How to Install Squid Proxy on Windows

Back in 2006 or in the early days after i started this blog. I wrote about Installing Squid Cache on Windows. And i think i should rewrite it again because some parts in the old post is missing (back when this blog started, this blog is hosted at WordPress.com and when i moved to a self hosted solution there are some errors in the importing process and although i know about that since a long time ago i’m just too lazy to rewrite it again lol). But well … what’s done is done :)

Anyway, before we begin, make sure that you have downloaded Squid Windows Binary Package / Squid for Windows that can be downloaded from Acmeconsulting. And you have extracted it somewhere on your hard drive. In this post, i choose to extract it to “C:\Squid” due to hardcoded path and beside most people don’t like to read long post. So if you changed Squid location, make sure to adjust it accordingly. And don’t worry the actual installation process is fast. The other steps described here are optional unless you need it

And as a note, i wrote this post (tested) on Windows 7 x64 with UAC Enabled using Squid 2.7 Stable 8 and i’m pretty sure as it will work with earlier version of Windows as well. And No! you don’t need to turn off UAC because turning UAC off isn’t a good solution

And now let’s get started

Initial Setup

First thing you need to do is, open command prompt as Administrator (if you’re on Windows Vista or Windows 7 and have UAC enabled) and then type below command to copy the default configuration files and install squid as windows service:

cd /d c:\squid
copy etc\*.default etc\*.
sbin\squid.exe -i

For the sake of completion, if you choose to put Squid.conf (or the entire Squid files) not at Drive C, replace the last command with this one (where x is your drive letter):

sbin\squid.exe -i -f "x:/squid/etc/squid.conf"

What the above code do:

  1. Change directory to your Squid directory
  2. Create the default configuration file for Squid which is a copy from the default configuration file
  3. Install Squid Cache as Windows Service so it’ll start Squid Service automatically

And now we’re going to edit the main configuration for Squid Proxy Cache, and that is squid.conf. But obviously not everything is going to be covered here (you should go to the squid official site for this purpose). So i’m just going to list all the recommended options you should be aware / change

Restricting access to your Squid Proxy Server

To limit on who are allowed to connect to your Proxy Server, you should change / add the allowed IP Address that is allowed to connect to your squid proxy at below section

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network

By using the same format as the above code for example, acl localnet src 123.456.789.0

And then right before http_access allow localnet, add http_access allow localhost so it looks like:

http_access allow localhost
http_access allow localnet

And finally if you don’t want Squid to bind to all adapters (which is the default) you might want to change Squid Listen Address and Port to your LAN IP Address or if you’re just going to use Squid for yourself only then you should use below

# Default http_port 3128
# Bind to localhost at port 3128 only
http_port 127.0.0.1:3128

Limiting access to specific ports only

If you need to limit on which ports your Squid proxy clients are allowed to connect to, then you need to adjust this

acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

For example if you want to limit your clients to HTTP and HTTPS only, then you can remove / comment all the other lines beside 80 and 443

Changing disk cache location and size

For better performance, it’s better to put the Squid cache directory into another partition (in other words, not your system partition) and even better on different hard drive. So find this line:

cache_dir ufs c:/squid/var/cache 100 16 256

And then change it to any directory you want, and also adjust the disk cache size to your liking, for example to put your squid cache directory at X:\squid-data\cache with a maximum capacity of 1500 MB

cache_dir ufs x:/squid-data/cache 1500 16 256

Also it’d better to put all squid logs into different partition too

Creating Squid cache data directory

Now back at the command prompt again, and this time type:

c:\squid\sbin\squid.exe -z

To create Squid Swap Directories which is used to store cached objects

Starting Squid Service

Now we need to start Squid service for the first time (the next time it’d start automatically), and there are two ways to achieve this, you are free to choose either the command prompt method or the GUI method

If you choose command prompt method then you need to type (run command prompt as administrator if you’re on vista or 7):

net start squid

If you choose the GUI way then, press Windows Key (on your keyboard) + R, and then type services.msc, search for and right click on Squid service and choose Start to start Squid Service

And that’s it you’re done Installing / Configuring Squid on Windows

But if you still want more, then please continue reading :)

Special Note: If you placed squid not at C:\Squid, make sure to change anything in squid.conf that point towards C:\ into where you put Squid

Minimal Squid Configuration Adjustment

While the default configuration included with Squid is optimal for many, but sometimes you want more from your Squid installation and so we’re going to tweak several options i think necessary but obviously this is designed for a really small network, for other purpose or larger network, please consult your nearest squid experts :)

Creating custom.conf file

Create a new text file and save it as custom.conf file inside your squid/etc directory so it’ll looks like c:/squid/etc/custom.conf so we don’t need to modify the original squid.conf directly just to override default values

