Search squid archive

Re: Should I see a massive slowdown when chaining squid => privoxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/06/11 08:16, Harry Putnam wrote:

Setup: Gentoo linux OS on squid and privoxy home lan server
        Squid-3.1.12
        privoxy-3.0.17

I'm not running an html server, just trying to use squid and privoxy
for my own browsing.

I'm attempting to get started with squid and privoxy.  So far using
nearly original config files in both cases.

First I tried just using privoxy without squid and that seemed to work
OK.

I set the privoxy listen-address in /etc/privoxy/config like:

   listen-address  192.168.0.2:8118
(The address of a gmane box on the lan)


I was not able to access gmail thru a firefox gadget but could get
gmail directly alright.  But other than that, No real noticeable
change in browsing speed as against NO proxy at all.


I then  used this website to help setup squid:
     https://www.antagonism.org/web/squid-proxy.shtml

And did the things suggested there.

Chaining in this direction:
   Browser ->  Squid ->  Privoxy ->  Privoxy's IP ->  Public Internet

Adding squid into the mix... I Added these two lines to the end of
squid.conf:

   cache_peer 192.168.0.2 parent 8118 0 default no-query no-digest no-netdb-exchange
   never_direct allow all

And uncommented these lines in squid.conf:

   acl localnet src 192.168.0.0/24	# RFC1918 possible internal network

   header_access From deny all
   header_access Referer deny all
   header_access Server deny all



   header_access User-Agent deny all
   header_access WWW-Authenticate deny all


I kind of doubt you actually want these two above.
The first hides your browser from website (okay so you *might* want that one) which will make many of teh modern browser sniffing websites simply not work. The second blocks website authentication from working. It is a manual process by you whether you let the browser login in the first place. Preventing you from ever choosing Yes to that seems a bit extreme.
NOTE: with Squid-3.1 these are also split into request_header_access and reply_header_access directives. Run "squid -k parse" to see if there are any other easily detectable bad problems in the config. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.8 and 3.1.12.2
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux