CLASSE Proxy Server
To improve your web browsing experience and help secure our network, please configure your web browser to auto-detect the proxy server (or statically set it to cache01.classe.cornell.edu, port 3128) when you are on CLASSE's network.
We run the
Squid web caching proxy on cache01.lns.cornell.edu port 3128, and restrict access to hosts on our network.
Configuring Firefox to use CLASSE's Proxy Server
- start firefox
- Open the Firefox preferences window.
- Windows: click on Tools and choose Options
- Linux: click on Edit and choose Preferences
- Mac OS X: click on Firefox and choose Preferences
- click on Advanced and choose the Network tab
- click on Settings underneath Connection
- select Auto-detect proxy settings for this network
- Click on OK and then Close your firefox preferences window.
The command-line, or other Unix-based web clients
set the environment variables
http_proxy
,
ftp_proxy
, and
gopher_proxy
to
http://cache01.classe.cornell.edu:3128/
. For example:
-
export http_proxy="http://cache01.classe.cornell.edu:3128"
-
export https_proxy="http://cache01.classe.cornell.edu:3128"
Other browsers
Safari
- Start Safari
- click on Safari and choose Preferences
- click on the Advanced tab
- next to "Proxies:" click on Change Settings...
- The "Network" preferences window should open and display the "Proxies" tab.
- check Auto Proxy Discovery
- click on OK
- click on Apply
- close the Network Preferences window
- close the Safari Preferences window
What it is
A "proxy" is a server that fulfills WWW requests--web browsers send it URLs which it fetches and sends back to the browser. A caching proxy keeps a copy of most documents it fetches for some lifetime, using the cached copy to fulfill any further requests for the same document and thereby greatly speeding up requests for commonly accessed URLs. Pages that are protected by a password or some other authorization scheme or otherwise marked as uncacheable are not cached, so the cache should not reveal any private information to others.
Advantages of a caching proxy
- It works with all WWW clients with proxy support, including Firefox, Safari and most other web browsers.
- It is a shared resource, so a large (50 GB) disk can be dedicated to the cache.
- Since it serves requests from many people, commonly used pages will often be in the cache.
- Squid is a more agressive cache than most browsers. A web browser usually attempts at least one If-Modified-Since request for a URL per session, while the Squid cache will not contact the originating server at all for cache entries that have not expired. Fortunately, Squid (appropriately configured) is also good at guessing appropriate document lifetimes.
- Your browser will never lock up during DNS hostname lookups.
Why you might not want to use it
- Since it is more agressive than the typical browser cache, you may occasionally get documents that are out-of-date. The cache uses Expires headers and last-modified dates to avoid caching documents for too long, but it can be wrong if the web server is misconfigured. Hitting reload will force the proxy to reload the document from the original source, so you can fix cache entries that you know are out of date.
- Proxies can cause unexpected results with servers that negotiate content based on the user-agent header field--you may end up with a document version intended for some other browser. (Content negotiation based on the user-agent is fundamentally broken anyway.)
- The proxy does log all accesses. The logs are protected from general access and we only use them for debugging and statistical uses (and they do not contain any information that we could not get by other means), but you still may wish to avoid using the cache (or the lab network, for that matter) for any uses you would not want any record of.
- You may need to disable the cache for pages that are only accessible to particular hosts, since requests for pages accessed through the cache may come from cache01.classe.cornell.edu or any of the hosts in the top level of the cache hierarchy. Some browsers allow you to do this simply by setting a "No Proxy For" list.
- Further growth of the web will depend on the development of a caching infrastructure, so some form of cache is in our future one way or another. The current version seems to work well and reliably, and can dramatically speed up web browsing, so we encourage everyone to use it.
Ad Blocking
CLASSE, and Cornell in general, have seen a drastic increase in the number of virus and malware infections. As many of these are propagated by malicious advertisements that exploit vulnerabilities in Java, Javascript, and PDF, the CLASSE Computer Group has been forced to block many advertisements from passing through our squid proxy server. Because of this, websites containing advertisements may appear different when using our proxy server. This is for your protection, and we highly recommend everyone configure their web browsers to use our proxy server.