Tutorial: A Basic Squid Proxy Configuration

Squid is almost entirely preconfigured for traditional proxying as soon as it is installed from source distribution or from a binary package. It can be up and running in just a few minutes, if your needs are simple. This tutorial covers the first changes you’ll need to make to get your caching proxy up and running quickly.

Opening Access to Local Clients

The only change that must be made before using your Squid installation is to open access for your local users. By default Squid denies access to all users from any source. This is to prevent your proxy from being used for illicit purposes by users outside of your local network (and you’d be amazed at how many nasty things someone can do with an open proxy).

Click the Access Control icon to edit the access control lists and access rules for your proxy. First, create a new ACL by selecting Client Address from the dropdown list and then clicking Create new ACL. This will open a new page where you can define your ACL. First, enter a name, like localnet, in the Name field. Next, specify your network either in terms of a network range, or by specifying a network and netmask. If you have only 10 addresses, for example, that you would like to be permitted to use your proxy you could enter, for example, a >From IP of 192.168.1.20 and a To IP of 192.168.1.30. Or if you have a whole network to which you would like to allow proxy access, you could enter a From IP of 192.168.1.0 and a Netmask of 255.255.255.0. Click Save.

Next, you need to add a proxy restriction to permit the clients matched by the localnet ACL to use the proxy. So click the Add proxy restriction link. On the proxy selection page, choose the Allow option for the Action, and select localnet in the Match ACLs selection box. Click Save.

Then use the arrow icons to the right of the list of proxy restrictions to move the rule you’ve just created above the Deny all rule.

Initializing the Cache Directory

You may have noticed, on the front page of the Webmin Squid module, there is a warning that the configured cache directory has not been initialized. Before starting Squid, you’ll want to make sure it gets initialized. Webmin, of course, will do this for us. Just click the Initialize Cache button. If you plan to alter your cache directories to something other than the default, you’ll likely want to do so in the Cache Options page before initializing the directories. Details are covered earlier in this chapter.

Starting Squid and Testing

To start Squid, click the Start Squid link in the upper right corner of the main module page. It is worthwhile to then check the information provided by Squid during its startup in the cache.log. You can use the Webmin file manager, or you can add this log to the System Logs module for viewing there (read the section covering that module for information on adding non-syslog log files to make them viewable). Squid is usually quite forthcoming about problems that might prevent it from starting or operating correctly.

To test your new Squid, configure a browser on your local network to use the Squid server as its proxy. Doing this is browser dependent. In Netscape and Mozilla, the proxy options are located under the Advanced:Proxy Settings preferences category, while in Internet Explorer, they are located under Internet Options:Connections. Squid can act as a proxy for HTTP, HTTPS, FTP, Gopher, and WAIS protocols. Socks is not supported by Squid, though there are a few good Open Source Socks proxies available.

Now, just browse for a bit to be sure your caching proxy is working. Take a look in the access.log for information about whether a request was served with a cache hit or a cache miss. If Calamaris is installed on your system, Webmin will generate an access report on demand whenever you click the Calamaris icon on the Squid module main page.