How To Install Squid Proxy On Windows - Reaper

10/12/2014 How to Install Squid Proxy on Windows | Reaper
How to Install Squid Proxy on Windows
Back in 2006 or in the early days after i started this blog. I wrote about Installing Squid Cache
on Windows. And i think i should rewrite it again because some parts in the old post is missing
(back when this blog started, this blog is hosted at WordPress.com and when i moved to a self
hosted solution there are some errors in the importing process and although i know about that
since a long time ago i’m just too lazy to rewrite it again lol). But well … what’s done is done :)
Anyway, before we begin, make sure that you have downloadedSquid Windows Binary
Package / Squid for Windows that can be downloaded from Acmeconsulting. And you have
extracted it somewhere on your hard drive. In this post, i choose to extract it to“C:\Squid” due
to hardcoded path and beside most people don’t like to read long post. So if you changed Squid
location, make sure to adjust it accordingly. And don’t worry the actual installation process is
fast. The other steps described here are optional unless you need it
And as a note, i wrote this post (tested) on Windows 7 x64 with UAC Enabled using Squid 2.7
Stable 8 and i’m pretty sure as it will work with earlier version of Windows as well. And No! you
don’t need to turn off UAC because turning UAC off isn’t a good solution
And now let’s get started
Initial Setup
First thing you need to do is, open command prompt as Administrator (if you’re on Windows
Vista or Windows 7 and have UAC enabled) and then type below command to copy the default
configuration files and install squid as windows service:
cd /d c:\squid
copy etc\*.default etc\*.
sbin\squid.exe i
For the sake of completion, if you choose to put Squid.conf (or the entire Squid files) not at
data:text/html;charset=utf8,%3Cheader%20class%3D%22entryheader%22%20style%3D%22boxsizing%3A%20borderbox%3B%20display%3A%20block… 1/14
Drive C, replace the last command with this one (where x is your drive letter):
sbin\squid.exe i f "x:/squid/etc/squid.conf"
What the above code do:
1. Change directory to your Squid directory
2. Create the default configuration file for Squid which is a copy from the default configuration
file
3. Install Squid Cache as Windows Service so it’ll start Squid Service automatically
And now we’re going to edit the main configuration for Squid Proxy Cache, and that
is squid.conf. But obviously not everything is going to be covered here (you should go to the
squid official site for this purpose). So i’m just going to list all the recommended options you
should be aware / change
Restricting access to your Squid Proxy Server
To limit on who are allowed to connect to your Proxy Server, you should change / add the
allowed IP Address that is allowed to connect to your squid proxy at below section
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
By using the same format as the above code for example, acl localnet src 123.456.789.0
And then right before http_access allow localnet, add http_access allow localhost so it
looks like:
http_access allow localhost
http_access allow localnet
And finally if you don’t want Squid to bind to all adapters (which is the default) you might want
to change Squid Listen Address and Port to your LAN IP Address or if you’re just going to use
Squid for yourself only then you should use below
# Default http_port 3128
# Bind to localhost at port 3128 only
http_port 127.0.0.1:3128
Limiting access to specific ports only
If you need to limit on which ports your Squid proxy clients are allowed to connect to, then you
need to adjust this
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 102565535 # unregistered ports
acl Safe_ports port 280 # httpmgmt
acl Safe_ports port 488 # gsshttp
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
For example if you want to limit your clients to HTTP and HTTPS only, then you can remove /
comment all the other lines beside 80 and 443
Changing disk cache location and size
For better performance, it’s better to put the Squid cache directory into another partition (in
other words, not your system partition) and even better on different hard drive. So find this line:
cache_dir ufs c:/squid/var/cache 100 16 256
And then change it to any directory you want, and also adjust the disk cache size to your liking,
for example to put your squid cache directory at X:\squiddata\cache with a maximum capacity
of 1500 MB
cache_dir ufs x:/squiddata/cache 1500 16 256
Also it’d better to put all squid logs into different partition too
Creating Squid cache data directory
Now back at the command prompt again, and this time type:
c:\squid\sbin\squid.exe z
To create Squid Swap Directories which is used to store cached objects
Starting Squid Service
Now we need to start Squid service for the first time (the next time it’d start automatically), and
there are two ways to achieve this, you are free to choose either the command prompt method
or the GUI method
If you choose command prompt method then you need to type (run command prompt as
administrator if you’re on vista or 7):
net start squid
If you choose the GUI way then, press Windows Key (on your keyboard) + R, and then
type services.msc, search for and right click on Squid service and choose Start to start Squid
Service
