How to Install Squid Proxy on Windows

Back in 2006 or in the early days after i started this blog. I wrote about Installing Squid Cache on Windows. And i think i should rewrite it again because some parts in the old post is missing (back when this blog started, this blog is hosted at and when i moved to a self hosted solution there are some errors in the importing process and although i know about that since a long time ago i’m just too lazy to rewrite it again lol). But well … what’s done is done :)

Anyway, before we begin, make sure that you have downloaded Squid Windows Binary Package / Squid for Windows that can be downloaded from Acmeconsulting. And you have extracted it somewhere on your hard drive. In this post, i choose to extract it to “C:\Squid” due to hardcoded path and beside most people don’t like to read long post. So if you changed Squid location, make sure to adjust it accordingly. And don’t worry the actual installation process is fast. The other steps described here are optional unless you need it

And as a note, i wrote this post (tested) on Windows 7 x64 with UAC Enabled using Squid 2.7 Stable 8 and i’m pretty sure as it will work with earlier version of Windows as well. And No! you don’t need to turn off UAC because turning UAC off isn’t a good solution

And now let’s get started

Initial Setup

First thing you need to do is, open command prompt as Administrator (if you’re on Windows Vista or Windows 7 and have UAC enabled) and then type below command to copy the default configuration files and install squid as windows service:

cd /d c:\squid
copy etc\*.default etc\*.
sbin\squid.exe -i

For the sake of completion, if you choose to put Squid.conf (or the entire Squid files) not at Drive C, replace the last command with this one (where x is your drive letter):

sbin\squid.exe -i -f "x:/squid/etc/squid.conf"

What the above code do:

  1. Change directory to your Squid directory
  2. Create the default configuration file for Squid which is a copy from the default configuration file
  3. Install Squid Cache as Windows Service so it’ll start Squid Service automatically

And now we’re going to edit the main configuration for Squid Proxy Cache, and that is squid.conf. But obviously not everything is going to be covered here (you should go to the squid official site for this purpose). So i’m just going to list all the recommended options you should be aware / change

Restricting access to your Squid Proxy Server

To limit on who are allowed to connect to your Proxy Server, you should change / add the allowed IP Address that is allowed to connect to your squid proxy at below section

acl localnet src	# RFC1918 possible internal network
acl localnet src	# RFC1918 possible internal network
acl localnet src	# RFC1918 possible internal network

By using the same format as the above code for example, acl localnet src 123.456.789.0

And then right before http_access allow localnet, add http_access allow localhost so it looks like:

http_access allow localhost
http_access allow localnet

And finally if you don’t want Squid to bind to all adapters (which is the default) you might want to change Squid Listen Address and Port to your LAN IP Address or if you’re just going to use Squid for yourself only then you should use below

# Default http_port 3128
# Bind to localhost at port 3128 only

Limiting access to specific ports only

If you need to limit on which ports your Squid proxy clients are allowed to connect to, then you need to adjust this

acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

For example if you want to limit your clients to HTTP and HTTPS only, then you can remove / comment all the other lines beside 80 and 443

Changing disk cache location and size

For better performance, it’s better to put the Squid cache directory into another partition (in other words, not your system partition) and even better on different hard drive. So find this line:

cache_dir ufs c:/squid/var/cache 100 16 256

And then change it to any directory you want, and also adjust the disk cache size to your liking, for example to put your squid cache directory at X:\squid-data\cache with a maximum capacity of 1500 MB

cache_dir ufs x:/squid-data/cache 1500 16 256

Also it’d better to put all squid logs into different partition too

Creating Squid cache data directory

Now back at the command prompt again, and this time type:

c:\squid\sbin\squid.exe -z

To create Squid Swap Directories which is used to store cached objects

Starting Squid Service

Now we need to start Squid service for the first time (the next time it’d start automatically), and there are two ways to achieve this, you are free to choose either the command prompt method or the GUI method

If you choose command prompt method then you need to type (run command prompt as administrator if you’re on vista or 7):

net start squid

If you choose the GUI way then, press Windows Key (on your keyboard) + R, and then type services.msc, search for and right click on Squid service and choose Start to start Squid Service

