Nginx as a proxy server for a local network
I’m currently using squid as a proxy server for my local network, but I’m not entirely satisfied with it. Is Nginx also suitable for use as a proxy server on a local network? Is it actively being used for this purpose?
asked Jan 18 ’15 at 19:36
nginx can be considered a “reverse” proxy (due to its “upstream servers” functionality)…. when in this role, it is effectively a “load balancer”.
a “normal” proxy, such as squid proxy, socks, etc. fetches content on end user behalf, and sits in front of end users, making TCP/IP calls out to the internet web servers and ideally caching content.
nginx, when run as a reverse proxy, sits in front of server endpoints, usually load balancing between them…. therefore “reverse”… do not applicable to your needs.
Squid is going to be your best bet for a “regular” proxy… a proxy that gets and caches content for your endusers that sit behind it.
Dave M4, 48421 gold badges29 silver badges30 bronze badges
answered Jan 18 ’15 at 20:51
nandoPnandoP1, 94113 silver badges15 bronze badges
NGINX is many things, actually. It can be configured as both reverse or forward (“normal”) proxy.
The following is the list of application functions (capabilities) of NGINX:
Web Proxy (Reverse or Forward)
API Proxy
Web server
Load Balancer
WAF (Web Application Firewall)
Content cache
HTTP/2 gateway
TLS termination point
If you need 3 or more of these capabilities, I would go with NGINX, otherwise other solutions that offer one or two of these functions may be more appropriate (but requirements do change over time and in that regard NGINX, which is a small footprint component, may offer flexibility and satisfy future-state points of evolution).
answered Mar 21 ’19 at 18:20
BranBran312 bronze badges
Nginx is a web server… so it is not being used to replace squid very frequently;)
(Nginx proxy mode is different, it is used basically to transfer requests to another server)
answered Jan 18 ’15 at 20:17
laurentlaurent2, 02516 silver badges13 bronze badges
As the other posters pointed out, nginx is a reverse proxy. This means it looks like a web server, and sits in front of other web servers that you would host. This isn’t suitable for forward proxying (users on your LAN going out to the Internet).
If you’re not satisfied with squid and you’re open to a Windows platform, you could try an alternative, such as WinGate. Disclaimer, I work for Qbik who are the authors of WinGate
answered Jun 7 ’16 at 8:37
AdrienAdrien2671 silver badge6 bronze badges
2
Not the answer you’re looking for? Browse other questions tagged nginx squid or ask your own question.
How to Use NGINX as an HTTPS Forward Proxy Server
How to Use NGINX as an HTTPS Forward Proxy Server – Alibaba Cloud Community
This article describes two methods for using NGINX as the forward proxy for HTTPS traffic. It also explains the application scenarios and main problems related to these methods.
NGINX was initially designed as a reverse proxy server. However, with continuous development, NGINX also serves as one of the options to implement the forward proxy. The forward proxy itself is not complex, the key issue it addresses is how to encrypt HTTPS traffic. This article describes two methods for using NGINX as the forward proxy for HTTPS traffic, as well as their application scenarios and principal problems.
Classification of HTTP/HTTPS Forward Proxy
To begin with, let’s take a closer look at the classification of the forward proxy.
Classification Basis: Whether the Proxy is Transparent to the Client
Common Proxy: Here, the proxy address and port are manually configured in the browser or system environment variables on the client. For example, when you specify the IP address and port 3128 of the Squid server on the client.
Transparent Proxy: There is no need for the proxy settings on the client. The “proxy” role is transparent to the client. For example, a Web Gateway device on an enterprise network is a transparent proxy.
Classification Basis: Whether the Proxy Encrypts HTTPS
Tunnel Proxy: This is a proxy that transparently transmits traffic. The proxy server specifically transmits the HTTPS traffic over TCP transparently. It does not decrypt or perceive the specific content of its proxy traffic. The client performs direct TLS/SSL interaction with the target server. This article describes the NGINX proxy mode pertaining to this type.
Man-in-the-Middle (MITM) Proxy: The proxy server decrypts HTTPS traffic, uses a self-signed certificate to complete the TLS/SSL handshake with the client, and completes normal TLS interaction with the target server. Two TLS/SSL sessions are set up on the client-proxy-server link.
Note: In this case, the client actually obtains the self-signed certificate of the proxy server in the TLS handshake process, and verification of the certificate chain is unsuccessful by default. The Root CA certificate among the proxy self-signed certificates must be trusted on the client. Therefore, the client is aware of the proxy in this process. A transparent proxy is achieved if the self-signed Root CA certificate is pushed to the client, which is implemented in the internal environment of an enterprise.
The Need For Special Processing When the Forward Proxy Processes HTTPS Traffic
While serving as a reverse proxy, the proxy server usually terminates HTTPS encrypted traffic and forwards it to the backend instance. Encryption, decryption, and authentication of HTTPS traffic occur between the client and the reverse proxy server.
On the other hand, when acting as a forward proxy and processing the traffic sent by the client, the proxy server doesn’t see the target domain name in the URL requested by the client since the HTTP traffic is encrypted and encapsulated in TLS/SSL, as shown in the following figure. Therefore, unlike HTTP traffic, HTTPS traffic requires some special processing during proxy implementation.
NGINX Solution
According to the classification in the preceding sections, when NGINX is used as the HTTPS proxy, the proxy is a transparent transmission (tunnel) proxy, which neither decrypts nor perceives the upper layer traffic. Specifically, two NGINX solutions are available: Layer 7 (L7) and Layer 4 (L4). The following sections describes these solutions in detail.
HTTP CONNECT Tunnel (L7 Solution)
Historical Background
As early as 1998 when TLS was still not formally available, Netscape, which promoted the SSL protocol, proposed using the Web proxy for the tunneling of SSL traffic. The core idea is to use the HTTP CONNECT request to establish an HTTP CONNECT tunnel between the client and the proxy. The CONNECT request must specify the target host and port that the client needs to access. The original diagram in INTERNET-DRAFT is as follows:
For more information about the entire process, refer to the diagram in the HTTP: The Definitive Guide. The following steps briefly outlines the process.
1) The client sends an HTTP CONNECT request to the proxy server. 2) The proxy server uses the host and port information in the HTTP CONNECT request to establish a TCP connection with the target server. 3) The proxy server returns an HTTP 200 response to the client. 4) The client establishes an HTTP CONNECT tunnel with the proxy server. After HTTPS traffic arrives at the proxy server, the proxy server transparently transmits HTTPS traffic to the remote target server through the TCP connection. The proxy server only transparently transmits HTTPS traffic and does not decrypt HTTPS traffic.
ngx__proxy_connect_module
As a reverse proxy server, NGINX does not officially support the HTTP CONNECT method. However, thanks to the modular and scalable features of NGINX, Alibaba @chobits provides the ngx__proxy_connect_module connect module (content in Chinese) to support the HTTP CONNECT method, to extend NGINX as a forward proxy.
Environment Building
Considering CentOS 7 environment as an example, let’s take a look at the process in detail.
1) Environment Installation
For new environment installation, refer to the common installation steps (content in Chinese) for installing the ngx__proxy_connect_module connect module.
Install the patch for the corresponding version, and add the –add-module=/path/to/ngx__proxy_connect_module parameter under the “configure” command, as shown in the following example.. /configure
–user=www
–group=www
–prefix=/usr/local/nginx
–with-_ssl_module
–with-_stub_status_module
–with-_realip_module
–with-threads
–add-module=/root/src/ngx__proxy_connect_module
Also, add ngx__proxy_connect_module for the existing environments as shown below.
# 停止NGINX服务
# systemctl stop nginx
# 备份原执行文件
# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/
# 在源代码路径重新编译
# cd /usr/local/src/nginx-1. 16. 0. /configure
# make
# 不要make install
# 将新生成的可执行文件拷贝覆盖原来的nginx执行文件
# cp objs/nginx /usr/local/nginx/sbin/nginx
# /usr/bin/nginx -V
nginx version: nginx/1. 0
built by gcc 4. 8. 5 20150623 (Red Hat 4. 5-36) (GCC)
built with OpenSSL 1. 2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: –user=www –group=www –prefix=/usr/local/nginx –with-_ssl_module –with-_stub_status_module –with-_realip_module –with-threads –add-module=/root/src/ngx__proxy_connect_module
2) Configure File
Execute the following commands to configure the file.
server {
listen 443;
# dns resolver used by forward proxying
resolver 114. 114. 114;
# forward proxy for CONNECT request
proxy_connect;
proxy_connect_allow 443;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
# forward proxy for non-CONNECT request
location / {
proxy_pass $host;
proxy_set_header Host $host;}}
Application Scenarios
In the L7 solution, the HTTP CONNECT request must establish a tunnel, and therefore, the proxy server is a common proxy that the client must perceive. Manually configure the IP address and port of the HTTP(S) proxy server on the client. Access the client using the “-x” parameter of cURL as shown below.
