How to Setup Squid Proxy Cache on Windows in Azure/AWS/GCP

Setting up Squid Proxy

To start Squid, press the ‘Squid Server Tray‘ icon on the desktop and this will create a tray icon. To edit Squid, right click the tray icon and select ‘Open Squid Configuration‘ as per the following screenshot:

ACL – Access Control List

To use the proxy, you’ll first need to define which networks are allowed access to use your Squid proxy. By default network 10.0.0.0/8 is enabled. This can be disabled if you don’t want to allow this network and add your own private networks.

Within the Squid configuration file edit the following lines:

As you can see from above the following networks are enabled:

• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16
• fc00::/7
• fe80::/10

Simply remove the networks you dont need or add an ‘#‘ to the start of the line to disable.  Add your own private networks you would like to enable. Here is an example of networks i’ve enabled :

In our config we call our network (localnet), you can use any name to identify your networks.

Next step is to tell Squid.conf to allow access for http. Scroll down to http_access allow localnet

Here we define which networks you defined earlier to allow access for http. Type the following line

http_access allow

In the screenshot we say allow the network called localnet. This will allow the networks i created in the previous step :

Once updated, save the file and then restart the Squid service. You can do this via the Squid Tray Icon (Stop Squid Service, then Start Squid Service)

Users can now connect to the proxy by updating their browser proxy config and putting in the IP address and port (3128) and start using the proxy to access the internet.

If users can’t connect, make sure you have port 3128 open on any firewalls and any security groups.

Change the Squid listener port

If you want to change the default port of 3128 to another port, or add and extra ports simply open up the Squid.conf file and search for – http_port 3128 and replace with your desired port.

Then restart the Squid service.

Block access to certain websites

If you need to block access to certain websites for your users you can do this by defining them in your Squid.conf file as follows:

Within the Squid.conf file search for the text http_access deny all

Lets say for example we want to block facebook.com and youtube.com. 

Add a new new line above the text http_access deny all as below and add the following lines.

acl block_websites dstdomain .facebook.com .youtube.com

http_access deny block_websites

Save the Squid.conf and restart the Squid Service You can do this via the Squid Tray Icon (Stop Squid Service, then Start Squid Service)

Users should now be blocked from accessing those websites and receive the Squid Proxy page:

Block access to ports

To block access to ports, its the same process as above to blocking websites, just add the following lines:

acl blocked_port port 80
http_access deny blocked_port

Transparent or Intercepting Proxy

If your going to intercept users browser traffic by forcing http traffic to go via your proxy. For example reconfiguring your router or firewall so that all HTTP connection requests (port 80) are routed to the proxy server on the appropriate port (3128 by default, unless you changed it)

Open up Squid.conf search for http_port 3128

Simply add the word transparent after the port number. Thats its. Save the config and then restart the Squid service

Anonymous Browsing

By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server.

Add the following line in the squid.conf file:

forwarded_for on

And add at the bottom of the squid.conf file the following instructions:

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save the Squid.conf and restart the Squid Service