And that’s it you’re done Installing / Configuring Squid on Windows

But if you still want more, then please continue reading :)

Special Note: If you placed squid not at C:\Squid, make sure to change anything in squid.conf that point towards C:\ into where you put Squid

Minimal Squid Configuration Adjustment

While the default configuration included with Squid is optimal for many, but sometimes you want more from your Squid installation and so we’re going to tweak several options i think necessary but obviously this is designed for a really small network, for other purpose or larger network, please consult your nearest squid experts :)

Creating custom.conf file

Create a new text file and save it as custom.conf file inside your squid/etc directory so it’ll looks like c:/squid/etc/custom.conf so we don’t need to modify the original squid.conf directly just to override default values

And the next step would be, opening squid.conf and find this line

refresh_pattern .		0	20%	4320

and comment it (by placing #) at the beginning of the line. Then place below line at the bottom of squid.conf

include "c:/squid/etc/custom.conf"

And now paste this into the custom.conf file you just created:

# ACL #

# to allow purging cache from localhost only
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# always direct all ftp request
acl FTP proto FTP
always_direct allow FTP

# TUNE #

# enable pipeline
pipeline_prefetch on

# shutdown timeout
shutdown_lifetime 5 seconds

# no half closed
half_closed_clients off


# maximum object size
maximum_object_size 64 MB
cache_mem 96 MB
maximum_object_size_in_memory 256 KB


# ============= #
# ============= #

# Note: This is some of the refresh_pattern i'm using, and of course feel free to adjust it to your liking
# For static files i choose to ignore-reload only as for wikipedia it's an example for site specific

# static files for websites
refresh_pattern -i \.(j|cs)s$ 10080 100% 10081

# static images
refresh_pattern -i \.(jpe?g|gif|png|bmp|ico|svg)$ 10080 100% 10081 ignore-reload

# static a/v
refresh_pattern -i \.(wm(a|v)|mp[0-9]?a?|mpe?g|avi|mk(a|v)|og(g|m)|flv|swf|rmvb|m2?ts)$ 4320 100% 4321 ignore-reload

# static archive type
refresh_pattern -i \.(exe|zip|r(ar|[0-9]+)|7z|ace|gz|tar|bz2)$ 4320 100% 4321 ignore-reload

# static document type
refresh_pattern -i \.((doc|xls|ppt)x?|pdf|txt)$ 4320 100% 4321 ignore-reload

# wikipedia
refresh_pattern -i wikipedia\.org\/wiki\/.* 4320 50% 4321 override-expire ignore-private

# =============== #
# =============== #

# default pattern
refresh_pattern . 0	20%	4320

# MISC #

# use specific dns server in this case google and opendns

# disable htcp icp because we aren't going to use it
htcp_port 0
icp_port 0

# block displaying specific headers
header_access Via deny all
header_access X-Forwarded-For deny all

# hide version number
httpd_suppress_version_string on

# change hostname
visible_hostname Reaper-X-Cache


I believe the Squid config file already tells you on what the above directives do, but just in case:

ACL Section

There are two items here, the first one is an access rule to allow you to purge squid cache manually from the command line while the other one is for directing all ftp requests directly

And to purge your Squid Cache Object manually, you can type this at the command prompt:

c:\squid\bin\squidclient.exe -m PURGE full-url

Where full-url replaced by the full address of the object you’re trying to purge. Here’s an example of what it’ll looks like when you purge a cached object successfully (assume it’s already cached first)

C:\squid\bin\squidclient.exe -m PURGE
HTTP/1.0 200 OK
Server: squid
Date: Sun, 16 Oct 2011 06:01:48 GMT
Content-Length: 0
Expires: Sun, 16 Oct 2011 06:01:48 GMT
X-Cache: MISS from Reaper-X-Cache
X-Cache-Lookup: NONE from Reaper-X-Cache:3128
Connection: close

Note: if you want to look at what url has been cached by Squid (as long as you didn’t restart the squid process), you can type this:

c:\squid\bin\squidclient.exe mgr:objects | find /i "site url"

