Developed by the National Laboratory for Applied Networking Research, SQUID is an open source program that caches web and other internet content in a Unix-based proxy server.
In an enterprise that uses the internet, a proxy server is a server that acts as an intermediary between a workstation user and the internet so that the enterprise can ensure security, administrative control, and provide a caching service.
A proxy server is associated with or usually part of a gateway system that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
A proxy server receives a request for an internet service (such as a web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server, looks in its local cache of previously downloaded web pages.
If it finds the page, it returns it to the user without needing to forward the request to the internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the internet.
When the page is returned, the proxy server relates it to the original request and forwards it on to the user.
Squid requires PERL
to be installed prior to starting. The Squid server must of couse be able to 'see' the internet..
Download the latest version of Squid from squid-cache.org. I used version squid-2.6.STABLE7.tar.gz.
In the following example, the squid tarball squid-2.6.STABLE7.tar.gz
has been downloaded to the /src
directory. Modify these instructions
if your circumstances differ..
tar -zxvf squid-2.6.STABLE7.tar.gz
If an explanation of these steps is required, see Installing Stuff
. The completed install will be nestling comfortably by default under /usr/local/squid
Next create a user called squid
. The user called squid is required to run the squid service..
Full name: Squid User
Uid (Leave empty for default):
Login group [squid]:
Login group is squid. Invite squid into other groups? :
Login class [default]:
Shell (sh csh tcsh bash2 nologin) [sh]: nologin
Home directory [/home/squid]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]: yes
Lock out the account after creation? [no]:
Username : squid
Full Name : Squid User
Uid : 1004
Groups : squid
Home : /home/squid
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): y
As usual, prior to configuring the thing, back up the default config file just in case you make a complete pig's ear
of it all..
cp squid.conf squid.conf.bak
The astute player will note that the Squid designers have already made a default backup copy of this file, called squid.conf.default
. Smart. It's always good practice to make a file backup when installing things, allowing you to quickly start again if necessary. You'll see why when you see what's contained in this file.
Basic configuration is achieved using your text editor of choice. I use vi
for its friendly interface and ease of use..
Squid is almost infinitely configurable. My version of the file kicks in at a weighty (for a text file) 150KB+ with over 4000 lines of config code to stuff around with. Don't be put off: much of it consists of the rather extensive explanations of the various config options. Fortunately for the uptight, near-instant gratification is at hand by plunging through with just a few basic configuration settings.
Note that nearly everything is remarked out with a hash #. These are the default settings. If you don't need to change the default, you shouldn't uncomment or otherwise alter the line.
Oh, and you can use the jolly handy :set num
command in vi
to view the line numbers..
At approx line 75:
- port 3128 is the default and the usual port to use. Note this line is unhashed by default. Some people use port 8080 'cos it's easier to remember and also very common. Just change the number if required.
At approx line 1031:
# cache_dir ufs /usr/local/squid/var/cache 100 16 256
- the value 100 denotes 100MB cache size. This can be adjusted to a different size. Adjust as required and unhash the line. If you're happy with it as it is, leave it untouched and still hashed.
At approx line 2556:
# http_access deny all
- by default, http_access is denied to everybody, so this area needs some modification, otherwise the whole thing's about as useless as an ashtray on a motorbike.
The Access Control rules should be modified to allow access only to the trusted clients. A typical example is to allow a certain IP Address range. The following two lines will allow workstations on the relevant subnet to access the proxy server..
2581 acl localnet src 192.168.0.0/255.255.255.0
2582 http_access allow localnet
Note that the approximate line numbers are included at the beginning. Modify the IP range to suit your circumstances.
At approx line 2864:
# cache_effective_user nobody
Set this directive to cache_effective_user squid
and unhash the line. As previously mentioned, the squid service will run as the user squid
and this setting will make that happen. The user squid
should also have permissions to create, read and write the cache directory:
chown squid:squid /usr/local/squid/var
Configuring squid for proxy
By default, squid is configured as a direct proxy. In order to cache web traffic with squid, the browser on the users' workstations must be configured to use the squid proxy. This needs the following information:
- the proxy server's host name
- the port by which the proxy server accepts connections
So typically tell the workstation's web browser to point to the proxy's IP Address or Host Name and probably port 3128, as previously noted.
After you've finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:
If all goes well, Squid will create a /usr/local/squid/var/cache
directory, with a shitload of hexadecimally-named subdirectories inside it. Any problems here should be indicated on-screen. Make sure squid
has permissions to create stuff inside /usr/local/squid/var
(as enabled with the chown
Once that completes, you can start Squid. Best thing to do first time is run Squid from a terminal and watch the debugging output. Use this command:
If everything is working fine, then your console displays: "Ready to serve requests". Use CTRL C to break into the process. To run squid in the background as a daemon process, simply use:
Once in use, Squid should noticeably speed up the subjective experience of surfing regularly accessed websites, as pages will be grabbed from its cache rather than directly from the site. Additionally, internet use can be monitored and controlled. Nice..
The basic setup is reasonably straightforward and further tweaking is recommended to tailor it to your own needs. If you run Squid on a LAMP Server
, you can also use the popular SARG
to convert the Squid logfiles to something more humanly readable.
Links & References