Linux Help

Squid Setup Guide   
Printable Version

Sebatino's Guide to Setting up Squid
Created on Thursday December 14th, 2000.

In case you want to experiment with a cache server, then try this one, Squid Web Proxy Cache (or in short proxy). Before I begin explaining the whole thing, let me first gave you an overview why I used squid proxy.

In my environment, 150 PCs are connected to my 2 proxy servers. These stations are mostly used by students here. My boss instructed me to block all adult sites and any content that contradict our religion and beliefs (btw, were Catholics! Big deal! heh), and to disable mIRC connection (i dont know why, but its a different topic to be covered, I only intend this guide for internet connection only for workstations). So this is why I turned to Linux and force to learn it (now i love it! hehe)

So here we go, download the source (2.3stable4 at the present) from

Once you have downloaded the file, untar it (tar -zxvf file.tar.gz) and then read the INSTALL & README files.

Now, to install squid, run the following commands:

./configure --prefix=/usr/local/squid
make all
make install

Once that is done we now have to edit squid.conf which should be located in /usr/local/squid. If it is not there, run updatedb followed by locate squid.conf and you should find it.

First, open up squid.conf (pico rules once again!) then look for http_port under NETWORK OPTIONS. The default is 3128 but you can also add 80 separated by space as long as it is not used. This port will go to your workstation browser proxy settings. If you have as your proxy server ip local address, then on the browser proxy setting you will have on port 3128 or 80.

Second, if you are on PPP connection and your ISP has given you their proxy setting for your browsers, try considering to put it in cache heirarchy since we have our own proxy settings (people with connection aside from a modem, you could skip this one). Look for cache_peer under OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM section. It will take the form of

	cache_peer hostname type proxy_port icp_port [options]
	so I have

	cache_peer parent 8088 3130

Note: If you dont want save the object fetched in your machine then put proxy-only on options

Third, we must know what workstation's ip address will be allowed or connected to your server. Lets try for example, network, so meaning to say all those PCs connected to that network shall have internet access. Go to ACCESS CONTROLS. Here we will define some access lists, there are already have some lists by default, so leave it! Write somewhere after those defaults in that section where you could find it easily for debugging purposes. The format takes the form of

	acl aclname acltype string1 ...

		 acltype is one of src dst srcdomain dstdomain url_pattern
        	 urlpath_pattern time port proto method browser user

		 string is the connecting client

	so we should have;

	acl anyname src

So now, that network is on the access list, lets allow them for connection they want. Go further down on the current section, look for http_access. There are also several default config, so leave it there, and write this at the bottom of the last default configuration;

	http_access allow anyname

When you exit and save the current changes, try starting the squid daemon by issuing

	squid -k reconfigure 

	/etc/rc.d/init.d/squid start

Lets check if squid is running

	ps -aux | grep squid

If it is, try to configure your workstation be sure to include the squid proxy server ip add as the workstation gateway and the browser proxy setting I stated awhile ago. Btw, you can check out the logs at /var/log/squid. access.log is for those clients accessing the proxy and cache.log is for debugging purposes (this is where you should look if somethings goes wrong).

Ooppss, I forgot what my boss instructs me.. block adult sites! Open up squid.conf, go directly to ACCESS LIST then add this

	acl pornsite url_regex
	acl pornsite url_regex

Then scroll down to your http_access section, insert this on top of our last entry on this section;

	http_access deny pornsite

Restart squid and were done!

Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!

Copyright © 1997 - 2017 Private World Domination Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
| Contact Us | Link to Us | RSS Feed | Staff |

DNS Hosting by easyDNS