Re: hotlinking and server opinion

From: Henrik Nordstrom <[email protected]>
Date: Thu, 13 May 1999 01:39:43 +0200

Pardon my ignorance, but what is hotlinking?

The standard way for making Squid an accelerator is to reassigning the
domain name to the Squid IP address, so no URLs needs to be changed
unless you want to have URLs which bypasses the accelerator. It should
also be possible to have Squid transparently accelerate the server in
the same fashion as a transparent proxy, in which case no IP
reassignment is needed. Transparent acceleration also has the nice
benefit that if Squid would fail then all you need to to is to bypass
the Squid box and cross your fingers that the backend server can stand
the load.

Normally, using Squid as an accelerator (or proxy) will hide the clients
IP address from the HTTP server. This is however not a strict
requirement and with some minor code changes to Squid (and support from
the TCP/IP stack on the host where Squid is running) Squid may
masquerade as the client when talking to the HTTP server.

Or, instead of using Squid to accelerate the server you could accelerate
the HTTP server hardware, for example by making the web server a
clustered server. Simplest setup is a two layer cluster with a backend
NFS server storing the files and a number (two or more) frontend HTTP
servers serving the contents, all connected with a high speed network
(100Mbps or better recommended). To begin with you may surive with two
machines where one is both NFS and HTTP server, but in the long run that
is not a good design. Main drawback is that any CGI programs which
writes to shared files would need to use file locking, or it is quite
likely file system caches will get out of sync with the NFS server
possibly causing data corruption or wierd behaviour, but then this is
also true to some extent in a standard setup with local disks.. Also,
using NFS basically requires you to have some kind of packet filtering
in front of the machines to filter out NFS based attacks to the servers,
but this is something I recommend to anyone having a public Internet
site anyway (use a filter to block all unexpected traffic, to guard
yourself from stupid errors that may open a security hasard).

Justin Smith wrote:
>
> I am looking at building a squid box as a http accelerator for an existing
> apache box that is getting over 250k+ hits a day. Due to the cgi work on
> that server, it is getting a little busy.
>
> My plan is to use the squid box as the front end handling all static
> graphics and images. While the existing box handles the rest using the
> squid box as its gateway.
>
> Here is my problem. I do not know if hotlinking would be stopped. I am
> running a freehost and I do not want users to have their site located on
> another site and link to my site for only images. Currently, the machines
> .htaccess takes care of that and I am curious if the reverse proxy will
> recognize this.
Received on Wed May 12 1999 - 17:22:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:16 MST