Squid_ The Definitive Guide - Duane Wessels [27]
If you start Squid as root without setting cache_effective_user, Squid uses nobody as the default value. Whatever user ID you choose for Squid, make sure it has read access to the files installed in $prefix/etc, $prefix/libexec, and $prefix/share. The user ID must also have write access to the log files and cache directory.
Squid also has a cache_effective_group directive, but you probably don't need to set it. By default, Squid uses the cache_effective_user's default group (from the password file).
Port Numbers
The http_port directive tells Squid which port number to listen on for HTTP requests. The default is port 3128:
http_port 3128
If you are running Squid as a surrogate (see Chapter 15), you should probably set this to 80.
You can instruct Squid to listen on multiple ports with additional http_port lines. This is often useful if you must support groups of clients that have been configured differently. For example, the browsers from one department may be sending requests to port 3128, while another department uses port 8080. Simply list both port numbers as follows:
http_port 3128
http_port 8080
You can also use the http_port directive to make Squid listen on specific interface addresses. When Squid is used on a firewall, it should have two network interfaces: one internal and one external. You probably don't want to accept HTTP requests coming from the external side. To make Squid listen on only the internal interface, simply put the IP address in front of the port number:
http_port 192.168.1.1:3128
Log File Pathnames
I'll discuss all the details of Squid's log files in Chapter 13. For now the only thing you may need to worry about is where you want Squid to put its log files. The default location is a directory named logs under the installation prefix. For example, if you don't use the —prefix= option with ./configure, the default log file directory is /usr/local/squid/var/logs.
You need to make sure that log files are stored on a disk partition with enough space. When Squid receives a write error for a log file, it exits and restarts. The primary reason for this behavior is to grab your attention. Squid wants to make sure you don't miss any important logging information, especially if your system is being abused or attacked.
Squid has three main log files: cache.log, access.log, and store.log. The first of these, cache.log, contains informational and debugging messages. When you start Squid the first few times, you should closely watch this file. If Squid refuses to run, the reason is probably at the end of cache.log. Under normal conditions, this log file doesn't become large enough to warrant any special attention. Also note that if you start Squid with the -s option, the important cache.log messages are also sent to your syslog daemon. You can change the location for this log file with the cache_log directive:
cache_log /squid/logs/cache.log
The access.log file contains a single line for each client request made to Squid. On average, each line is about 150 bytes. In other words, it takes about 150 MB to log one million client requests. Use the cache_access_log directive to change the location of this log file:
cache_access_log /squid/logs/access.log
If, for some reason, you don't want Squid to log client requests, you can specify the log file pathname as /dev/null.
The store.log file is probably not very useful to most cache administrators. It contains a record for each object that enters and leaves the cache. The average record size is typically 175-200 bytes. However, Squid doesn't create an entry in store.log for cache hits, so it contains fewer records than access.log. Use the cache_store_log directive to change the location:
cache_store_log /squid/logs/store.log
You can easily disable store.log altogether by specifying the location as none:
cache_store_log none
If you're not careful, Squid's