And that’s it you’re done Installing / Configuring Squid on Windows
But if you still want more, then please continue reading :)
Special Note: If you placed squid not at C:\Squid, make sure to change anything in
squid.conf that point towards C:\ into where you put Squid
Minimal Squid Configuration Adjustment
While the default configuration included with Squid is optimal for many, but sometimes you
want more from your Squid installation and so we’re going to tweak several options i think
necessary but obviously this is designed for a really small network, for other purpose or larger
network, please consult your nearest squid experts :)
Creating custom.conf file
Create a new text file and save it as custom.conf file inside your squid/etc directory so it’ll looks
like c:/squid/etc/custom.conf so we don’t need to modify the original squid.conf directly just to
override default values
And the next step would be, opening squid.conf and find this line
refresh_pattern . 0 20% 4320
and comment it (by placing #) at the beginning of the line. Then place below line at the bottom
of squid.conf
include "c:/squid/etc/custom.conf"
And now paste this into the custom.conf file you just created:
#######
# ACL #
#######
# to allow purging cache from localhost only
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
# always direct all ftp request
acl FTP proto FTP
always_direct allow FTP
########
# TUNE #
########
# enable pipeline
pipeline_prefetch on
# shutdown timeout
shutdown_lifetime 5 seconds
# no half closed
half_closed_clients off
##############
# CACHE SIZE #
##############
# maximum object size
maximum_object_size 64 MB
cache_mem 96 MB
maximum_object_size_in_memory 256 KB
###################
# REFRESH_PATTERN #
###################
# ============= #
# GENERAL USAGE #
# ============= #
# Note: This is some of the refresh_pattern i'm using, and of course feel free to adjus
# For static files i choose to ignorereload only as for wikipedia it's an example for
# static files for websites
refresh_pattern i \.(j|cs)s$ 10080 100% 10081
# static images
refresh_pattern i \.(jpe?g|gif|png|bmp|ico|svg)$ 10080 100% 10081 ignorereload
# static a/v
refresh_pattern i \.(wm(a|v)|mp[09]?a?|mpe?g|avi|mk(a|v)|og(g|m)|flv|swf|rmvb|m2?ts)$
# static archive type
refresh_pattern i \.(exe|zip|r(ar|[09]+)|7z|ace|gz|tar|bz2)$ 4320 100% 4321 ignorere
# static document type
refresh_pattern i \.((doc|xls|ppt)x?|pdf|txt)$ 4320 100% 4321 ignorereload
# wikipedia
refresh_pattern i wikipedia\.org\/wiki\/.* 4320 50% 4321 overrideexpire ignoreprivat
# =============== #
# DEFAULT PATTERN #
# =============== #
# default pattern
refresh_pattern . 0 20% 4320
########
# MISC #
########
# use specific dns server in this case google and opendns
dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220
# disable htcp icp because we aren't going to use it
htcp_port 0
icp_port 0
# block displaying specific headers
header_access Via deny all
header_access XForwardedFor deny all
# hide version number
httpd_suppress_version_string on
# change hostname
visible_hostname ReaperXCache
###########
# THE END #
###########
I believe the Squid config file already tells you on what the above directives do, but just in case:
ACL Section
There are two items here, the first one is an access rule to allow you to purge squid cache
manually from the command line while the other one is for directing all ftp requests directly
And to purge your Squid Cache Object manually, you can type this at the command prompt:
c:\squid\bin\squidclient.exe m PURGE fullurl
Where fullurl replaced by the full address of the object you’re trying to purge. Here’s an
example of what it’ll looks like when you purge a cached object successfully (assume it’s
already cached first)
C:\squid\bin\squidclient.exe m PURGE http://farm1.static.flickr.com/55/136797856_bb683
HTTP/1.0 200 OK
Server: squid
Date: Sun, 16 Oct 2011 06:01:48 GMT
ContentLength: 0
Expires: Sun, 16 Oct 2011 06:01:48 GMT
XCache: MISS from ReaperXCache
XCacheLookup: NONE from ReaperXCache:3128
Connection: close
Note: if you want to look at what url has been cached by Squid (as long as you didn’t restart the
squid process), you can type this:
c:\squid\bin\squidclient.exe mgr:objects | find /i "site url"
Cache Size Section
If you want Squid to cache larger objects then you should increasemaximum_object_size from
the default of 4 MB into bigger value. And if you frequently access that objects, it’d be better to
increase the Memory Cache Options such
as cache_mem andmaximum_object_size_in_memory to serve that object directly from
Memory. And depending on your hardware configuration, i’d suggest you to adjust it to your
hardware setup to find the best configuration for you :)
Refresh Pattern Section
The refresh_pattern is used so you can fine tune caching specific file type or page. In this guide
i have included caching for common static content such as images, static content that is used
for website, audio videos, documents, and archives. With most of them using ignorereload so
even if your client do a hard refresh it’ll still serve the static files from the squid cache. As for the
wikipedia part, i believe you can guess what that’s used for :)
Misc. Section
There are 5 items here:
dns_nameservers: This basically tells squid on what DNS server to use. So make sure to