Cache Size Section

If you want Squid to cache larger objects then you should increase maximum_object_size from the default of 4 MB into bigger value. And if you frequently access that objects, it’d be better to increase the Memory Cache Options such as cache_mem and maximum_object_size_in_memory to serve that object directly from Memory. And depending on your hardware configuration, i’d suggest you to adjust it to your hardware setup to find the best configuration for you :)

Refresh Pattern Section

The refresh_pattern is used so you can fine tune caching specific file type or page. In this guide i have included caching for common static content such as images, static content that is used for website, audio videos, documents, and archives. With most of them using ignore-reload so even if your client do a hard refresh it’ll still serve the static files from the squid cache. As for the wikipedia part, i believe you can guess what that’s used for :)

Misc. Section

There are 5 items here:

dns_nameservers: This basically tells squid on what DNS server to use. So make sure to change this to your DNS Server (you can use Google public DNS, OpenDNS, Comodo Secure DNS, etc)

Disabling htcp and icp port: Since we’re not going to use this, we’re better off disabling it but if you think you’re going to use it then feel free to change it :)

headers_access: By default Squid will display various HTTP Headers that is indicating that you’re behind a proxy. Some people (including me) don’t like this especially if you’re just in a small network

visible_hostname and httpd_suppress_version_string: While we’re at it, we might as well make a good name for our Squid cache and hide the squid version used :)

Reload Squid configuration file

Now since we’re done configuring Squid, we need to tell Squid to reload it’s configuration file, and to do that you need to open Command Prompt (admin mode as usual if in 7 / Vista) and then type:

c:\squid\sbin\squid.exe -k reconfigure -n Squid

And done … the next step would be configuring your browser to use your Proxy by pointing it to your [proxy server address]:[port]

But what if you want your Windows Squid server to be able to filter ads, and probably more? then please continue reading :)

Filtering Ads on Squid

There are three ways to use Ads Filtering for Squid on Windows (at least there are only three that i’m aware of, so if you know more, i’d be grateful if you could mention them here. Because i’m not sure on whether SquidGuard or DansGuardian can be used on Windows)

1. The first one is using the a pre-made list of various ad servers created by and the instructions on how to use it with Squid can be found there and it’s straight forward

2. While the second method is by using a redirector program called adzapper that involves installing perl (well there’s a portable version too if you prefer portable perl). But you could use them both if you want. And to use it you just need to:

  1. Go to adzapper website and download the script, rename it to and place it into C:\squid\etc
  2. Download Perl if you haven’t already. And if you’re looking for a portable version of Perl that doesn’t need to be installed, you can use Strawberry Perl. Just make sure to go to their releases archive page
  3. Put this line at the custom.conf our custom config file for squid
# Make sure to change the directory to where perl.exe located
redirect_program "x:/strawberry-perl-directory/perl/bin/perl.exe" "c:/squid/etc/"

3. And finally the third method is involving chaining Squid Proxy with Privoxy that is described below because it deserves a new section :P

Chaining Squid to other Proxy Server / Proxy Chain

This part deals with chaining Squid that is designed to handle caching to other proxy server designed for specific purpose. And in this case we’re going to chain squid with privoxy that is going to be used for various filtering purpose. But i’m not going into a much detail about Privoxy (like how to add new rules into Privoxy for example) because it’s already listed on their Documentation :)

Using Squid with Privoxy

First thing first. Put below lines in custom.conf right after the ACL section:

# don't cache privoxy config
acl privoxy-config dstdomain
cache deny privoxy-config

# forward request to privoxy
cache_peer parent 8118 7 no-query no-digest

# force all requests to go to the proxy chain
never_direct allow all

And then if you haven’t downloaded Privoxy yet, download and extract it somewhere and then run privoxy.exe and finally reload squid configuration again and then open your browser and point your browser to

If you do everything correctly, you’ll see this message This is Privoxy X.Y.Z on (, port 8118, enabled

Pssst … To make editing Privoxy configuration much easier, you can use the included web-based editor (although for some items you need to edit the files directly). And to enable it, find and change enable-edit-actions to 1 in config.txt. But please read the reason on why it is disabled by default

And now we’re done with chaining Squid to Privoxy. But what if you want more? like for example chaining Squid to Privoxy and then to other proxy server or perhaps Tor or JAP? all you have to do is just put this line:

If you’re planning on chaining to Tor

# connecting to Tor
forward-socks5 / .

or if you want to connect to your local JAP setup

# for JAP
forward / .

Into Privoxy config.txt. To forward all requests to Tor (assuming that you have configured Tor correctly and it is running

And that is all … i hope this post isn’t to long, but if you did read it until the end, the reason i choose to rewrite the Squid Windows Guide is because the old one looks like a total mess for me (not that the new one is not messy but i think it’s a little bit better). Anyway I hope you find this guide useful and it helps you on installing Squid on Windows :)

Leave a comment


  1. wordpress installeren Apr 2, 2014 at 5:20 AM

    Nice post. I was checking continuously this blog and I am impressed!
    Very useful info specially the last part :) I care for such info much.
    I was looking for this particular info for a long time.
    Thank you and good luck.

  2. deepak.krr Sep 20, 2013 at 4:24 PM

    Thank you for valuable information. Really helps a lot to chose the correct settings and also able to know new features providing by “SQUID”

  3. gin Apr 9, 2013 at 7:46 AM

    For those who got “Access Denied. ”

    add “acl localnet src″ to the custom.conf

    Reaper-X how do i know if the caching proxy is really working?

    i first visit a site then i disable the internet and try to visit that site again but that site didnt show up. it showed a error. im using squid with privoxy.

    if squid really is working, why squid didnt show the cache version?

  4. kin9ho Jan 13, 2013 at 10:27 PM

    thank you for your useful post.
    i have configured my squid following this guide and it’s working properly on my server, but my client computer is not working. i’ve set the proxy setting on the browser but it still can’t browse the web.
    do you have any idea on what’s going on?

    • Reaper-XReaper-X Jan 21, 2013 at 8:45 AM

      I’m sorry for the delay in response because i didn’t know there was a comment posted here. About your question, i’d suggest you to check the acl to allow access from your client ip address assuming that you’ve configured your firewall to allow incoming request to your squid server from your client

  5. john Sep 14, 2012 at 2:16 AM

    Can you do a tutorial on how to port DansGuardian content filtering to windows

  6. john Sep 13, 2012 at 8:18 AM

    How do you configure squid to authenticate local proxy users based on Windows 7/XP user list and password?

  7. elhadiry Jul 26, 2012 at 10:32 PM

    Thanks for this article, i need for chain it with privoxy.

  8. aiai Jul 25, 2012 at 11:54 AM

    This is a very helpful post.. but this would be better if you changed your text and bg color combination.. It made my eyes watery after reading. Just a suggestion :)

    • Reaper-XReaper-X Jul 26, 2012 at 9:06 AM

      Thank you very much for your suggestion, i’ll keep that in mind when redesigning (although i’m still not sure on what color would be best, so i guess i’ll go back to black on white lol) :D

  9. giganut Jul 13, 2012 at 1:43 AM

    Thank you for your great tutorial. I know have squid running on my Windows Server 2008 standard edition. But I don’t know how to connect to the proxy service from my computer or other computers. I am hoping that you could tell me how to do this. I am also trying to use my server for private proxies for my clients, how do I add user names, passwords and IP’s for them to use.

    • giganut Jul 14, 2012 at 3:55 AM

      I figured out how to connect to squid. but I can’t find anything about creating extra IP’s for my clients to use, I know that it can be done, But I can’t find a tutorial on how to do this.

  10. shahryar Jun 15, 2012 at 3:06 PM

    great tutorial
    I’m trying to use squid on windows with Radius Authentication so far no success by many tutorials and main squid faq
    can you help me by some tips!!?

    • Reaper-XReaper-X Jun 16, 2012 at 7:14 PM

      To the best of my knowledge, i’m thinking that Radius Authentication on Squid Windows isn’t working / broken or probably not ported yet, because i’ve tried replicating my squid configuration from linux which works fine (CentOS 5 with Squid 3.1 and also tested on 2.7 just to be fair) to Windows (Squid 2.7) but it keep prompting me to insert password and username although i’ve inserted the correct user and password. Even running the squid_radius_auth.exe cli directly didn’t return anything so i’m thinking it’s not compatible with Windows yet

    • shahryar Jun 17, 2012 at 12:28 AM

      Thanks for your answer I’m trying to run RRAS and squid together in windows i thought maybe port being busy by rras is making problem!!
      So far by testing noting works and with your answer Im sure that its cli is broken, is there any way that we can run PPTP/IPsec + HTTPS proxy with radius on any OS linux/win?