And the next step would be, opening squid.conf and find this line

refresh_pattern .		0	20%	4320

and comment it (by placing #) at the beginning of the line. Then place below line at the bottom of squid.conf

include "c:/squid/etc/custom.conf"

And now paste this into the custom.conf file you just created:

#######
# ACL #
#######

# to allow purging cache from localhost only
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# always direct all ftp request
acl FTP proto FTP
always_direct allow FTP

########
# TUNE #
########

# enable pipeline
pipeline_prefetch on

# shutdown timeout
shutdown_lifetime 5 seconds

# no half closed
half_closed_clients off

##############
# CACHE SIZE #
##############

# maximum object size
maximum_object_size 64 MB
cache_mem 96 MB
maximum_object_size_in_memory 256 KB

###################
# REFRESH_PATTERN #
###################

# ============= #
# GENERAL USAGE #
# ============= #

# Note: This is some of the refresh_pattern i'm using, and of course feel free to adjust it to your liking
# For static files i choose to ignore-reload only as for wikipedia it's an example for site specific

# static files for websites
refresh_pattern -i \.(j|cs)s$ 10080 100% 10081

# static images
refresh_pattern -i \.(jpe?g|gif|png|bmp|ico|svg)$ 10080 100% 10081 ignore-reload

# static a/v
refresh_pattern -i \.(wm(a|v)|mp[0-9]?a?|mpe?g|avi|mk(a|v)|og(g|m)|flv|swf|rmvb|m2?ts)$ 4320 100% 4321 ignore-reload

# static archive type
refresh_pattern -i \.(exe|zip|r(ar|[0-9]+)|7z|ace|gz|tar|bz2)$ 4320 100% 4321 ignore-reload

# static document type
refresh_pattern -i \.((doc|xls|ppt)x?|pdf|txt)$ 4320 100% 4321 ignore-reload

# wikipedia
refresh_pattern -i wikipedia\.org\/wiki\/.* 4320 50% 4321 override-expire ignore-private

# =============== #
# DEFAULT PATTERN #
# =============== #

# default pattern
refresh_pattern . 0	20%	4320

########
# MISC #
########

# use specific dns server in this case google and opendns
dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220

# disable htcp icp because we aren't going to use it
htcp_port 0
icp_port 0

# block displaying specific headers
header_access Via deny all
header_access X-Forwarded-For deny all

# hide version number
httpd_suppress_version_string on

# change hostname
visible_hostname Reaper-X-Cache

###########
# THE END #
###########

I believe the Squid config file already tells you on what the above directives do, but just in case:

ACL Section

There are two items here, the first one is an access rule to allow you to purge squid cache manually from the command line while the other one is for directing all ftp requests directly

And to purge your Squid Cache Object manually, you can type this at the command prompt:

c:\squid\bin\squidclient.exe -m PURGE full-url

Where full-url replaced by the full address of the object you’re trying to purge. Here’s an example of what it’ll looks like when you purge a cached object successfully (assume it’s already cached first)

C:\squid\bin\squidclient.exe -m PURGE http://farm1.static.flickr.com/55/136797856_bb683d8f22.jpg
HTTP/1.0 200 OK
Server: squid
Date: Sun, 16 Oct 2011 06:01:48 GMT
Content-Length: 0
Expires: Sun, 16 Oct 2011 06:01:48 GMT
X-Cache: MISS from Reaper-X-Cache
X-Cache-Lookup: NONE from Reaper-X-Cache:3128
Connection: close

Note: if you want to look at what url has been cached by Squid (as long as you didn’t restart the squid process), you can type this:

c:\squid\bin\squidclient.exe mgr:objects | find /i "site url"

Cache Size Section

If you want Squid to cache larger objects then you should increase maximum_object_size from the default of 4 MB into bigger value. And if you frequently access that objects, it’d be better to increase the Memory Cache Options such as cache_mem and maximum_object_size_in_memory to serve that object directly from Memory. And depending on your hardware configuration, i’d suggest you to adjust it to your hardware setup to find the best configuration for you :)

Refresh Pattern Section

The refresh_pattern is used so you can fine tune caching specific file type or page. In this guide i have included caching for common static content such as images, static content that is used for website, audio videos, documents, and archives. With most of them using ignore-reload so even if your client do a hard refresh it’ll still serve the static files from the squid cache. As for the wikipedia part, i believe you can guess what that’s used for :)

Misc. Section

There are 5 items here:

dns_nameservers: This basically tells squid on what DNS server to use. So make sure to change this to your DNS Server (you can use Google public DNS, OpenDNS, Comodo Secure DNS, etc)