change this to your DNS Server (you can use Google public DNS, OpenDNS, Comodo Secure
DNS, etc)
Disabling htcp and icp port: Since we’re not going to use this, we’re better off disabling it but
if you think you’re going to use it then feel free to change it :)
headers_access: By default Squid will display various HTTP Headers that is indicating that
you’re behind a proxy. Some people (including me) don’t like this especially if you’re just in a
small network
visible_hostname and httpd_suppress_version_string: While we’re at it, we might as well
make a good name for our Squid cache and hide the squid version used :)
data:text/html;charset=utf8,%3Cheader%20class%3D%22entryheader%22%20style%3D%22boxsizing%3A%20borderbox%3B%20display%3A%20bloc… 10/14
Reload Squid configuration file
Now since we’re done configuring Squid, we need to tell Squid to reload it’s configuration file,
and to do that you need to open Command Prompt (admin mode as usual if in 7 / Vista) and
then type:
c:\squid\sbin\squid.exe k reconfigure n Squid
And done … the next step would be configuring your browser to use your Proxy by pointing it to
your [proxy server address]:[port]
But what if you want your Windows Squid server to be able to filter ads, and probably more?
then please continue reading :)
Filtering Ads on Squid
There are three ways to use Ads Filtering for Squid on Windows (at least there are only three
that i’m aware of, so if you know more, i’d be grateful if you could mention them here. Because
i’m not sure on whether SquidGuard or DansGuardian can be used on Windows)
1. The first one is using the a premade list of various ad servers created
by http://pgl.yoyo.org/as/ and the instructions on how to use it with Squid can be found there
and it’s straight forward
2. While the second method is by using a redirector program called adzapper that involves
installing perl (well there’s a portable version too if you prefer portable perl). But you could use
them both if you want. And to use it you just need to:
1. Go to adzapper website and download the script, rename it tosquid_redirect.pl and place it
into C:\squid\etc
2. Download Perl if you haven’t already. And if you’re looking for a portable version of Perl that
doesn’t need to be installed, you can use Strawberry Perl. Just make sure to go to their
releases archive page
3. Put this line at the custom.conf our custom config file for squid
# Make sure to change the directory to where perl.exe located
redirect_program "x:/strawberryperldirectory/perl/bin/perl.exe" "c:/squid/etc/squid_r
3. And finally the third method is involving chaining Squid Proxy with Privoxy that is described
below because it deserves a new section :P
Chaining Squid to other Proxy Server / Proxy Chain
This part deals with chaining Squid that is designed to handle caching to other proxy server
designed for specific purpose. And in this case we’re going to chain squid with privoxy that is
going to be used for various filtering purpose. But i’m not going into a much detail about Privoxy
(like how to add new rules into Privoxy for example) because it’s already listed on their
Documentation :)
Using Squid with Privoxy
First thing first. Put below lines in custom.conf right after the ACL section:
# don't cache privoxy config
acl privoxyconfig dstdomain config.privoxy.org
cache deny privoxyconfig
# forward request to privoxy
cache_peer 127.0.0.1 parent 8118 7 noquery nodigest
# force all requests to go to the proxy chain
never_direct allow all
And then if you haven’t downloaded Privoxy yet, download and extract it somewhere and then
run privoxy.exe and finally reload squid configuration again and then open your browser and
point your browser to http://config.privoxy.org
If you do everything correctly, you’ll see this message This is Privoxy X.Y.Z on
hostname.com (127.0.0.1), port 8118, enabled
Pssst … To make editing Privoxy configuration much easier, you can use the included web
based editor (although for some items you need to edit the files directly). And to enable it, find
and changeenableeditactions to 1 in config.txt. But please read the reason on why it is
disabled by default
And now we’re done with chaining Squid to Privoxy. But what if you want more? like for
example chaining Squid to Privoxy and then to other proxy server or perhaps Tor or JAP? all
you have to do is just put this line:
If you’re planning on chaining to Tor
# connecting to Tor
forwardsocks5 / 127.0.0.1:9050 .
or if you want to connect to your local JAP setup
# for JAP
forward / 127.0.0.1:4001 .
Into Privoxy config.txt. To forward all requests to Tor (assuming that you have configured Tor
correctly and it is running
And that is all … i hope this post isn’t to long, but if you did read it until the end, the reason i
choose to rewrite the Squid Windows Guide is because the old one looks like a total mess for
me (not that the new one is not messy but i think it’s a little bit better). Anyway I hope you find
this guide useful and it helps you on installing Squid on Windows :)

How To Install Squid Proxy On Windows - Reaper

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

How To Install Squid Proxy On Windows - Reaper

Hochgeladen von

Copyright:

Verfügbare Formate

10/12/2014 How to Install Squid Proxy on Windows | Reaper

refresh_pattern . 0 20% 4320

Das könnte Ihnen auch gefallen