Configuring OSX as a proxy server

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Silas1066, Mar 13, 2011.

  1. Silas1066 macrumors regular

    Nov 1, 2009
    I am looking to put in some proxy servers in remote locations on my national network.

    Needless to say, I don't want to use Windows ISA for this.

    I could put in a Squid server running on some flavor of Linux, but I am wondering if the same thing can be done on OSX. Since there are no user licenses, and a mac mini is very inexpensive, it looks to be a good solution.

    Any advice would be appreciated: just looking for a simple setup that will allow for proxy and logging, nothing crazy.
  2. IscariotJ macrumors 6502a

    Jan 13, 2004
    If all you're after is simple proxying ( and maybe caching, URL blocking ) OSX Server out of the box is more than capable For anything a bit advanced, you can't go wrong with Squid ( and it compiles nicely on OSX ).
  3. Silas1066 thread starter macrumors regular

    Nov 1, 2009
    couple questions:

    Does SquidMan also provide proxy services for other clients? In other words, does it only work for your local machine ( Or can I point other machines to the mac running SquidMan (on port 8080)?

    Does Mac OSX Server come with a caching proxy server built in? I see that you can do reverse-proxy in accordance with the remote access stuff, but I am just looking for caching (and logging) proxy capabilities for my internal clients.
  4. robbieduncan Moderator emeritus


    Jul 24, 2002
    All clients (assuming you don't firewall it).
  5. belvdr macrumors 603

    Aug 15, 2005
    If you're proxying for caching of Internet requests, you may find it to have a very low ROI. Many of the URLs appear dynamic to proxy engines, so they don't cache the content. I tested Squid with WCCP in my home and couldn't get much caching to occur.

    But, if you're looking for in-house WAN acceleration, I'd suggest looking at BlueCoat. They can proxy as well and have a very good GUI breaking down the acceleration of individual services.
  6. myjay610 macrumors regular

    Jan 6, 2008
    Little bit of a price jump, no?
  7. belvdr macrumors 603

    Aug 15, 2005
    He mentioned the words "national network" so it may not be. What solution would you recommend? If it's for caching, the internal SATA drives and no second NIC on the mini could easily hamper performance.
  8. Silas1066 thread starter macrumors regular

    Nov 1, 2009
    I have Cisco ASA firewalls in all the remote branches, and we use Proofpoint for virus filtering, etc., so Bluecoat isn't really needed here.

    What I need is

    1. Caching
    2. Reporting (able to view logs of activity, see where people are going, etc)
    3. Blocking (if possible -I know Squid can do that)

    In order to run SquidMan, do I need 2 network adapter cards? Will it do the stuff listed above?
  9. belvdr, Mar 15, 2011
    Last edited: Mar 15, 2011

    belvdr macrumors 603

    Aug 15, 2005
    BlueCoat does caching/proxying. ASAs and virus scanning don't equate to "no BlueCoat" any more than it equates to "no caching". I can tell you this because we use ASAs and BlueCoat. It even accelerated some of the live meetings our users attend. I can tell you BlueCoat fits this situation perfectly and are easily managed, but I digress.

    Are you looking to cache Internet or internal web content? Internet caching is not what it used to be. Many URLs used confuse the proxy into thinking it is uncacheable (dynamic).

    It's also possible (with particular devices) to accelerate all WAN content. For example, we have a caching device in our corporate data center, and then have devices that accelerate the WAN. Of course, all sites come through corporate for Internet access. The end solution is that we can cache and accelerate almost all traffic on the WAN, especially email and other non-HTTP content.

    It depends on where you place the proxy for the NIC count. If you use WCCP (possible with the ASAs), you only need one NIC. Of course, depending on traffic, your network, and number of users, it could overwhelm the NIC.

Share This Page