How to Install Squid Proxy on Windows

Back in 2006 or in the early days after i started this blog. I wrote about Installing Squid Cache on Windows. And i think i should rewrite it again because some parts in the old post is missing (back when this blog started, this blog is hosted at Wordpress.com and when i moved to a self hosted solution there are some errors in the importing process and although i know about that since a long time ago i’m just too lazy to rewrite it again lol). But well … what’s done is done :)

Anyway, before we begin, make sure that you have downloaded Squid Windows Binary Package / Squid for Windows that can be downloaded from Acmeconsulting. And you have extracted it somewhere on your hard drive. In this post, i choose to extract it to “C:\Squid” due to hardcoded path and beside most people don’t like to read long post. So if you changed Squid location, make sure to adjust it accordingly. And don’t worry the actual installation process is fast. The other steps described here are optional unless you need it

And as a note, i wrote this post (tested) on Windows 7 x64 with UAC Enabled using Squid 2.7 Stable 8 and i’m pretty sure as it will work with earlier version of Windows as well. And No! you don’t need to turn off UAC because turning UAC off isn’t a good solution

And now let’s get started

Initial Setup

First thing you need to do is, open command prompt as Administrator (if you’re on Windows Vista or Windows 7 and have UAC enabled) and then type below command to copy the default configuration files and install squid as windows service:

cd /d c:\squid
copy etc\*.default etc\*.
sbin\squid.exe -i

For the sake of completion, if you choose to put Squid.conf (or the entire Squid files) not at Drive C, replace the last command with this one (where x is your drive letter):

sbin\squid.exe -i -f "x:/squid/etc/squid.conf"

What the above code do:

  1. Change directory to your Squid directory
  2. Create the default configuration file for Squid which is a copy from the default configuration file
  3. Install Squid Cache as Windows Service so it’ll start Squid Service automatically

And now we’re going to edit the main configuration for Squid Proxy Cache, and that is squid.conf. But obviously not everything is going to be covered here (you should go to the squid official site for this purpose). So i’m just going to list all the recommended options you should be aware / change

Restricting access to your Squid Proxy Server

To limit on who are allowed to connect to your Proxy Server, you should change / add the allowed IP Address that is allowed to connect to your squid proxy at below section

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network

By using the same format as the above code for example, acl localnet src 123.456.789.0

And then right before http_access allow localnet, add http_access allow localhost so it looks like:

http_access allow localhost
http_access allow localnet

And finally if you don’t want Squid to bind to all adapters (which is the default) you might want to change Squid Listen Address and Port to your LAN IP Address or if you’re just going to use Squid for yourself only then you should use below

# Default http_port 3128
# Bind to localhost at port 3128 only
http_port 127.0.0.1:3128

Limiting access to specific ports only

If you need to limit on which ports your Squid proxy clients are allowed to connect to, then you need to adjust this

acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

For example if you want to limit your clients to HTTP and HTTPS only, then you can remove / comment all the other lines beside 80 and 443

Changing disk cache location and size

For better performance, it’s better to put the Squid cache directory into another partition (in other words, not your system partition) and even better on different hard drive. So find this line:

cache_dir ufs c:/squid/var/cache 100 16 256

And then change it to any directory you want, and also adjust the disk cache size to your liking, for example to put your squid cache directory at X:\squid-data\cache with a maximum capacity of 1500 MB

cache_dir ufs x:/squid-data/cache 1500 16 256

Also it’d better to put all squid logs into different partition too

Creating Squid cache data directory

Now back at the command prompt again, and this time type:

c:\squid\sbin\squid.exe -z

To create Squid Swap Directories which is used to store cached objects

Starting Squid Service

Now we need to start Squid service for the first time (the next time it’d start automatically), and there are two ways to achieve this, you are free to choose either the command prompt method or the GUI method

If you choose command prompt method then you need to type (run command prompt as administrator if you’re on vista or 7):

net start squid

If you choose the GUI way then, press Windows Key (on your keyboard) + R, and then type services.msc, search for and right click on Squid service and choose Start to start Squid Service

And that’s it you’re done Installing / Configuring Squid on Windows

But if you still want more, then please continue reading :)

Special Note: If you placed squid not at C:\Squid, make sure to change anything in squid.conf that point towards C:\ into where you put Squid

Minimal Squid Configuration Adjustment

While the default configuration included with Squid is optimal for many, but sometimes you want more from your Squid installation and so we’re going to tweak several options i think necessary but obviously this is designed for a really small network, for other purpose or larger network, please consult your nearest squid experts :)

Creating custom.conf file

Create a new text file and save it as custom.conf file inside your squid/etc directory so it’ll looks like c:/squid/etc/custom.conf so we don’t need to modify the original squid.conf directly just to override default values

And the next step would be, opening squid.conf and find this line

refresh_pattern .		0	20%	4320

and comment it (by placing #) at the beginning of the line. Then place below line at the bottom of squid.conf

include "c:/squid/etc/custom.conf"

And now paste this into the custom.conf file you just created:

