≡ Menu

Squid Web Proxy and Cache Server

Tutorials, howtos, and tips about Squid web proxy and cache software under *nix. It includes a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic ( rss feed )

Question: How do I upgrade my FreeBSD server and ports tree using our proxy server, which requires username and password based authentication?
[click to continue…]

I've Squid Proxy server with over 100 Windows workstation. I see following error message in my cache.log file:

WARNING! Your cache is running out of filedescriptors

Do I need to filter proxy server requests to avoid this problem? How do I fix this problem under CentOS / Fedora / RHEL / Debian Linux?
[click to continue…]

I'm behind a squid proxy server. How do I access internet via proxy server when I use wget, lynx and other utilities from a shell prompt on a Linux or Unix-like systems?
[click to continue…]

Linux Disabling Squid Proxy Server

Q. How do I disable Squid Proxy Serer under CentOS Linux operating system so that I can directly connect to the internet?
[click to continue…]

Squid Block any Domain Name Accessing the Internet

Q. How do I block any website accessing the Internet using squid proxy server?

A. You can simply use squid ACL to block access to any web site. There are 3 steps:

#1. Create a text file with blocked domain name list such as baddomain1.com, mail.yahoo.com, gmail.com and so on

#2. Define Acl

#3. Restart squid

First, create a file called /etc/squid/blocked.domains.acl
# vi /etc/squid/blocked.domains.acl
Append domain names,

Save and close the file. Open squid.conf file:
# vi /etc/squid/squid.conf
Create acl called blockeddomain:
acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
Deny http access, enter:
http_access deny blockeddomain
Close and save the file. Restart squid proxy server:
# /etc/init.d/squid restart

Squid Proxy Server Mac Address based filtering

Q. I'm using squid proxy server under CentOS Linux version 5. How to filter a particular MAC address under squid?

A. Not all operating system supports Mac address based filtering. For some operating systems. Squid calls these "ARP ACLs" and they are supported on Linux, Solaris, and BSD variants.

How do I set up ACL's based on MAC address?

Open squid.conf:
# vi /etc/squid/squid.conf
Local acl, section and append ACL as follows:
acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:
# /etc/init.d/squid restart

Squid proxy authentication in transparent mode

Q. I was referring to your Squid transparent proxy configuration howto, and my question to you - can proxy authentication be done in transparent mode?

A. Short answer: noop, you cannot use Squid proxy authentication in transparent mode.

From official squid docs:

Authentication cannot be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid.