Configuring HTTP Caching

  

Figure 4.27: The HTTP Caching Setup Screen

The HTTP Caching Setup Screen (Figure 4.27) allows you to configure various parameters that control how the firewall will perform HTTP caching (if at all). HTTP caching can be explicitly enabled, or may occur implicitly if HTML content filtering is enabled.

The fields in this screen are:

Run Caching Web Server

Setting this toggle to YES causes the firewall to run a Squid caching proxy server. Users who have access to HTTP must then configure their browsers to use this proxy server, rather than connecting directly. Running a caching proxy can help to reduce the amount of HTTP traffic passing through the firewall. It is also necessary if you wish to use an external caching proxy (as required by some ISPs).

On Port

This field lets you specify the port on which the caching proxy server should listen for requests.

Cache Size

This field lets you specify the maximum amount of diskspace (in megabytes) that will be used by the caching proxy server to cache web pages.

You can use F4 to bring up a list of external upstream caches that your caching proxy should chain to, if required.

  

Figure 4.28: The Parent and Sibling Cache Setup Screen

The Parent and Sibling Cache Setup Screen (Figure 4.28) allows you to configure the Squid caching HTTP proxy to make use of external upstream or neighbour caches. These may be other Squid caches, or other types of caching proxies.

For each external cache host, you need to specify the hostname and the TCP port on which it listens for requests. If the external cache supports the ICP protocol then you can also specify the UDP ICP port (which should typically be 3130) and whether it is a sibling or a parent. If the external cache does not support ICP then you should set the ICP port to the default value of zero, and specify that it is a parent cache, not a sibling. It's usually a good idea to specify one or more parent caches operated by your ISP.

ICP is used to check whether a cached copy of a web page is available from a parent or sibling cache. If the other cache is a sibling and reports that a cached copy is not available, then the page will not be fetched from the sibling. If the other cache is a parent, then the page might be fetched from the parent even if a cached copy is not immediately available.