#######
# ACL #
#######

# to allow purging cache from localhost only
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# always direct all ftp request
acl FTP proto FTP
always_direct allow FTP

########
# TUNE #
########

# enable pipeline
pipeline_prefetch on

# shutdown timeout
shutdown_lifetime 5 seconds

# no half closed
half_closed_clients off

##############
# CACHE SIZE #
##############

# maximum object size
maximum_object_size 64 MB
cache_mem 96 MB
maximum_object_size_in_memory 256 KB

###################
# REFRESH_PATTERN #
###################

# ============= #
# GENERAL USAGE #
# ============= #

# Note: This is some of the refresh_pattern i'm using, and of course feel free to adjust it to your liking
# For static files i choose to ignore-reload only as for wikipedia it's an example for site specific

# static files for websites
refresh_pattern -i \.(j|cs)s$ 10080 100% 10081

# static images
refresh_pattern -i \.(jpe?g|gif|png|bmp|ico|svg)$ 10080 100% 10081 ignore-reload

# static a/v
refresh_pattern -i \.(wm(a|v)|mp[0-9]?a?|mpe?g|avi|mk(a|v)|og(g|m)|flv|swf|rmvb|m2?ts)$ 4320 100% 4321 ignore-reload

# static archive type
refresh_pattern -i \.(exe|zip|r(ar|[0-9]+)|7z|ace|gz|tar|bz2)$ 4320 100% 4321 ignore-reload

# static document type
refresh_pattern -i \.((doc|xls|ppt)x?|pdf|txt)$ 4320 100% 4321 ignore-reload

# wikipedia
refresh_pattern -i wikipedia\.org\/wiki\/.* 4320 50% 4321 override-expire ignore-private

# =============== #
# DEFAULT PATTERN #
# =============== #

# default pattern
refresh_pattern . 0	20%	4320

########
# MISC #
########

# use specific dns server in this case google and opendns
dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220

# disable htcp icp because we aren't going to use it
htcp_port 0
icp_port 0

# block displaying specific headers
header_access Via deny all
header_access X-Forwarded-For deny all

# hide version number
httpd_suppress_version_string on

# change hostname
visible_hostname Reaper-X-Cache

###########
# THE END #
###########

I believe the Squid config file already tells you on what the above directives do, but just in case:

ACL Section

There are two items here, the first one is an access rule to allow you to purge squid cache manually from the command line while the other one is for directing all ftp requests directly

And to purge your Squid Cache Object manually, you can type this at the command prompt:

c:\squid\bin\squidclient.exe -m PURGE full-url

Where full-url replaced by the full address of the object you’re trying to purge. Here’s an example of what it’ll looks like when you purge a cached object successfully (assume it’s already cached first)

C:\squid\bin\squidclient.exe -m PURGE http://farm1.static.flickr.com/55/136797856_bb683d8f22.jpg
HTTP/1.0 200 OK
Server: squid
Date: Sun, 16 Oct 2011 06:01:48 GMT
Content-Length: 0
Expires: Sun, 16 Oct 2011 06:01:48 GMT
X-Cache: MISS from Reaper-X-Cache
X-Cache-Lookup: NONE from Reaper-X-Cache:3128
Connection: close

Note: if you want to look at what url has been cached by Squid (as long as you didn’t restart the squid process), you can type this:

c:\squid\bin\squidclient.exe mgr:objects | find /i "site url"

Cache Size Section

If you want Squid to cache larger objects then you should increase maximum_object_size from the default of 4 MB into bigger value. And if you frequently access that objects, it’d be better to increase the Memory Cache Options such as cache_mem and maximum_object_size_in_memory to serve that object directly from Memory. And depending on your hardware configuration, i’d suggest you to adjust it to your hardware setup to find the best configuration for you :)

Refresh Pattern Section

The refresh_pattern is used so you can fine tune caching specific file type or page. In this guide i have included caching for common static content such as images, static content that is used for website, audio videos, documents, and archives. With most of them using ignore-reload so even if your client do a hard refresh it’ll still serve the static files from the squid cache. As for the wikipedia part, i believe you can guess what that’s used for :)

Misc. Section

There are 5 items here:

dns_nameservers: This basically tells squid on what DNS server to use. So make sure to change this to your DNS Server (you can use Google public DNS, OpenDNS, Comodo Secure DNS, etc)

Disabling htcp and icp port: Since we’re not going to use this, we’re better off disabling it but if you think you’re going to use it then feel free to change it :)

headers_access: By default Squid will display various HTTP Headers that is indicating that you’re behind a proxy. Some people (including me) don’t like this especially if you’re just in a small network

visible_hostname and httpd_suppress_version_string: While we’re at it, we might as well make a good name for our Squid cache and hide the squid version used :)

Reload Squid configuration file

Now since we’re done configuring Squid, we need to tell Squid to reload it’s configuration file, and to do that you need to open Command Prompt (admin mode as usual if in 7 / Vista) and then type:

c:\squid\sbin\squid.exe -k reconfigure -n Squid

And done … the next step would be configuring your browser to use your Proxy by pointing it to your [proxy server address]:[port]

