Complete Guide on Installing and Configuring Squid Proxy Server for Windows

Please see the new post about Installing Squid Proxy on Windows instead for proper version

Here’s another guide again by me to configure / installing Squid Cache Proxy to be an Anonymous Proxy Server and filtering some ads / banners (on Windows not Linux since most Linux users already know about this) :)

  • First download Squid 2.6 Stable 1 for Windows from Acme-Consulting and don’t forget to extract it into a directory of your choice, and Download JAP from here. And as a note, i wrote this tutorial using Squid 2.6 Stable 1 so if you’re using Squid 2.5 series there’s some parameters you’ll need to change first in order for it to work

Note: in this tutorial i’ll use G:\Squid as the Squid Directory

  • After extracting it into G:\Squid, go into etc directory “G:\Squid\etc” and rename all the .default file into .conf file. For example squid.conf.default -> squid.conf, mime.conf.default -> mime.conf, etc
  • Open squid.conf file using your favorite text editor such as Notepad, Ultraedit, etc. and configure it like this (you can change it later) :) but im not going into more detail here since most squid configuration are self explanatory and that’s depending on your hardware too (for example the memory size, cache size, etc). But you can always use this squid.conf directly in your squid configuration without changing any of its parameter as long as you extract squid into G:\Squid directory otherwise you’ll need to change every parameter that include G:\squid into your squid path

# HTTP Port (in this tutorial squid will run on localhost at port 3128)
http_port 127.0.0.1:3128

# ICP Port and HTCP Port (we’ll disable this since we are not going to use it)
icp_port 0
htcp_port 0

# Cache Peer (we’ll forward all request into parent proxy)
cache_peer 127.0.0.1 parent 4001 7 no-query

# Cache directory (in this example i was using 3000 MB / 3 GB space to store squid cache)
cache_dir awin32 g:/squid/var/cache 3000 16 256

#  access_log
access_log g:/squid/var/logs/access.log squid

#  cache_log
cache_log g:/squid/var/logs/cache.log

#  cache_store_log
cache_store_log none

#  mime_table
mime_table g:/squid/etc/mime.conf

#  pid_filename
pid_filename g:/squid/var/logs/squid.pid

#  unlinkd_program
unlinkd_program g:/squid/libexec/unlinkd.exe

# refresh_pattern (you can configure this as you like it, to get more hits from a website)
# note: if you change this parameter “refresh_pattern . 1 100% 20160 reload-into-ims ignore-reload” into something else for
# example like “refresh_pattern . 10 100% 20160 reload-into-ims ignore-reload”
# there’ll be some error on some page (Gamefaqs.com for an example) because the page didnt reload correctly after login into Gamefaqs
refresh_pattern ^http://.*\.gif$ 1440 50% 20160 reload-into-ims
refresh_pattern ^http://.*\.asis$ 1440 50% 20160
refresh_pattern -i \.png$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.jpg$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.bmp$ 10080 150% 40320 reload-into-ims
refresh_pattern -i \.gif$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.ico$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.swf$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.flv$ 10080 300% 40320 reload-into-ims
refresh_pattern -i \.rar$ 10080 150% 40320
refresh_pattern -i \.ram$ 10080 150% 40320
refresh_pattern -i \.txt$ 1440 100% 20160 reload-into-ims override-lastmod
refresh_pattern -i \.css$ 1440 60% 20160
refresh_pattern ^http:// 1 100% 20160 reload-into-ims ignore-reload
refresh_pattern ^ftp:// 240 50% 20160
refresh_pattern ^gopher:// 240 40% 20160
refresh_pattern /cgi-bin/ 0 0% 30
refresh_pattern . 0 100% 20160 reload-into-ims

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# Block access to Malware & ads farm site
# Insert your own rule here by using
# acl blablabla url_regex -i “path to file”
# or
# acl blablabla url_regex “path to file”

http_access allow localhost
http_access deny all
cache_mgr Reaper-X
httpd_suppress_version_string on
visible_hostname Reaper
via off
forwarded_for off
log_icp_queries off
client_db off
never_direct allow all

#Some anonymizing
header_access From deny all
#there’s some website which use referer check
#so its better to disable this
#header_access Referer deny all
header_access WWW-Authenticate deny all
header_access Link deny all
header_access Warning deny all
header_access Via deny all
header_access User-Agent deny all
header_access Proxy-Connection deny all
header_access X-Forwarded-For deny all

Now the next step would be running JAP, configure browsers to use Squid Proxy and start squid and you’re finished …. ;)

Comment?

Note: Comment may not appear right away.

29 comments on “Complete Guide on Installing and Configuring Squid Proxy Server for Windows

  1. i installed quid 2.7 on windows 7 well i have a web server running could you help me with the configurations to allow iis 7 webserver to be allowed thru proxy

  2. sir i use squid in window server 2008 r2
    my manager want that a group of user can access some websites another group can access some other website and remaining have full access how is possible.