# curl -svo /dev/null -x 39. 105. 196. 164:443
* About to connect() to proxy 39. 164 port 443 (#0)
* Trying 39. 164…
* Connected to 39. 164 (39. 164) port 443 (#0)
* Establish HTTP proxy tunnel to > CONNECT HTTP/1. 1
> Host: > User-Agent: curl/7. 29. 0
> Proxy-Connection: Keep-Alive
>
< HTTP/1. 1 200 Connection Established
< Proxy-agent: nginx
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject:, O="Beijing Baidu Netcom Science Technology Co., Ltd", OU=service operation department, L=beijing, ST=beijing, C=CN...
> GET / HTTP/1. 1
> User-Agent: curl/7. 0
> Host: > Accept: */*
< HTTP/1. 1 200 OK...
{ [data not shown]
The preceding details printed by the "-v" parameter indicate that the client first establishes an HTTP CONNECT tunnel with the proxy server 39. 164. Once the proxy replies with "HTTP/1. 1 200 Connection Established", the client initiates a TLS/SSL handshake and sends traffic to the server.
NGINX Stream (L4 Solution)
Since the upper-layer traffic is transparently transmitted, the critical question that arises here, is whether NGINX should serve as an "L4 proxy" to implement completely transparent transmission of protocols above TCP/UDP. The answer is yes. NGINX 1. 9. 0 or later supports ngx_stream_core_module. This module is not built by default. Add the -- with-stream option under the configure command to enable this module.
Common Problems
Using NGINX stream as a proxy of the HTTPS traffic at the TCP layer, leads to the same problem mentioned at the beginning of this article: the proxy server does not obtain the target domain name that the client wants to access. This happens because the information obtained at the TCP layer is limited to the IP address and port, without obtaining the domain name. To obtain the target domain name, the proxy must be able to extract the domain name from the upper-layer packets. Therefore, NGINX stream is not an L4 proxy in a strict sense, and it must seek help from the upper layer to extract the domain name.
ngx_stream_ssl_preread_module
In order to obtain the target domain name of HTTPS traffic without decrypting HTTPS traffic, the only method is to use the SNI field contained in the first ClientHello packet during the TLS/SSL handshake. Starting from the version 1. 11. 5, NGINX supports ngx_stream_ssl_preread_module. This module helps to obtain SNI and ALPN from the ClientHello packet. For a L4 forward proxy, the ability to extract SNI from the ClientHello packet is crucial, otherwise the NGINX stream solution will not be implemented. This, however, also brings a restriction that all clients must include the SNI field in the ClientHello packets during the TLS/SSL handshake. Otherwise, the NGINX stream proxy wouldn't know the target domain name that the client needs to access.
For the newly installed environment, refer to the common installation steps (content in Chinese), and directly add the --with-stream, --with-stream_ssl_preread_module, and --with-stream_ssl_module options under the "configure" command. Consider the example below for better understanding.. /configure
--with-stream
--with-stream_ssl_preread_module
--with-stream_ssl_module
Add the preceding three stream-related modules for already installed and compiled environments as shown below.
# cd /usr/local/src/nginx-1. 0
#. /configure
# nginx -V
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-_ssl_module --with-_stub_status_module --with-_realip_module --with-threads --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module
Unlike HTTP, configure NGINX stream in the stream block. Though, the command parameters are similar to those of the HTTP block. The following snippet shows the main configuration.
stream {
ssl_preread on;
proxy_connect_timeout 5s;
proxy_pass $ssl_preread_server_name:$server_port;}}
As L4 forward proxy, NGINX basically transparently transmits traffic to the upper layer, and does not require HTTP CONNECT to establish a tunnel. Therefore, the L4 solution is suitable for the transparent proxy mode. For example, when the target domain name is directed to the proxy server by means of DNS resolution, it require simulating the transparent proxy mode by binding /etc/hosts to the client.
The following snippet shows the commands on the client:
cat /etc/hosts...