But what if you want your Windows Squid server to be able to filter ads, and probably more? then please continue reading :)

Filtering Ads on Squid

There are three ways to use Ads Filtering for Squid on Windows (at least there are only three that i’m aware of, so if you know more, i’d be grateful if you could mention them here. Because i’m not sure on whether SquidGuard or DansGuardian can be used on Windows)

1. The first one is using the a pre-made list of various ad servers created by http://pgl.yoyo.org/as/ and the instructions on how to use it with Squid can be found there and it’s straight forward

2. While the second method is by using a redirector program called adzapper that involves installing perl (well there’s a portable version too if you prefer portable perl). But you could use them both if you want. And to use it you just need to:

  1. Go to adzapper website and download the script, rename it to squid_redirect.pl and place it into C:\squid\etc
  2. Download Perl if you haven’t already. And if you’re looking for a portable version of Perl that doesn’t need to be installed, you can use Strawberry Perl. Just make sure to go to their releases archive page
  3. Put this line at the custom.conf our custom config file for squid
# Make sure to change the directory to where perl.exe located
redirect_program "x:/strawberry-perl-directory/perl/bin/perl.exe" "c:/squid/etc/squid_redirector.pl"

3. And finally the third method is involving chaining Squid Proxy with Privoxy that is described below because it deserves a new section :P

Chaining Squid to other Proxy Server / Proxy Chain

This part deals with chaining Squid that is designed to handle caching to other proxy server designed for specific purpose. And in this case we’re going to chain squid with privoxy that is going to be used for various filtering purpose. But i’m not going into a much detail about Privoxy (like how to add new rules into Privoxy for example) because it’s already listed on their Documentation :)

Using Squid with Privoxy

First thing first. Put below lines in custom.conf right after the ACL section:

# don't cache privoxy config
acl privoxy-config dstdomain config.privoxy.org
cache deny privoxy-config

# forward request to privoxy
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest

# force all requests to go to the proxy chain
never_direct allow all

And then if you haven’t downloaded Privoxy yet, download and extract it somewhere and then run privoxy.exe and finally reload squid configuration again and then open your browser and point your browser to http://config.privoxy.org

If you do everything correctly, you’ll see this message This is Privoxy X.Y.Z on hostname.com (127.0.0.1), port 8118, enabled

Pssst … To make editing Privoxy configuration much easier, you can use the included web-based editor (although for some items you need to edit the files directly). And to enable it, find and change enable-edit-actions to 1 in config.txt. But please read the reason on why it is disabled by default

And now we’re done with chaining Squid to Privoxy. But what if you want more? like for example chaining Squid to Privoxy and then to other proxy server or perhaps Tor or JAP? all you have to do is just put this line:

If you’re planning on chaining to Tor

# connecting to Tor
forward-socks5 / 127.0.0.1:9050 .

or if you want to connect to your local JAP setup

# for JAP
forward / 127.0.0.1:4001 .

Into Privoxy config.txt. To forward all requests to Tor (assuming that you have configured Tor correctly and it is running

And that is all … i hope this post isn’t to long, but if you did read it until the end, the reason i choose to rewrite the Squid Windows Guide is because the old one looks like a total mess for me (not that the new one is not messy but i think it’s a little bit better). Anyway I hope you find this guide useful and it helps you on installing Squid on Windows :)

Leave a comment

Comments

  1. Hostgator Discount Vouchers https://docs.google.com/document/d/1F0EQDg4axV4zkdOXC-Yc1KpPOwGgy4GCkYgF_zYiebk/pub Aug 29, 2014 at 6:18 PM

    The other day, while I was at work, my sister stole mmy apple ipad and
    tested to see if it can survive a 25 foot drop,
    just so she can be a youtube sensation. My iPad is
    now broken and she has 83 views. I know this is totally off topic but I had to share it
    with someone!

    Here is my web page – Hostgator Discount Vouchers

  2. home exercises 23hq.com/fordvzya/story/16190675 Aug 27, 2014 at 11:45 AM

    Excellent article. I absolutely love this website.
    Continue the good work!

  3. Squidblacklist squidblacklist.org Aug 27, 2014 at 8:15 AM

    Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms.

    There is room for better blacklists, we intend to fill that gap.

    It would be our pleasure to serve you.

    Signed,

    Benjamin E. Nichols
    http://www.squidblacklist.org

  4. lose weight fast workout example.com Jul 25, 2014 at 8:40 AM

    Nice post. I learn something new and challenging on sites I stumbleupon everyday.
    It’s always useful to read content from other writers and practice something from their websites.

  5. Eleanore gamezebo.com/ Apr 15, 2014 at 3:58 AM

    Hi, i think that i saw you visited my blog so i came to “return the favor”.I am attempting to find things to enhance my web site!I suppose its ok to
    use some of your ideas!!

Comments Navigation 12

Trackbacks/Pingbacks

  1. squid windows config » XRM PLATFORM
  2. Complete Guide on Installing and Configuring Squid Proxy Server for Windows - Reaper-X

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>