Howto redirect Audio/Video or some contents based on extensions to another proxy using SQUID
Assalam Va Alaekum,
Following guide will show you how to redirect some contents from Squid proxy server to another proxy server (possibly squid or ISA, whatever). This is one of the oldest tricks in the book. People who are engaged in Linux after late 90’s knows about it very well. I used this scenario at my network in year 2003-2004 when I had SPEEDCAST IVS downlink of 256Kb and 64Kbs ISDN link. It was very useful at that time and user were really amazed with the browsing speed 🙂
Here is the test scenario, we have two proxy servers , proxy1 and proxy2.
PROXY1 is our master/parent proxy server connected with fast internet link and we want it to be reserved just for browsing and other important stuff, and we want that any request for .mp3 .exe .wmv .avi content must be redirect to PROXY2 server which is connected with lower bandwidth Link like satellite downlink or other.
Install 2 squid servers.
proxy1 = 192.168.2.1 [master/parent proxy]
proxy2 = 192.168.2.9 [for download redirected_content only]
Now on proxy1 (parent/master) , add following lines in /etc/squid/squid.conf
acl mynetwork src 0.0.0.0/0.0.0.0 acl redirect_content urlpath_regex -i \.MP3$ \.AVI$ \.WMV$ \.RM$ \.FLV$ \.ZIP$ \.RAR$ \.EXE$ \.mp3$ \.avi$ \wmv.$ \.rm$ \.flv$ \.zip$ \.rar$ \.exe$ cache_peer 192.168.2.9 parent 8080 3130 cache_peer_access 192.168.2.9 allow mynetwork redirect_content never_direct allow redirect_content
All Done. Now test the setup. Set client browser proxy to use proxy1 and try to download anything (which is in redirect_content acl e.g rm or mp3 songs)
See the attached images.
apniisp- Testing Song Download from internet
Monitor Squid access log at proxy1 and proxy2, you will clearly see that only redirect_content are redirected to proxy2, rest of traffic is using proxy1 only.
PARENT PROXY1 Squid Access Log
PROXY2 Squid Access Log
This way you can do load balancing on your proxy servers.
The biggest advantage of such load balancing is that user browsing will not be effected if 20-30 users are simultaneously downloading any media contents or your marked contents 🙂
Cheers,
Allah Hafiz
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
nice sharing Jahanzaib bhai !!!!
LikeLike
Comment by faizan — October 16, 2011 @ 9:45 PM
regards,
I am interested in inter-peer topology for squid squid cache content download a separate route … good and great, I’ve done and the results are satisfactory.
but I have a problem if in combination with mikrotik router, I can not catch the hit of proxy2 = 192.168.2.9 [for download redirected_content only] for the bypass to the client without the limit
01. mikrotik router + adsl broadband 2MB redirect to proxy1
proxy1 special proxy2 cache peer to content
02. to proxy2 I use 3 GB mobile broadband
whether you can provide a solution to the commands in Mikrotik to read that it was the hit of proxy2 ?
LikeLike
Comment by Vai Firman — February 12, 2012 @ 10:58 AM
Hmmm I have not worked with peer tpoplogy, But i guess it should work.
Have you configured ZPH on both proxies ? and corresponding rules on Mikrotik ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 13, 2012 @ 11:21 AM
thank you sir syed, I have to fix some network flow and perfect HIT,
I want to ask how the SSL port is directed to the proxy-2?
I tried with this command:
————————————————-
portSSL port 445 acl
src 0.0.0.0/0.0.0.0 acl mynetwork
urlpath_regex redirect_content acl-i \. MP3 $ \. AVI $ \. WMV $ \. RM $ \. FLV $ \. ZIP $ \. RAR $ \. EXE $ \. mp3 $ \. $ Avi \ wmv. $ \. rm $ \. flv $ \. zip $ \. avi $ \. exe $
cache_peer 192.168.2.9 parent 8080 3130
cache_peer_access 192.168.2.9 allows mynetwork redirect_content portSSL
never_direct allows redirect_content portSSL
does not work, do I have to use iptables?