# 把域名定到正向代理服务器39. 164
39. 164
# 正常利用curl来访问可。
# curl -svo /dev/null
* About to connect() to port 443 (#0)
* Connected to (39. 164) port 443 (#0)
* subject:, O="Beijing Baidu Netcom Science Technology Co., Ltd", OU=service operation department, L=beijing, ST=beijing, C=CN
* start date: 5月 09 01:22:02 2019 GMT
* expire date: 6月 25 05:31:02 2020 GMT
* common name:
* issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
< HTTP/1. 1 200 OK
< Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Connection: Keep-Alive
< Content-Length: 2443
< Content-Type: text/html
< Date: Fri, 21 Jun 2019 05:46:07 GMT
< Etag: "5886041d-98b"
< Last-Modified: Mon, 23 Jan 2017 13:24:45 GMT
< Pragma: no-cache
< Server: bfe/1. 18
< Set-Cookie: BDORZ=27315; max-age=86400;; path=/
* Connection #0 to host left intact
Now, let's take a quick look at the key problems concerning the L4 solution.
1) Access attempt failure due to the manual proxy settings on the client.
The L4 forward proxy transparently transmits the upper-layer HTTPS traffic and does not require HTTP CONNECT to establish a tunnel. Thus, it is unnecessary to set the HTTP(S) proxy on the client. Critical question is whether manually setting the HTTP(S) proxy on the client, ensures a successful access attempt. Use the "-x" parameter of cURL to set the forward proxy server and test the access to this server. The following snippet shows the result.
* Proxy CONNECT aborted
* Connection #0 to host 39. 164 left intact
The result indicates that the client tries to establish an HTTP CONNECT tunnel before NGINX. However, as NGINX transparently transmits the traffic, the CONNECT request is directly forwarded to the target server. The target server does not accept the CONNECT method. Therefore, "Proxy CONNECT aborted" reflects in the above snippet, resulting in an access failure.
2) Access attempt failure as the client does not include SNI in the ClientHello packet.
As mentioned earlier, when NGINX stream is used as a forward proxy, it is crucial to use ngx_stream_ssl_preread_module to extract the SNI field from ClientHello. If the client does not include SNI in the ClientHello packet, the proxy server wouldn't know the target domain name, resulting in an access failure.
In transparent proxy mode (simulated by manually binding hosts), use OpenSSL for simulation on the client.
# openssl s_client -connect -msg
CONNECTED(00000003)
>>> TLS 1. 2 [length 0005]
16 03 01 01 1c
>>> TLS 1. 2 Handshake [length 011c], ClientHello
01 00 01 18 03 03 6b 2e 75 86 52 6c d5 a5 80 d7
a4 61 65 6d 72 53 33 fb 33 f0 43 a3 aa c2 4a e3
47 84 9f 69 8b d6 00 00 ac c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00
6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00
87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0
05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0
23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00
40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00
99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0
2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00
96 00 41 c0 12 c0 08 00 16 00 13 00 10 00 0d c0
0d c0 03 00 0a 00 07 c0 11 c0 07 c0 0c c0 02 00
05 00 04 00 ff 01 00 00 43 00 0b 00 04 03 00 01
02 00 0a 00 0a 00 08 00 17 00 19 00 18 00 16 00
23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05
01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03
03 02 01 02 02 02 03 00 0f 00 01 01
140285606590352:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib. c:177:
—
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 289 bytes
⋯
OpenSSL s_client does not include SNI by default. As the snippet shows, the preceding request terminates in the TLS/SSL handshake phase after ClientHello is sent. This occurs because the proxy server does not know the target domain name where ClientHello should be forwarded.
Using OpenSSL with the “servername” parameter to specify SNI, results in successful access.
# openssl s_client -connect -servername
Conclusion
This article describes two methods for using NGINX as the forward proxy for HTTPS traffic. It summarizes the principles, environment building requirements, application scenarios, and key problems of the solutions where NGINX acts as the HTTPS forward proxy using the HTTP CONNECT tunnel and NGINX stream. This article serves as a reference while you use NGINX as a forward proxy in various scenarios.
7 posts | 4 followers
Follow
You may also like
Comments
Web Hosting Solution
Explore Web Hosting solutions that can power your personal website or empower your online business.
Learn More
ECS(Elastic Compute Service)
An online computing service that offers elastic and secure virtual cloud servers to cater all your cloud hosting needs.
Quick Starts
Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.