    • Reaper-XReaper-X Jun 17, 2012 at 11:24 AM

      You’re welcome Shahryar :) … as for your question, i’m guessing that you’re planning on using Squid as a transparent proxy from a PPTP connection . If that’s what you’re planning and you don’t need authentication as illustrated below then it can be done.

      Client (Windows via PPTP) -> PPTP Server -> Squid -> Internet = Possible

      but if you’re going to use it like below illustration

      Client (Windows via PPTP) -> PPTP Server -> Squid -> Radius -> Internet = Not possible as you can see from official Squid docs here

      WARNING: authentication can’t be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid.

      As a note, other than client the rest is using Linux (CentOS)

    • Shahryar Jun 17, 2012 at 2:42 PM

      Os is not important and VPN/Proxy are two separated Service and only thing I want them to share is Radius server, users have option to chose what ever to use
      problem is that I cant run VPN in Linux with radius and proxy in windows with radius
      in Centos squid3 works perfectly
      in windows RRAS is perfect choice

      something to complete the other half is needed
      thanks for your time

    • Reaper-XReaper-X Jun 17, 2012 at 3:18 PM

      Actually i’m still not sure on what you’re trying to achieve. I thought that you’re planning on running VPN (PPTP) service and proxy it to Squid. But anyway hopefully you’ll find what you’re looking for :)

    • Shahryar Jun 17, 2012 at 4:07 PM

      I know this is a Lot to ask but can you write tutorial on running PPTP/L2TP with radius Authentication on centos?

    • Reaper-XReaper-X Jun 18, 2012 at 8:20 AM

      Actually it’s available on FreeRadius wiki at this page. Just make sure to configure PopTop (link) beforehand

  11. Fool Jun 13, 2012 at 6:00 PM

  12. franky Jun 5, 2012 at 10:15 AM

    Very good article. Easy to implement and understand. Good job.

  13. elhadiry May 29, 2012 at 11:06 PM

    Thanks for this tutor. I need some point from this, it addzap and privoxy. Again Thanks …

  14. tawon Apr 18, 2012 at 4:46 AM

    nice post…
    ive used it from win XP…
    BTW..i’ve try to use squidNt with Win 7 too…but i had a problem..on the cache place ist always shown 0 KB, its mean nothing cached by squid…
    any idea to resolved it….???
    are you have the same problem???

    • Reaper-XReaper-X Apr 18, 2012 at 4:28 PM

      Actually i wrote this on Win 7 with UAC Enabled :)

      As for the cache size is always 0, i’m thinking that perhaps your problem were caused by UAC (i’m guessing that you put your cache_dir at drive C), my suggestion is first stop squid service if it’s running and then try changing the cache_dir into different partition and then run squid -z from the command prompt again to create the cache directories

    • tawon Apr 18, 2012 at 7:05 PM

      thanks…now i have a cache


      I’ll waiting your another trick and tips

    • Reaper-XReaper-X Apr 19, 2012 at 2:41 PM

      You’re welcome :)

  15. abdel Jan 13, 2012 at 11:14 PM

    that was informative 100%, thank you. that proves how windows need linux and there people to live

  16. raf Dec 12, 2011 at 10:58 AM

    thanks for putting this up, was very helpful

  17. VX Nov 18, 2011 at 1:31 AM

    I had an error loading the custom.conf that it did not recognize header_access. I changed to rquest_header_access as I believe that was the intent, correct?

    • Reaper-XReaper-X Nov 18, 2011 at 8:11 AM

      If you’re running squid version 3.x then the answer is yes, because request_header_access directive is for Squid 3.x series. But if you’re running squid 2.x you need to use header_access or else squid won’t start :)


  1. squid windows config » XRM PLATFORM
  2. Complete Guide on Installing and Configuring Squid Proxy Server for Windows - Reaper-X

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>