Reverse/Server-Side Proxy Caching for Windows? 35
frooyo asks: "I'm an currently looking for a good reverse proxy caching solution (server-side caching) for the Windows platform. This would be used as a transparent proxy between the corporate website and the outside world. Products that I have seen available include: Microsoft ISA server, Squid for NT and some others. I'm not completely opposed to using a non-windows platform for this type of solution, but I would prefer a Windows solution. I need a product that handles middle-large numbers of current users (10-30) with easy on one server. Additionally features such as caching pools and easy handling of FTP connections (since this will be used as a 'transparent' proxy) would be a much needed benefit."
Re:troll. (Score:1, Informative)
Re:troll. (Score:2)
At my kids school (a little under 400 people) I'm running squid on a P200 with *96MB* of RAM with absolutely no issues at all. The machine is mostly idle, and the load only goes up due to the snort and afick processes also running on the host
Squid is good (Score:5, Informative)
Being a relatively ancient open-source Unix program, it adheres religiously to standards, and will correctly use headers such as Expires and Cache-Control to maintain cache coherence; Squid will correctly cache anything with a Last-Modified header.
Additionally, it supports upstream commands allowing your web server to tell Squid to invalidate cache records when content changes; you can implement this easily in server-side languages such as PHP, Java or Python (Zope's caching machinery supports this transparently).
Apache (Score:1)
What the hell are you asking (Score:4, Insightful)
What is it exactly that you are asking? Is there a feature you need that these don't provide? Would you like us to write a config file for you?
Please be specific enough for knowledgeable users to know what you are asking.
I read this ask slashdot as 'I need to do x, found y and z that does x.' Also if you're only going to have 10-30 users, why bother doing a reverse cache? If your web server can't handle 10-30 users, a cache isn't going to help much.
Concurrent users (Score:3, Informative)
Depends on what the "web server" is; it might be expensive SQL stuff, for example. Or it might be a heavy-weight CMS thing; Plone [plone.org]'s default skin gives me less than 10 hits/sec on a very fast SMP box, and the lack of speed is, amazingly, mostly in the templating system. This is a case where caching would help.
10-30 concurrent users I interpret as meaning 10-30 requests per second. To put it in perspective: 10 req/s is 864,000 r
Re:Concurrent users (Score:3, Interesting)
Funny I was thought the same thing, but that wasn't in the post at all. My original post was mostly about how weird of a question, if it even is a question, this posting was.
10-30 concurrent users I interpret as meaning 10-30 requests per second.
I don't. Most browsers by default have 4 connections to a server, and 30 users would have 120 requests per second max. Now at most only 30 would be dynamic requests, unless the p
Re:Concurrent users (Score:2)
I don't think it's a weird question. A lazy and ill-formulated question, to be sure, but not weird.
For my current project I will need to apply a caching reverse proxy myself, just so I can support the expected traffic.
The "10-30 users" metric is useless without knowing the output of the web server. If the web server is able to sus
ISA (Score:4, Informative)
It will handle reverse web proxying along with providing transparent caching etc.
It's also very very easy to set up.
If you want more specific into, try Thomas Shinder's site http://isaserver.org [isaserver.org]
Re:ISA (Score:3, Informative)
Squid is also available for Windows [acmeconsulting.it] - I have an issue where my company will not under any means run Linux servers, however, they have agreed that I (network manager) can run certain Open Source apps.
Under Windows, Squid seems to work ok - I'm running the test server on a Celeron 333, with 128M of memory & 2 gig of cache under Windows 2000 Professional (i.e. it doesn't need a Windows server). It's currently handling about a dozen pilot use
Re:ISA (Score:2)
At the risk of talking to myself here - I just noticed the caching pool question - I understand that we can set up "sister" caches that cut down the amount of requests to upstream caches, thus sharing the load over a cluster of Squids whilst providing a larger "virtual cache".
Dear Slashdot Users, (Score:5, Funny)
The plug says to use a 13A rated fuse. I went to the shop and it seems they have all sorts of these fuses. I was wondering if any Slashdotters had tried different fuses and what success they had?
Thanks.
A Dork Esq.