Security Solution
Alibaba Cloud is committed to safeguarding the cloud security for every business.
Learn More
Squid (software) – Wikipedia
SquidDeveloper(s)Duane Wessels, Henrik Nordström, Amos Jeffries, Alex Rousskov, Francesco Chemolli, Robert Collins, Guido Serassio and volunteers[1]Initial releaseJuly 1996Stable release4. 15[2]
/ 10 May 2021; 4 months agoRepository inC++Operating systemBSD, Linux, Unix, Windows[3]TypeProxy serverLicenseGNU GPLv2[4]Website
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, [6] TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support.
Squid was originally designed to run as a daemon on Unix-like systems. A Windows port was maintained up to version 2. 7. New versions available on Windows use the Cygwin environment. [7] Squid is free software released under the GNU General Public License.
History[edit]
Squid was originally developed as the Harvest object cache, [8] part of the Harvest project at the University of Colorado Boulder. [9][10] Further work on the program was completed at the University of California, San Diego and funded via two grants from the National Science Foundation. [11] Duane Wessels forked the “last pre-commercial version of Harvest” and renamed it to Squid to avoid confusion with the commercial fork called Cached 2. 0, which became NetCache. [12][13] Squid version 1. 0. 0 was released in July 1996. [12]
Squid is now developed almost exclusively through volunteer efforts.
Basic functionality[edit]
After a Squid proxy server is installed, web browsers can be configured to use it as a proxy HTTP server, allowing Squid to retain copies of the documents returned, which, on repeated requests for the same documents, can reduce access time as well as bandwidth consumption. This is often useful for Internet service providers to increase speed to their customers, and LANs that share an Internet connection. Because the caching servers are controlled by the web service operator, caching proxies do not anonymize the user and should not be confused with anonymizing proxies.
A client program (e. g. browser) either has to specify explicitly the proxy server it wants to use (typical for ISP customers), or it could be using a proxy without any extra configuration: “transparent caching”, in which case all outgoing HTTP requests are intercepted by Squid and all responses are cached. The latter is typically a corporate set-up (all clients are on the same LAN) and often introduces the privacy concerns mentioned above.
Squid has some features that can help anonymize connections, such as disabling or changing specific header fields in a client’s HTTP requests. Whether these are set, and what they are set to do, is up to the person who controls the computer running Squid. People requesting pages through a network which transparently uses Squid may not know whether this information is being logged. [14] Within UK organisations at least, users should be informed if computers or internet connections are being monitored. [15]
Reverse proxy[edit]
The above setup—caching the contents of an unlimited number of webservers for a limited number of clients—is the classical one. Another setup is “reverse proxy” or “webserver acceleration” (using _port 80 accel vhost). In this mode, the cache serves an unlimited number of clients for a limited number of—or just one—web servers.
As an example, if is a “real” web server, and is the Squid cache server that “accelerates” it, the first time any page is requested from, the cache server would get the actual page from, but later requests would get the stored copy directly from the accelerator (for a configurable period, after which the stored copy would be discarded). The end result, without any action by the clients, is less traffic to the source server, meaning less CPU and memory usage, and less need for bandwidth. This does, however, mean that the source server cannot accurately report on its traffic numbers without additional configuration, as all requests would seem to have come from the reverse proxy. A way to adapt the reporting on the source server is to use the X-Forwarded-For HTTP header reported by the reverse proxy, to get the real client’s IP address.
It is possible for a single Squid server to serve both as a normal and a reverse proxy simultaneously. For example, a business might host its own website on a web server, with a Squid server acting as a reverse proxy between clients (customers accessing the website from outside the business) and the web server. The same Squid server could act as a classical web cache, caching HTTP requests from clients within the business (i. e., employees accessing the internet from their workstations), so accelerating web access and reducing bandwidth demands.
Media-range limitations[edit]
For example, a feature of the HTTP protocol is to limit a request to the range of data in the resource being referenced. This feature is used extensively by video streaming websites such as YouTube, so that if a user clicks to the middle of the video progress bar, the server can begin to send data from the middle of the file, rather than sending the entire file from the beginning and the user waiting for the preceding data to finish loading.
Partial downloads are also extensively used by Microsoft Windows Update so that extremely large update packages can download in the background and pause halfway through the download, if the user turns off their computer or disconnects from the Internet.