LikeLike
Comment by V. Firman — February 17, 2012 @ 9:48 PM
I can’t give you any expert opinion regarding this as I have not used peering option in squid in combination with Mikrotik. Redirecting SSL is a bit tricky part.
Once used it and post its info at
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 18, 2012 @ 12:54 PM
Thank you, Mr. Syed, I will discuss further how to proxy SSL port forwarding child. Because it is important for me to play Zynga is using port 1939,443,8890 without disturbing the main proxy
but I have tested the model redirect your content for 2 months from a variety of dynamic content and download direct, strong enough. using the IDM is not a problem
LikeLike
Comment by Via Firman — February 18, 2012 @ 10:47 PM
Hi,
actually I was wondering if with the above method of caching youtube videos, the HIT traffic will be marked according to the ZPH policy in config.
Because when using url_rewrite for the same purpose the videos that are served from local cache, are not marked with HIT.
LikeLike
Comment by plamenpetkov — April 14, 2012 @ 3:54 PM
I am unable to understand you query. Which method of youtube caching you are asking for ?
I have configured Youtube caching on SQUID along with Mikrotik and the youtube caching is working fine, and its mark by the ZPH, thus the clients gets cached youtube video at full lan speed without any trouble.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 14, 2012 @ 7:42 PM
hi syed, you really helped me log solving my issue. regarding redirecting. i have to redirect one particular site to another proxy. i can do it now. but what does 3130
“cache_peer 192.168.2.9 parent 8080 3130” mean please tel me.
LikeLike
Comment by subbaraoganeshna — August 10, 2012 @ 12:05 AM
hi syed, I always find solutions to my problems at your blog; I have the following problem, I hope to find a solution.
I have similar scenario but In proxy2 I have configured cachevideos, its a package that caches youtubes and other video sites, but in a way that involves URL-ReWriting, proxy2 is able to return all requests except the sites that involve videos. as if cache-peering loses the purpose when it involves url-rewriting.
Any ideas?
LikeLike
Comment by Charbel Rizk — August 22, 2012 @ 12:24 PM
Hello Mr.Syed How can we cache apple updates ,.ipa.pkg,ipsw ? thank you
LikeLike
Comment by antonio — December 6, 2012 @ 9:00 PM
Assalam somebody can help me, i just to know the ip address only , so the proxy 1 should have 3 lan card ? like this
PROXY 1
LAN 1 ” INTERNET ”
LAN 2 ” LAN ”
LAN 3 ” CONNECT WITH PROXY 2 ”
PROXY 2
LAN 1 ” CONNECT WITH INTERNET ”
LAN 2 ” CONNECT WITH PROXY 1 ”
so what is the ip at Proxy 1 ( LAN 3 ) and Proxy 2 ( LAN 2 )
LikeLike
Comment by faiz — January 4, 2013 @ 9:32 AM
This is well defined in the following article.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 4, 2013 @ 9:37 AM
Thank you for your reply sir .. i was read your article.. so here is my understanding about your topology, what ip address i want to put at gateway ?
PROXY 1
ETH 1 ( INTERNET ) – ip = 192.168.1.2 gateway = 192.168.1.1
ETH 2 ( CONNECT WITH PROXY 2 ) – ip = 192.168.2.8 gateway = ?
ETH 3 ( CONNECT WITH SWITCH ) – ip = 192.168.0.1 gateway = ?
PROXY 2
ETH 1 ( INTERNET ) – ip = 192.168.1.2 gateway = 192.168.1.1
ETH 2 ( CONNECT FROM PROXY 1 ) – ip = 192.168.2.9 gateway = ?
LikeLike
Comment by faiz — January 4, 2013 @ 1:12 PM
Assalamuailaikum syed , if user watching youtube also will be redirect to proxy 2? or just for user to download file only will be redirect to proxy 2 ?
LikeLike
Comment by aslim — January 4, 2013 @ 1:31 PM
salam alaikom,
this will redirect youtube and all streaming video sites too ??
thank you
LikeLike
Comment by Hussein — February 23, 2013 @ 9:01 AM
you are really a genius
thank you so much
LikeLike
Comment by abosalma — May 4, 2016 @ 3:24 PM