Google+ Badge

Monday, May 11, 2015

How to Install and Configure Squid Proxy Server on Windows

Here I am using windows XP. In this example, I am using small LAN network and two Internet connection. First Internet connection is connected through switch, it is used as direct connection. Second internet connection is used in the server using squid proxy.  Squid Server has two NIC cards, one is connected to LAN and another one is connected to WAN (Internet). Here LAN connected to switch and WAN connected to ISP modem. 

LAN  => (Static configuration)
WAN => ( DHCP Configuration)
Step 1 - First, check the system LAN configuration details.

Step 2 - Download Squid Proxy from internet. 

Step 3 - After downloading, go to downloaded location and extract. Then copy the extracted folder "squid" to c:\ drive.

Step 4 - Now, we need to change some default configuration.

Step 5 - After that, go to "Command Prompt" and redirect to "c:\squid\sbin" directory and run this command "squid -i". This command used for adding squid service to registry.

Step 6 - Now, we want to create squid swap/cache directory, for that run "squid -z". 

The swap folder is added. Go to "c:\squid\var\" directory, here we can see the "cache" directory.

Step 7 - Now we need to go to "Windows Services" section to start the squid service. Go to Control Panel => Administrative Tools => Services. Here we need to enable "Automatic" option for the service start booting time.

Step 8 - To check squid service is running or not, go to Windows Task Bar => Process => Squid.exe

Step 9 - Now we need to configure squid server, open squid configuration file. Go to "c:\squid\etc\squid.conf" and change some default settings. In this file, we can add our own rules (acl) to add specific IP-Address, Block Sites and Block Downloading, etc. 

Step 10 - After configuration, restart the squid service.
Note : If you want to change any settings, restart the service after changing.

Step 11 - Now, check the internet connection on server is working or not by using the browser. Before that, we need to change some settings on browser.

Step 12 - Now, we want to go to client side, first check the LAN settings and configure proxy setting on browser.

Here, ping option not responding because internet working through browser. 

My Configuration Example :

acl IP-Range src
acl Admin src "C:\squid\etc\Admin-IP.conf"
acl LAN1 src "C:\squid\etc\Lan1-IP.conf"
acl Block-URL dst "C:\squid\etc\Ban-Site.conf"
acl Blocak-Domain dstdomain "C:\squid\etc\Block-Domain.conf"
acl Bloack-keyword url_regex "C:\squid\etc\Keywords.conf"

acl SSL_ports port 443
acl SSL_ports port 10000        # Webmin
acl SSL_ports port 2082-2099 # WHM/Cpanel
acl Safe_ports port 80 # http
acl Safe_ports port 20-21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# And finally deny all other access to this proxy
#http_access deny all
http_access allow Admin
http_access allow LAN1
http_access deny Block-URL !Admin
http_access deny Blocak-Domain !Admin
http_access deny Bloack-keyword !Admin

cache_dir ufs c:/squid/var/cache 4000 16 256

cache_mem 64 MB



http_port 3128
reply_body_max_size 150 MB all !Admin

visible_hostname localhost

That's it...