To install Squid Proxy Cache on Windows Server on any of the cloud platforms, the recommended way is to use our publicly available images in the cloud marketplaces. They come pre configured with Squid Proxy running on Windows and optimised for speed and performance. Check the links below for more details.
RDP into new server
Once you have deployed Squid Proxy on Windows server, the first step is to RDP into the new instance once it has fully booted up. The following links explain how to connect the VM once it has finished being deployed:
- How to RDP to AWS Windows Instance
- How to RDP to Google GCP Windows Instance
- How to RDP to Azure Windows Virtual Machine
Once logged in, you’re now ready to start setting up your new server as per the following sections.
Setting up Squid Proxy
To start Squid, press the ‘Squid Server Tray‘ icon on the desktop and this will create a tray icon. To edit Squid, right click the tray icon and select ‘Open Squid Configuration‘ as per the following screenshot:
ACL – Access Control List
To use the proxy, you’ll first need to define which networks are allowed access to use your Squid proxy. By default network 10.0.0.0/8 is enabled. This can be disabled if you don’t want to allow this network and add your own private networks.
Within the Squid configuration file edit the following lines:
As you can see from above the following networks are enabled:
Simply remove the networks you dont need or add an ‘#‘ to the start of the line to disable. Add your own private networks you would like to enable. Here is an example of networks i’ve enabled :
In our config we call our network (localnet), you can use any name to identify your networks.
Next step is to tell Squid.conf to allow access for http. Scroll down to http_access allow localnet
Here we define which networks you defined earlier to allow access for http. Type the following line
In the screenshot we say allow the network called localnet. This will allow the networks i created in the previous step :
Once updated, save the file and then restart the Squid service. You can do this via the Squid Tray Icon (Stop Squid Service, then Start Squid Service)
Users can now connect to the proxy by updating their browser proxy config and putting in the IP address and port (3128) and start using the proxy to access the internet.
If users can’t connect, make sure you have port 3128 open on any firewalls and any security groups.
Change the Squid listener port
If you want to change the default port of 3128 to another port, or add and extra ports simply open up the Squid.conf file and search for – http_port 3128 and replace with your desired port.
Then restart the Squid service.
Block access to certain websites
If you need to block access to certain websites for your users you can do this by defining them in your Squid.conf file as follows:
Within the Squid.conf file search for the text http_access deny all
Lets say for example we want to block facebook.com and youtube.com.
Add a new new line above the text http_access deny all as below and add the following lines.
acl block_websites dstdomain .facebook.com .youtube.com
http_access deny block_websites
Save the Squid.conf and restart the Squid Service You can do this via the Squid Tray Icon (Stop Squid Service, then Start Squid Service)
Users should now be blocked from accessing those websites and receive the Squid Proxy page:
Block access to ports
To block access to ports, its the same process as above to blocking websites, just add the following lines:
acl blocked_port port 80 http_access deny blocked_port
Transparent or Intercepting Proxy
If your going to intercept users browser traffic by forcing http traffic to go via your proxy. For example reconfiguring your router or firewall so that all HTTP connection requests (port 80) are routed to the proxy server on the appropriate port (3128 by default, unless you changed it)
Open up Squid.conf search for http_port 3128
Simply add the word transparent after the port number. Thats its. Save the config and then restart the Squid service
By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server.
Add the following line in the squid.conf file:
And add at the bottom of the squid.conf file the following instructions:
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save the Squid.conf and restart the Squid Service
Squid Firewall Ports
By default the following port has been enabled on the VM. This is the Squid listerner port:
If you are using any of the cloud security groups and need to change / add ports refer to the following guides:
To setup AWS firewall rules refer to – AWS Security Groups
To setup Azure firewall rules refer to – Azure Network Security Groups
To setup Google GCP firewall rules refer to – Creating GCP Firewalls
Support / Further Documentation
Check out the following links for further documentation and support for Squid Proxy
Disclaimer: Squid is licensed under GNU GPL license. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user.