Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Install on Arch Linux:
sudo pacman -S squid
Install Squid3 on Ubuntu Server:
sudo apt-get install squid3 apache2-utils
Edit file /etc/squid3/squid.conf and add/change to this following config.
You can use ether Digest or Basic HTTP authentications methods see more details bellow.
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users auth_param basic children 5 auth_param basic realm SquidProxy auth_param basic credentialsttl 3 hours acl users proxy_auth REQUIRED acl sectionx proxy_auth REQUIRED http_access allow users acl all src 0.0.0.0/0.0.0.0 acl internal_network src 192.168.0.0/24 acl users proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl sectionx proxy_auth REQUIRED acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access allow users http_access allow internal_network http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all # squid proxy port http_port 3128 # disable logging cache_access_log /dev/null cache_store_log none cache_log /dev/null refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT hosts_file /etc/hosts forwarded_for off # this headers makes proxy elite header_access Allow allow all header_access Authorization allow all header_access Cache-Control allow all header_access Content-Encoding allow all header_access Content-Length allow all header_access Content-Type allow all header_access Date allow all header_access Expires allow all header_access Host allow all header_access If-Modified-Since allow all header_access Last-Modified allow all header_access Location allow all header_access Pragma allow all header_access Accept allow all header_access Accept-Encoding allow all header_access Accept-Language allow all header_access Content-Language allow all header_access Mime-Version allow all header_access Cookie allow all header_access Set-Cookie allow all header_access Retry-After allow all header_access Title allow all header_access Connection allow all header_access Proxy-Connection allow all header_access All deny all
Digest
auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/users auth_param digest children 5 auth_param digest realm SquidProxy acl users proxy_auth REQUIRED http_access allow users
Create some users:
htdigest /etc/squid/users MyRealm USERNAME
HTTP Basic
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users auth_param basic children 5 auth_param basic realm SquidProxy auth_param basic credentialsttl 3 hours acl users proxy_auth REQUIRED acl sectionx proxy_auth REQUIRED
Make sure you use appropriate ncsa_auth file for 64bit os:
/usr/lib64/squid/ncsa_auth
Create some users by running:
htpasswd -c /etc/squid3/users USERHERE
Reload your squid without restarting daemon:
squid3 -k reconfigure