Novell's product (Score:2, Informative)
It does much more that what you're looking for, but some of the multihoming functionality is incredibly handy.
The per user licensing only matters if you use it to authenticate users.
Apache Mod_Proxy (Score:1)
For those that don't understand this I suggest to read http://perl.apache.org/docs/1.0/guide/strategy.htm l [apache.org] Note that the advantage often is not caching but buffering.
Furthermore, we use apache and mod_proxy for reversepr
Re:Go ask M$ (Score:2)
Why? (Score:2)
Re:Why? (Score:1)
Re:Why? (Score:2)
Even if you have all of that money and more to burn on webservers, a reverse proxy is still a good option and sometimes a better way to spend your cash.
Back in the dot com era, I had to work with near offshelf commodity hardware for the most part. The only specialist servers I had were the webservers (and servlet containers) running (I didnt make the decision, so dont flame me :) IIS.
20-30 concurrent connections off Loadrunner, and the CPU on the webserver maxes out (mostly because of the servlet containe
Re:Why? (Score:2)
-Rob
Re:Why? (Score:1)
First and foremost, if I gave anyone the impression that I am disparaging the development work being done on Squid/NT, I apologize, such was not my intention in the slightest. I know that a good job is being done on it (because I occasionally evaluate it, I WANT choice in reverse proxies for Win32)
However, I still stand by my previous comments. Squid/NT is *not* as stable and not as scalable as the Unix based versions. Do I have documented statistics for this ? no, I do not. YMMV. I've run more than half a
Friends don't let friends use ISA Server. (Score:2)
Write a TCL script (Score:2)
Code for an HTTP proxy is easily googleable. FTP would be a little more effort, but once you understand the principles...
try xCache (Score:3, Informative)
Many Fortune 500 companies use it.
Clearifications (Score:4, Informative)
So after some clearification, what are peoples experiences with ISA [microsoft.com] or Novell's Volera [novell.com] (which I have heard very good things about) and any other caching solution.
Does
Re:Clearifications (Score:2)
-Rob
Re:Clearifications (Score:2)
IMHO if content is not different for each user it is not really dynamic. (Plenty of sites are dynamic becuase they can be, not really becuase they should be). Even if it is mostly static with just a few dynamic elements (Like a Welcome: *username*) see if your content system supports pre
Wholeheartedly Recommend ISA (Score:5, Informative)
ISA's proxying is great, but does cost $$$ on top of your Windows 2K licensing and Hardware. Here's the setup of every ISA box I've spec'd in teh last few months:
1. Dell GX50 Celeron 1GHz, 1GB RAM, 20GB 7.2k RPM HD, Adaptec 4-port NIC. About $900
2. Windows 2000 Server. About $800
3. MS ISA Server. About $1100
Total: about $2800
That said, it's expensive for use as "just a proxy". ISA offers much much more which is why I recommend using it in a more fully featured fashion. If you're planning on leveraging the Firewall, VPN, Secure-NAT, and PPTP Pass through capabilities at the same time, by all means, I can't recommend a better small/medium business security device.
(FWIW: ISA is the only commercial firewall I know that can do both PPTP and L2TP/IPSec in a NAT configuration with more than 1 connection at a time on the same external IP address - true that PIXs and similar ones can do PPTP through NAT, but you need a 1:1 mapping ratio for private to public IPs to do it. I've had over 150 private IPs set up simultaneous PPTPs through my ISA box on a single external IP, but I digress...)
ISA's proxying is suprisingly fully-featured. Want to scan all uploads & download for viruses? No problem, ISA's got a ton of plugins. Want to harden security on a single box instead of 10 individual web servers? No problem, apply all kinds of rules to the proxy service and block or allow things at the file or even mime-type level. Want to use NT/AD user certificates on Apache or non-IIS servers? No problem... with Feature Pack 1, ISA will provide authentication based on all these and "non-MS-ize" the auth data to your backend servers. Want redundancy? Just add another ISA server in array mode - 2 boxes, single config point, double the performance,
There's so many other ISA features to mention. I can't say enough good things about it. My only wish list item is better logging.
Squid for *nix (Score:2)