  3. i download (squid/2.7.STABLE8) via another web …
    my squid run winxp … works half perfectly …

    run perfectly on 192.168.1.0/24
    but sometimes i found on 192.168.2.0/24 = Access Denied (Access control configuration prevents your request from being allowed at this time)
    -> i refresh/reload web broser again … then connected ok …
    new tab & new address -> Access Denied -> refresh/reload again -> OK.
    always like that …

    i already set :
    #
    acl localnet src 192.168.0.0/16
    OR :
    acl localnet src 192.168.1.0/24
    acl localnet src 192.168.2.0/24
    # and adding
    http_access allow localnet

    # still same
    http_access allow localhost
    # And finally deny all other access to this proxy (remove comment) … still same …
    http_access deny all

    maybe i should download v2.6 … but where is original download link ?
    i didnt found download link in “http://www.acmeconsulting.it/SquidNT/download.html”
    then goto “http://squid.acmeconsulting.it/Squid26.html” … i didnt found anything … and returned to home again (http://squid.acmeconsulting.it/index.html)

    i really-really stuck

    1. on that link there select a download server –> mirror 1. the downloads will be there.

      might as well use the latest version 2.7. i use the experimental version (V3) at home and have no problems with it.

  4. I want to use different block list for different users.. i am using windows…
    so i thought of using with the path %userprofile% but it doesnt work ..

    acl permit url_regex -i “%userprofile%/whitelist.txt”

    it gives an error ..file not found

    how to do this ???

  5. Thanks for the great post. can you tell me how to change the text in the browser authentication window? It says squid cache server authentication how do I rename this to say Bobs proxy server?

  6. I am installing a squid proxy on a windows machine which has parent proxy at 192.168.7.253.My ip address is 192.168.7.232.My prixy listens on port 8080 and parent proxy listens on port 3128.But its not working.Below are all non-commented lines in my configuration files:
    acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8

    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    http_access allow manager localhost
    http_access allow localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports

    http_access allow localnet
    http_access deny all

    icp_access allow localnet
    icp_access deny all

    http_port 8080

    cache_peer 192.168.7.236 sibling 3128 3130 no-query weight=10
    cache_peer 192.168.7.253 parent 8080 3130 no-query proxy-only no-digest default
    cache_peer_access 192.168.7.236 allow all

    hierarchy_stoplist cgi-bin ?
    access_log c:/squid/var/logs/access.log squid

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320

    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache

    visible_hostname localhost
    announce_period 1 day
    icp_port 3130
    nonhierarchical_direct off
    never_direct deny all
    coredump_dir c:/squid/var/cache

    Regards,
    Jayesh

  7. I am using Squid 2.7 stable7. I had my squid running and able to browse from client systems. But the problem is I am unable to connect to FTP server. Kindly guide.

  8. Could you tell me, hardware specifications for this squid minimum and recommended (Windows). Thank’s for info sharing ^_^

  9. i used the same configuration, but when i start the service by using squid -X, it says:

    cachemgrRegister: registered config
    fd_open FD 0 stdin
    fd_open FD 1 stdout
    fd_open FD 2 stderr
    leave_suid: PID 76440 called

    abnormal program termination

  10. first of all, what i download squid is squid 2.7for NT and somone suggest to run as
    Simply unzip in the root of C: and run c:\squid\sbin\squid -i. Rename and edit the files in c:\squid\etc and run net start squid or start squid via services.msc. Also, make sure to create c:\squid\var\cache and run squid -z to create swap directories (or you might spend a long time trying to figure out the cryptic “abnormal program termination” message like I did! :) )

    but not able to run squid on winxp
    (also squid port 3168 also not workin)

    Plz send guide on Installing and Configuring Squid Proxy Server for WindowsXP in more simple way

    also how we connect JAP to squid

    plz respond on mail, i shell be thankful to your goodself

    regards
    kamal
    boss_kamal(at)indiatimes(dot)com

  11. aah .. actually since squid 2.6 stable 4 awin32 is no longer used, you should replace it with aufs instead :)

  12. Hi,
    I got the following error when i run “squid -z -f “c:/squid/etc/squid.conf”,
    the configuration file I downloaded here.
    Pls show me how to do.
    thanks.

    FATAL: Bungled squid.conf line 12: cache_dir awin32 c:/squid/var/cache 1000 8 64

    Squid Cache (Version 2.6.STABLE12): Terminated abnormally.

  13. well .. actually you can say that squid client is the client browser itself (for example client computer or other computer in the same network) and for the server itself. where the squid process launched :)

  14. since i never check this post, i didnt know that my post about this isnt properly posted (since i was using 3rd party software to blogs) … but i just edited this post as necessary (unfortunately there’s some missing words *not an important words* since i already forgot about it) … sorry for any inconvenience caused by me :)