The Metalink download format enables clients to do segmented downloads by issuing partial requests and spreading these over a number of mirrors.
Squid can relay partial requests to the origin web server. In order for a partial request to be satisfied at a fast speed from cache, Squid requires a full copy of the same object to already exist in its storage.
If a proxy video user is watching a video stream and browses to a different page before the video completely downloads, Squid cannot keep the partial download for reuse and simply discards the data. Special configuration is required to force such downloads to continue and be cached. [16]
Supported operating systems[edit]
Squid can run on the following operating systems:
AIX
BSDI
Digital Unix
FreeBSD
HP-UX
IRIX
Linux
macOS
NetBSD
NeXTStep
OpenBSD
OS/2 (including ArcaOS and eComStation)[17]
SCO OpenServer
Solaris
UnixWare
Windows[18]
See also[edit]
Web accelerator which discusses host-based HTTP acceleration
Proxy server which discusses client-side proxies
Reverse proxy which discusses origin-side proxies
Comparison of web servers
References[edit]
^ “Who looks after the Squid project? “.
^ “Squid version 4”. Retrieved 5 June 2021.
^ “What is the Best OS for Squid? “.
^ “Squid License”.
^ “Squid Project Logo”. Retrieved 6 July 2014.
^ “Squid FAQ: About Squid”. 13 February 2007. Archived from the original on 29 December 2007. Retrieved 13 February 2007.
^ “Squid 3. 5 for Windows”. February 2019. Current build is based on Squid 3. 5. 1 build for Cygwin Windows 64 bit
^ Bowman, Peter B. Danzig, Darren R. Hardy, Udi Manper, Michael F. Schwartz, The Harvest information discovery and access system, Computer Networks and ISDN Systems, Volume 28, Issues 1–2, December 1995, Pages 119–125. doi:10. 1016/0169-7552(95)00098-5
^ Squid intro, on the Squid website
^ Harvest cache now available as an “d accelerator”, by Mike Schwartz on the -wg mailing list, Tue, 4 April 1995, as forwarded by Brian Behlendorf to the Apache HTTP Server developers’ mailing list
^ “Squid Sponsors”. Archived from the original on 11 May 2007. Retrieved 13 February 2007. The NSF was the primary funding source for Squid development from 1996–2000. Two grants (#NCR-9616602, #NCR-9521745) received through the Advanced Networking Infrastructure and Research (ANIR) Division were administered by the University of California San Diego
^ a b Duane Wessels Squid and ICP: Past, Present, and Future, Proceedings of the Australian Unix Users Group. September 1997, Brisbane, Australia
^ “”. Archived from the original on 12 November 1996. Retrieved 7 August 2012.
^ See the documentation for header_access and header_replace for further details.
^ See, for example, Computer Monitoring In The Workplace and Your Privacy
^ “Squid Configuration Reference”. Retrieved 26 November 2012.
^ OS/2 Ports by Paul Smedley, OS/2 Ports
^
Further reading[edit]
Wessels, Duane (2004). Squid: The Definitive Guide. O’Reilly Media. ISBN 978-0-596-00162-9.
Saini, Kulbir (2011). Squid Proxy Server 3. 1: Beginner’s Guide. Packt Publishing. ISBN 978-1-849-51390-6.
External links[edit]
Official website
Squid Blog
Squid User’s Guide
Squid Transparent Proxy For DD-WRT
Squid reverse proxy — Create a reverse proxy with Squid
Configuration Manual — ViSolve Squid Configuration Manual Guide
Configuration Manual — Authoritative Squid Configuration Options
“Solaris Setup”. Archived from the original on 15 January 2008. — Setup squid on solaris
SQUID – Installation on CentOS, Fedora and Red Hat
Frequently Asked Questions about squid vs nginx forward proxy
Can Nginx be a forward proxy?
NGINX was initially designed as a reverse proxy server. However, with continuous development, NGINX also serves as one of the options to implement the forward proxy. The forward proxy itself is not complex, the key issue it addresses is how to encrypt HTTPS traffic.Feb 6, 2020
Is squid a forward proxy?
Squid is a caching and forwarding HTTP web proxy. … Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support.
What is forward proxy?
A forward proxy is the most common form of a proxy server and is generally used to pass requests from an isolated, private network to the Internet through a firewall. Using a forward proxy, requests from an isolated network, or intranet, can be rejected or allowed to pass through a firewall.