Disabling htcp and icp port: Since we’re not going to use this, we’re better off disabling it but if you think you’re going to use it then feel free to change it :)

headers_access: By default Squid will display various HTTP Headers that is indicating that you’re behind a proxy. Some people (including me) don’t like this especially if you’re just in a small network

visible_hostname and httpd_suppress_version_string: While we’re at it, we might as well make a good name for our Squid cache and hide the squid version used :)

Reload Squid configuration file

Now since we’re done configuring Squid, we need to tell Squid to reload it’s configuration file, and to do that you need to open Command Prompt (admin mode as usual if in 7 / Vista) and then type:

c:\squid\sbin\squid.exe -k reconfigure -n Squid

And done … the next step would be configuring your browser to use your Proxy by pointing it to your [proxy server address]:[port]

But what if you want your Windows Squid server to be able to filter ads, and probably more? then please continue reading :)

Filtering Ads on Squid

There are three ways to use Ads Filtering for Squid on Windows (at least there are only three that i’m aware of, so if you know more, i’d be grateful if you could mention them here. Because i’m not sure on whether SquidGuard or DansGuardian can be used on Windows)

1. The first one is using the a pre-made list of various ad servers created by http://pgl.yoyo.org/as/ and the instructions on how to use it with Squid can be found there and it’s straight forward

2. While the second method is by using a redirector program called adzapper that involves installing perl (well there’s a portable version too if you prefer portable perl). But you could use them both if you want. And to use it you just need to:

  1. Go to adzapper website and download the script, rename it to squid_redirect.pl and place it into C:\squid\etc
  2. Download Perl if you haven’t already. And if you’re looking for a portable version of Perl that doesn’t need to be installed, you can use Strawberry Perl. Just make sure to go to their releases archive page
  3. Put this line at the custom.conf our custom config file for squid
# Make sure to change the directory to where perl.exe located
redirect_program "x:/strawberry-perl-directory/perl/bin/perl.exe" "c:/squid/etc/squid_redirector.pl"

3. And finally the third method is involving chaining Squid Proxy with Privoxy that is described below because it deserves a new section :P

Chaining Squid to other Proxy Server / Proxy Chain

This part deals with chaining Squid that is designed to handle caching to other proxy server designed for specific purpose. And in this case we’re going to chain squid with privoxy that is going to be used for various filtering purpose. But i’m not going into a much detail about Privoxy (like how to add new rules into Privoxy for example) because it’s already listed on their Documentation :)

Using Squid with Privoxy

First thing first. Put below lines in custom.conf right after the ACL section:

# don't cache privoxy config
acl privoxy-config dstdomain config.privoxy.org
cache deny privoxy-config

# forward request to privoxy
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest

# force all requests to go to the proxy chain
never_direct allow all

And then if you haven’t downloaded Privoxy yet, download and extract it somewhere and then run privoxy.exe and finally reload squid configuration again and then open your browser and point your browser to http://config.privoxy.org

If you do everything correctly, you’ll see this message This is Privoxy X.Y.Z on hostname.com (127.0.0.1), port 8118, enabled

Pssst … To make editing Privoxy configuration much easier, you can use the included web-based editor (although for some items you need to edit the files directly). And to enable it, find and change enable-edit-actions to 1 in config.txt. But please read the reason on why it is disabled by default

And now we’re done with chaining Squid to Privoxy. But what if you want more? like for example chaining Squid to Privoxy and then to other proxy server or perhaps Tor or JAP? all you have to do is just put this line:

If you’re planning on chaining to Tor

# connecting to Tor
forward-socks5 / 127.0.0.1:9050 .

or if you want to connect to your local JAP setup

# for JAP
forward / 127.0.0.1:4001 .

Into Privoxy config.txt. To forward all requests to Tor (assuming that you have configured Tor correctly and it is running

And that is all … i hope this post isn’t to long, but if you did read it until the end, the reason i choose to rewrite the Squid Windows Guide is because the old one looks like a total mess for me (not that the new one is not messy but i think it’s a little bit better). Anyway I hope you find this guide useful and it helps you on installing Squid on Windows :)

Comment?

37 thoughts on “How to Install Squid Proxy on Windows

  1. Good guide to Squid configuration!
    This is pretty helpful. Was trying to run Squid on a Linus OS (Ubuntu and Lununtu ) but too many options!
    Besides, for no apparent reason the proxy service stops after a while! Couldn’t figure how.
    This is a good alternative.
    Good Job, Reaper-X! Looking forward to many more helpful artiles from you…
    Thanks and God Bless!

