and ICP


I'm setting up a squid proxy to reduce load on a partner's origin servers.



Right now I have two machines, and am using Apache mod_proxy, because it
was quick to setup, but I'd like to switch to squid so I can check my
cache peer before going to the origin server, and also generate better
statistics.  (The partner really wants us to reduce the amount of traffic
going to their servers)

It looks like I definitely want to do something like

http_port 80
httpd_accel_host partner.example.org
httpd_accel_port 80

And maybe I need to add

httpd_accel_with_proxy on
cache_peer otherhost sibling 3128 3130

I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
servers up to proxy the world for everybody (especially if I don't write
good acls)

Would it be better to setup squid as a 'regular' proxy on port 3128, and
configure apache on port 80 to be an accelerator proxy using squid?

Thanks,

Richard


For what it's worth, good ACLs in this case (assuming that all this Squid is
doing is acceleration duty) would simply be something like:

  acl partner dst partner.example.org
  http_access deny !partner

Or if you don't like double negatives:

  acl partner dst partner.example.org
  http_access allow partner
  http_access deny all



Thanks, this is a lot simpler than I thought it would be. :)


Serving as an accelerator is much lighter duty for Squid than serving as a
general web cache.  While you could set the two boxes up as cache peers, I
don't think you would see much benefit, as each box should be able to cache
the entire website.  Cache peers are really useful when you have more to
cache than you can fit on one box (like the entire internet).



I need two boxes for redundancy.  And actually I'll need four boxes over 
two colos if this stays in production very much longer.  I'm hoping this 
cache is a temporary fix for some big configuration issues with our normal 
cache that are beyond my immediate control.  So far, our partners have 
seen a 50% reduction in traffic attributed to our site with two distinct 
caches... And the stats I've run suggest I can reduce that even further 
with the caches talking to each other.

[squid-users] Accelerator and ICP

2005-06-04 Thread Richard 'toast' Russo 
I'm setting up a squid proxy to reduce load on a partner's origin servers. 
Right now I have two machines, and am using Apache mod_proxy, because it 
was quick to setup, but I'd like to switch to squid so I can check my 
cache peer before going to the origin server, and also generate better 
statistics.  (The partner really wants us to reduce the amount of traffic 
going to their servers)


It looks like I definitely want to do something like

http_port 80
httpd_accel_host partner.example.org
httpd_accel_port 80

And maybe I need to add

httpd_accel_with_proxy on
cache_peer otherhost sibling 3128 3130

I'm worried that by adding httpd_accel_with_proxy on, I may be opening my 
servers up to proxy the world for everybody (especially if I don't write 
good acls)


Would it be better to setup squid as a 'regular' proxy on port 3128, and 
configure apache on port 80 to be an accelerator proxy using squid?


Thanks,

Richard