SLAC ESD Software Engineering Group
Stanford Linear Accelerator Center

Firefox & Squid

SLAC Computing
Software Engineering



Squid is a proxy caching web server.  We use squid to run Firefox on our private network (LCLSCA) to read web pages on the SLAC public network.  Squid is running on lcls-prod03.  



LCLS-PROD03 Production version of Squid

  • We use the rpm installed squid version provided by SCCS on lcls-prod03 
    • Squid Cache: Version 2.5.STABLE14
  • /etc/init.d/squid  start/stop
  • /etc/init.d/squid -z              -Creates Swap Directory


  • profiles are located in the user's directory under .mozilla/firefox
  • You can move profiles by tar'ing up the profile and untar'ing
  • prefs.js has most of the preferences: and all the NoScript changes
    • /usr/local/admin/firefox/chkPrefs -Can copy our template prefs.js to all profiles
    • See Security check cronjob below
  • places.sqlite and places.sqlite-journal are your bookmarks




  1. If openoffice documents crash when launched
    1. rename the "user" profile in /home/physics/
      1. This will force openoffice to create a new profile



SLAC Phone Search:

  1. copy /usr/local/admin/firefox/searchplugins/slac-phone.xml to /usr/lib/firefox-3.0.11/searchplugins/
    1. Needs to be done on all servers

Security check cronjob:

  • chkPrefs:  Cronjob to monitor the prefs.js file on all users firefox profiles
  • Located on mccfs2  /etc/cron.daily (runs as root)
    • /usr/local/admin/firefox/chkPrefs
      • You can also uncomment a line to copy a new prefs.js to all profiles

How to find biggest objects in your cache:

  • sort -r -n +4 -5 /var/log/squid/access.log | awk '{print $5, $7}' | head -25


To Speed up firefox:

  1. Launch Firefox.
  2. Enter 'about:config' in Firefox URL box.
    1. Add an integer
      1. content.notify.backoffcount     5
    1. Change pipeline as seen below

To remove "start a new session" dialog:

  1. about:config
    1. browser.sessionstore. resume_from_crash    false


Differences in the squid.config files:

< # LCLS- increased cache memory

< cache_mem 64 MB

< # LCLS - increased the amount of diskspace to 200MB

< cache_dir ufs /var/squid/cache 200 16 256

< # LCLS - DNS

< dns_nameservers

< # LCLS - Allow only LCLSCA network

< acl localnet src

< # LCLS - Setup acl's

< acl GoodSites dstdomain "/etc/squid/squid-noblock.acl"

< acl BadSites  dstdomain "/etc/squid/squid-block.acl"

< acl BadWords  url_regex -i "/etc/squid/squid-BlockWords.acl"

< acl deny_rep_mime_flashvideo rep_mime_type video/flv


< #LCLS: Allow localnet - which is defined in acl's as

< http_access deny BadWords

< http_access deny  BadSites

< http_access allow localnet

< http_access allow GoodSites

< #

< #LCLS-uncommented

< http_access deny to_localhost


> #http_access deny to_localhost


< # LCLS - deny MIME type (Flash video)

< http_reply_access deny deny_rep_mime_flashvideo

< # LCLS - Send Mail to sysadmins

< cache_mgr controls-system-admins

< # LCLS - user squid

< cache_effective_user squid

< # LCLS - define name

< visible_hostname LCLS-Proxy

< # LCLS - Domain

< append_domain

< #LCLS - private error pages

< error_directory /usr/share/squid/errors/lcls



Enabling the proxy web server in Firefox

  • bring up firefox -> Edit -> Preferences
    • Click on Advanced tab
      • Click on Network -> Settings



NoProxy list: localhost,,,,,,, camr-ltu1-pp01, camr-fee1-pp01, camr-dmp1-pp01




Turn off the confirmation of certificates:

  • Click on Encryption tab -> Validation
    • Uncheck the "Use the Online Certificate Status ......"





Install NoScript add-on to Firefox

  • Downloaded noscript-1.9.5-fx+sm+fn.xpi
    • file is in /usr/local/admin/firefox/NoScript
  • Install NoScript
    • Bring up Firefox and type: file://usr/local/admin/firefox/NoScript/noscript-1.9.5-fx+sm+fn.xpi
      • This will start the installation process
  • Configuration
    • There will be a "S" on the bottom right-hand corner of Firefox:  
      • Left click and select "Options"

These web sites are all subject to change:





Took the defaults:






[SLAC ESD Software Engineering Group][ SLAC Home Page]

Author: Ken Brobeck

Modified: 17-Apr-2012