  2. hi…
    Thank you for valuable information. Really helps a lot to chose the correct settings and also able to know new features providing by “SQUID”

  3. For those who got “Access Denied. ”

    add “acl localnet src 127.0.0.1″ to the custom.conf

    Reaper-X how do i know if the caching proxy is really working?

    i first visit a site then i disable the internet and try to visit that site again but that site didnt show up. it showed a error. im using squid with privoxy.

    if squid really is working, why squid didnt show the cache version?

  4. thank you for your useful post.
    i have configured my squid following this guide and it’s working properly on my server, but my client computer is not working. i’ve set the proxy setting on the browser but it still can’t browse the web.
    do you have any idea on what’s going on?

    1. I’m sorry for the delay in response because i didn’t know there was a comment posted here. About your question, i’d suggest you to check the acl to allow access from your client ip address assuming that you’ve configured your firewall to allow incoming request to your squid server from your client

  5. This is a very helpful post.. but this would be better if you changed your text and bg color combination.. It made my eyes watery after reading. Just a suggestion :)

    1. Thank you very much for your suggestion, i’ll keep that in mind when redesigning (although i’m still not sure on what color would be best, so i guess i’ll go back to black on white lol) :D

  6. Thank you for your great tutorial. I know have squid running on my Windows Server 2008 standard edition. But I don’t know how to connect to the proxy service from my computer or other computers. I am hoping that you could tell me how to do this. I am also trying to use my server for private proxies for my clients, how do I add user names, passwords and IP’s for them to use.

    1. I figured out how to connect to squid. but I can’t find anything about creating extra IP’s for my clients to use, I know that it can be done, But I can’t find a tutorial on how to do this.

  7. HI
    great tutorial
    I’m trying to use squid on windows with Radius Authentication so far no success by many tutorials and main squid faq
    can you help me by some tips!!?

    1. To the best of my knowledge, i’m thinking that Radius Authentication on Squid Windows isn’t working / broken or probably not ported yet, because i’ve tried replicating my squid configuration from linux which works fine (CentOS 5 with Squid 3.1 and also tested on 2.7 just to be fair) to Windows (Squid 2.7) but it keep prompting me to insert password and username although i’ve inserted the correct user and password. Even running the squid_radius_auth.exe cli directly didn’t return anything so i’m thinking it’s not compatible with Windows yet

    2. Thanks for your answer I’m trying to run RRAS and squid together in windows i thought maybe port being busy by rras is making problem!!
      So far by testing noting works and with your answer Im sure that its cli is broken, is there any way that we can run PPTP/IPsec + HTTPS proxy with radius on any OS linux/win?

    3. You’re welcome Shahryar :) … as for your question, i’m guessing that you’re planning on using Squid as a transparent proxy from a PPTP connection . If that’s what you’re planning and you don’t need authentication as illustrated below then it can be done.

      Client (Windows via PPTP) -> PPTP Server -> Squid -> Internet = Possible

      but if you’re going to use it like below illustration

      Client (Windows via PPTP) -> PPTP Server -> Squid -> Radius -> Internet = Not possible as you can see from official Squid docs here

      WARNING: authentication can’t be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid.

      As a note, other than client the rest is using Linux (CentOS)

    4. Os is not important and VPN/Proxy are two separated Service and only thing I want them to share is Radius server, users have option to chose what ever to use
      problem is that I cant run VPN in Linux with radius and proxy in windows with radius
      in Centos squid3 works perfectly
      in windows RRAS is perfect choice

      something to complete the other half is needed
      thanks for your time

    5. Actually i’m still not sure on what you’re trying to achieve. I thought that you’re planning on running VPN (PPTP) service and proxy it to Squid. But anyway hopefully you’ll find what you’re looking for :)

    6. I know this is a Lot to ask but can you write tutorial on running PPTP/L2TP with radius Authentication on centos?

  8. nice post…
    ive used it from win XP…
    BTW..i’ve try to use squidNt with Win 7 too…but i had a problem..on the cache place ist always shown 0 KB, its mean nothing cached by squid…
    any idea to resolved it….???
    are you have the same problem???
    ty…

    1. Actually i wrote this on Win 7 with UAC Enabled :)

      As for the cache size is always 0, i’m thinking that perhaps your problem were caused by UAC (i’m guessing that you put your cache_dir at drive C), my suggestion is first stop squid service if it’s running and then try changing the cache_dir into different partition and then run squid -z from the command prompt again to create the cache directories

  9. I had an error loading the custom.conf that it did not recognize header_access. I changed to rquest_header_access as I believe that was the intent, correct?

    1. If you’re running squid version 3.x then the answer is yes, because request_header_access directive is for Squid 3.x series. But if you’re running squid 2.x you need to use header_access or else squid won’t start :)