Squid Nuggets Introduction

About me

My name is Eliezer Croitoru and I’m a Linux and Database systems administrator for the past 14 years. I have been a member of the Squid-Cache Users and Developers community for many year.

My contributions to the Squid-Cache community includes the StoreID feature, free users support on the mailing list and the unofficial public Enterprise Linux  distributions (CentOS, Oracle, Fedora, Rocky and Alma) RPM’s repository.

I have also developed a bunch of Squid external acl helpers and utilities over the years for many purposes and orginizations. One of the most well known projects I have assisted with is with mentoring  BGU students for the IEEE publication “Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality“.

local Mirror: RobustFingerprinting-TDSC

So what are these nuggets about?

Squid is a very complex piece of software and in it’s code embedded a lot of wisdom and effort which is there since 1985 and years back.

Over the years Squid was converted from C to C++ and a lot of helpers were written in many different programming and scripting languages. Each and every tiny piece of concept and idea when written in C or C++ is somehow going to require digging and archeological staff and work to understand and maybe re-design in the far future ( if at all). On my research of the Squid project over the years I learned a lot of things which I believe can be summarized for programmers, admins and engineers. For IT specialists the project can be an art show which they can observe and enjoy from the beauty of Computer Science.

Specifically I wanted to take Squid ACLs and SquidGuard internals and drill into them demonstrating with code (mainly using pesudo and ruby)  how their algorithms and implementations  can be re-written in modern languages.

I remember that a developer told me in the past the next sentence: “If you write it in perl it will work forever.” and it’s something which can be said on many higher level languages compared to much lower level languages. This with the AI platforms improvements in the couple years there is a possibility that many tools can be re-written much easily to achieve similar goals with less effort then in the past.

So the goal is to take piece of Squid and SquidGuard and share them as tasteful nugget snacks .

What is a Proxy Server and specifically HTTP proxy server?

Technically speaking a proxy server is a server that does a task for the client which is either the actual user or an organizational unit.

It can be a home, office, ISP or in much larger scales governments. And in this series I will focus on ACLs enforcement using Squid and other programs which Squid can delegate some aspects of the ACLs to them.

 

Prerequisites

To understand some of the content you are required to know some basics on “how the internet works” such as IP with it’s 7 layers and specific protocols such as DNS, HTTP and TLS. You need to also have the basic knowledge on how to use basic tools such as telnet or netcat and openssl or any other UI based equivalent.

Apart from that you must know some basic concepts of programming CLI( STDIN/STDOUT) based tools. If you know network programming then I hope it will be fun for you.

There are also couple concepts in Databases and Data Structures which are required so you would be able to appreciate the greatness of some of the simplest things which are embedded inside Squid and SquidGuard.

Some Additional resources

 

 

 

https://cs50.harvard.edu/x/2019/notes/5/

print