Squid: The Definitive Guide by Duane Wessels is a great book for someone with aspirations of setting up and getting the most out of Squid. It is lengthy at just over 400 pages, but that is to be expected and desired in O'Reilly's "The Definitive Guide" series. One point worth mentioning is that Duane Wessels (the author, for those with short synaptic cycles) is the one who started Squid and still works on it today. Each chapter builds nicely on subsequent chapters, so there isn't any skipping around. If you're just looking to set it and forget it, this book is probably not for you. Otherwise, read on.

The first three chapters are pretty basic: history of Squid, downloading then installing. For those with no concern of going through downloading and installing, there is a nice section describing each configure switch and, while weighing in at a healthy 48 options, it may be helpful to have this as a reference.

Chapter Four, Configuration Guide For the Eager, is an often desired, but often left out chapter in technical books. By just reading chapters one through four, it is possible to have a fully functional setup of Squid, albeit not very secure or ready for the pounding of the masses. You will, however, begin to understand how Squid operates. This chapter discusses the most often used settings, such as: minimum/maximum size of cached objects, log files and ACLs to restrict addresses, etc.

Chapter Five, Running Squid, covers what you expect. It includes such topics as, boot scripts, chrooting and rotating log files. Again, basic stuff, but necessary for the sake of completeness.

Chapter Six, All About Access Controls, covers one of Squid's major powers and attractions, access controls. ACLs give the administrator extremely fine-grained tuning. Some of the choice highlights for limiting access to addresses/domains include, but not limited to: filter by subnet, MAC, IP address or administrator assigned group. Furthermore, regular expressions can be used to filter URLs or URIs. A most likely seldom used, but very cool, feature is the ability to filter by BGP AS (Border Gateway Protocol Autonomous System) numbers. HTTP request methods such as POST, PUT, DELETE, etc. can also be filtered. Filtering by time or restricting access by user name is also supported. Each topic is assiduously explained and leaves little to be desired.

Chapters Seven and Eight cover disk caching with chapter Seven being basic material and then Eight covering more advanced topics. Discussions on object pruning, size limits, cache replacement policies and many other cache optimizations are covered in these chapters and are necessary to thoroughly understand if you are situated in a relatively large environment or just want to squeeze every bit of performance from your Squid.

Chapter Nine, Interception Caching, covers transparent proxying. This chapter discusses the benefits (no need to configure clients) and drawbacks (cannot do user authentication) of implementing such a system. It then goes on to discuss how to configure Alteon/Nortel, Foundry, Extreme Networks, Arrowpoint, iptables, pf and ipfw to perform the routing to the Squid box.

Chapter ten, Talking to other Squids

Scalability is another favorable attribute of Squid. Running in parallel with previous chapters, this chapter details the advantages (load balancing and increasing your cache hits) and the disadvantages (security problems with having to trust neighboring Squids) of a caching hierarchy. In addition, it explains how to configure connect timeouts and other tweaks to keep Squids aware of when their siblings are down.

Chapter eleven, Redirectors, covers another great attribute of Squid. Redirectors can be used, among other possibilities, to remove advertisements in web pages or rewrite client requests based on their given URL or URI. This chapter details how they work, from a protocol level, and provides example configuration settings such as sending only specific users through the redirector or conversely, letting specific users bypass the redirector altogether.

Squid can be configured to use various user authentication methods to allow or deny access. Chapter Twelve, Authentication Helpers, covers these options. Squid can talk HTTP Basic, HTTP Digest and NTLM. Each type is well explained in how it works and detailed in how to setup.

Chapter Thirteen and Fourteen fully explain logging and monitoring. The logging chapter explains the type of information each log file catches, a full description of each error or information type (which is a great reference that I made full use of) and configuration directives that change what is logged or how it is logged. Monitoring Squid covers the Squid Cache Manger (A web front-end to many great statistics), a brief mention of using Squid-RRD and using SNMP. Such monitoring statistics include, file descriptor allocation, byte hit ratios, cache hits and cache misses and a wealth of other useful information.

Chapter Fifteen, Server Accelerator Mode, explains Server Accelerator Mode, which is also known as Surrogate Mode. It is a neat trick where Squid stills runs as a proxy, however, the Squid server is proxying the world (or a select few) to your server. One obvious advantage includes performance (or Slashdot hardening if you will). There are several config directives explained here as well as some gotchas.

Chapter Sixteen, Debugging, is the is one of the few chapters that I did not need to reference. Although, if you need to, there is some good information provided.

Appendix A comes with a config file reference that actually provides more information then the comments in the configuration file (Holy moley!...they better trademark that idea before other authors catch on!).

Appendix B briefly covers memory caching and optimization.

Appendix C shows how to use delay pools to limit user bandwidth.

Appendix D details file system performance benchmarks to show you filesystem and operating system differences.

Appendix E discusses running Squid on Windows using Cygwin.

Appendix F covers auto configuration of Squid clients to avoid needing to physically visit the many machines you administer.

In conclusion:

Pros: This is "The Book" for Squid. No skipping from chapter to chapter, the author was also the designer and still one of the maintainers, fuller descriptions of the configuration file directives that the configuration file comments. It is a great reference.

Cons: Really the only thing that I didn't like was that he only discussed HTTP proxying. There is a brief mention of FTP and SMTP, but only a couple of sentences. To be fair, in the preface he did mention that he would would of liked to written on these topics but didn't have time.

About the reviewer: