{"id":121,"date":"2008-04-27T00:52:56","date_gmt":"2008-04-27T06:52:56","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=121"},"modified":"2026-03-26T04:44:02","modified_gmt":"2026-03-26T10:44:02","slug":"squid","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/squid\/","title":{"rendered":"Squid"},"content":{"rendered":"\n<p>A <strong><a href=\"https:\/\/www.supportpro.com\/blog\/squid-proxy-installation-in-windows-server\/\" title=\"\">proxy server<\/a><\/strong> is an intermediary application that sits between clients and servers. Instead of connecting directly to a website or service, a client sends requests to the proxy, which then forwards them to the destination server.<\/p>\n\n\n\n<p>Proxies are commonly used to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control user access<\/li>\n\n\n\n<li>Monitor and log activities<\/li>\n\n\n\n<li>Improve performance through caching<\/li>\n\n\n\n<li>Filter content<\/li>\n\n\n\n<li>Convert between different network protocols<\/li>\n<\/ul>\n\n\n\n<p>There are proxies for many protocols, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP (Email)<\/li>\n\n\n\n<li>DNS<\/li>\n\n\n\n<li>HTTP (Web)<\/li>\n\n\n\n<li>IRC \/ IM (Chat)<\/li>\n<\/ul>\n\n\n\n<p>This article focuses on <strong>web proxies<\/strong>, particularly using Squid.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Understanding Web Objects and Caching<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Web Objects?<\/h2>\n\n\n\n<p>When discussing web proxies and caching, we often refer to <strong>objects<\/strong>.<\/p>\n\n\n\n<p>A web object can be:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An HTML page<\/li>\n\n\n\n<li>A JPEG image<\/li>\n\n\n\n<li>A PDF document<\/li>\n\n\n\n<li>A Flash animation<\/li>\n\n\n\n<li>A CSS or JavaScript file<\/li>\n<\/ul>\n\n\n\n<p>Each object is identified by a <strong>URL (Uniform Resource Locator)<\/strong>.<\/p>\n\n\n\n<p>Note: A \u201cweb page\u201d typically consists of multiple objects \u2014 the HTML file plus images, scripts, and stylesheets.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">How Caching Works<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Requests and Responses<\/h2>\n\n\n\n<p>Here\u2019s what happens in a typical HTTP transaction:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A browser sends an HTTP request.<\/li>\n\n\n\n<li>The origin server sends back an HTTP response (the object).<\/li>\n\n\n\n<li>The proxy may cache the response for future reuse.<\/li>\n<\/ol>\n\n\n\n<p>However, not all responses are cacheable.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Factors Affecting Cacheability<\/h3>\n\n\n\n<p>Caching depends on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Request headers<\/li>\n\n\n\n<li>Response headers<\/li>\n\n\n\n<li>Authentication requirements<\/li>\n\n\n\n<li>Cache-Control directives<\/li>\n\n\n\n<li>TTL (Time-To-Live)<\/li>\n<\/ul>\n\n\n\n<p>For example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authenticated content is usually <strong>not cacheable<\/strong>.<\/li>\n\n\n\n<li>Servers may define TTL values for freshness control.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Fresh vs Stale Content<\/h2>\n\n\n\n<p>A cached object can be:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fresh<\/h3>\n\n\n\n<p>The object is within its defined TTL and can be served immediately.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Stale<\/h3>\n\n\n\n<p>The TTL has expired. The proxy must validate the object using a conditional request before serving it.<\/p>\n\n\n\n<p>This validation ensures users receive updated content when necessary.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Squid Proxy Server<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Introduction to Squid<\/h2>\n\n\n\n<p>Squid is a <strong>free, open-source proxy server<\/strong> primarily designed for UNIX systems, though it can also run on Windows.<\/p>\n\n\n\n<p>Squid:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Speaks HTTP to browsers<\/li>\n\n\n\n<li>Is not an email proxy<\/li>\n\n\n\n<li>Is not an IRC\/IM proxy<\/li>\n\n\n\n<li>Acts partially as an FTP proxy<\/li>\n<\/ul>\n\n\n\n<p>It is widely used for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web caching<\/li>\n\n\n\n<li>Access control<\/li>\n\n\n\n<li>Bandwidth optimization<\/li>\n\n\n\n<li>Logging and monitoring<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Installing Squid on Ubuntu<\/h1>\n\n\n\n<p>The easiest way to install Squid is via your OS package manager.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install via APT:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt-get install squid<\/code><\/pre>\n\n\n\n<p>Alternatively, install from source:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzvf squid-version.tar.gz<br>cd squid-version<br>.\/configure<br>make<br>make install<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">Understanding squid.conf<\/h1>\n\n\n\n<p>The main configuration file is located at:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/squid\/squid.conf<\/code><\/pre>\n\n\n\n<p>To view only active (non-commented) lines:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep -v ^# squid.conf | grep . | less<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Important Configuration Directives<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Port Configuration<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>http_port 3128<\/code><\/pre>\n\n\n\n<p>Default listening port.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cache Directory<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>cache_dir ufs \/var\/spool\/squid 1000 16 256<\/code><\/pre>\n\n\n\n<p>Defines storage location and size.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Memory Cache<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">cache_mem 8 MB<\/pre>\n\n\n\n<p>Specifies memory allocated for caching.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Effective User<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>cache_effective_user proxy<\/code><\/pre>\n\n\n\n<p>Runs Squid under a secure system user.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example ACL Rule<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>acl QUERY urlpath_regex cgi-bin \\?<br>no_cache deny QUERY<\/code><\/pre>\n\n\n\n<p>Prevents caching of dynamic CGI requests.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Starting and Managing Squid<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Start \/ Stop \/ Restart<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/init.d\/squid start<br>\/etc\/init.d\/squid stop<br>\/etc\/init.d\/squid restart<br>\/etc\/init.d\/squid reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Start at Boot<\/h2>\n\n\n\n<p>Enable:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo update-rc.d squid defaults<\/code><\/pre>\n\n\n\n<p>Disable:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo update-rc.d -f squid remove<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">Squid Log Files<\/h1>\n\n\n\n<p>Squid maintains several important logs:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">cache.log<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>\/var\/log\/squid\/cache.log<\/code><\/pre>\n\n\n\n<p>Runtime status, warnings, and errors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">access.log<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>\/var\/log\/squid\/access.log<\/code><\/pre>\n\n\n\n<p>Client requests, URLs, transfer size, status codes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">store.log<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>\/var\/log\/squid\/store.log<\/code><\/pre>\n\n\n\n<p>Tracks cached objects.<\/p>\n\n\n\n<p>To monitor logs live:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tail -f \/var\/log\/squid\/cache.log<br>tail -f \/var\/log\/squid\/access.log<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">Squid Access Control Lists (ACLs)<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Why ACLs Are Critical<\/h2>\n\n\n\n<p>An improperly configured proxy becomes an <strong>open proxy<\/strong>, which can be abused for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Illegal downloads<\/li>\n\n\n\n<li>Fraudulent transactions<\/li>\n\n\n\n<li>Spam and malicious activities<\/li>\n<\/ul>\n\n\n\n<p>All misuse will be traced back to your server\u2019s IP address.<\/p>\n\n\n\n<p>Proper ACL configuration is essential for security.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Understanding ACL Syntax<\/h1>\n\n\n\n<p>ACLs define conditions that are later referenced in access rules.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">General ACL Format:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>acl aclname acltype value<\/code><\/pre>\n\n\n\n<p>Example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>acl allowed_clients src 192.168.1.0\/255.255.255.0<\/code><\/pre>\n\n\n\n<p>This defines trusted local clients.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">HTTP Access Rules<\/h1>\n\n\n\n<p>After defining ACLs, you use them in <code>http_access<\/code> rules.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">General Format:<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>http_access allow|deny &#91;!]aclname<\/code><\/pre>\n\n\n\n<p>Example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http_access allow allowed_clients<\/code><\/pre>\n\n\n\n<p>Or:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http_access deny !allowed_clients<\/code><\/pre>\n\n\n\n<p>This ensures only trusted clients can use your proxy.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Best Practices for Secure Squid Configuration<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never allow unrestricted public access<\/li>\n\n\n\n<li>Restrict proxy usage to internal IP ranges<\/li>\n\n\n\n<li>Monitor logs regularly<\/li>\n\n\n\n<li>Keep Squid updated<\/li>\n\n\n\n<li>Limit cache size based on server resources<\/li>\n\n\n\n<li>Use strong ACL rules<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Conclusion<\/h1>\n\n\n\n<p>Web proxies play a critical role in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improving web performance<\/li>\n\n\n\n<li>Reducing bandwidth usage<\/li>\n\n\n\n<li>Enhancing access control<\/li>\n\n\n\n<li>Strengthening network security<\/li>\n<\/ul>\n\n\n\n<p>Squid remains one of the most powerful and widely used open-source proxy servers. With proper configuration \u2014 especially ACL rules \u2014 you can build a secure, efficient, and high-performance proxy environment.<\/p>\n\n\n\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n<p class=\"has-text-align-center\"><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><a href=\"https:\/\/www.supportpro.com\/freecheckup.php\"><\/a><\/span><\/span><\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-white-background-color has-background\"><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size\">Partner with <strong>SupportPRO<\/strong> for 24\/7 proactive cloud support that keeps your business secure, scalable, and ahead of the curve.<\/p>\n\n\n\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" alt=\"guy server checkup\" class=\"wp-image-12943 size-full\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A proxy server is an intermediary application that sits between clients and servers. Instead of connecting directly to a website or service, a client sends requests to the proxy, which&hellip;<\/p>\n","protected":false},"author":4,"featured_media":15690,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[3],"tags":[],"class_list":["post-121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-articles"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":9,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"predecessor-version":[{"id":16667,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/121\/revisions\/16667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/15690"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}