Installing Squid Cache for Windows

10Jun/0780

Installing Squid Cache for Windows

Linux users mostly already know Squid proxy server as the best and most used proxy server. As on my previous post “Bandwidth Shaping Using Squid Cache and WIPFW” I need a free proxy server for my windows server. I found SquidNT which is ported from its Linux version by Guido Serassio.

You can download SquidNT from Acme Consulting’s website or here. If you want to do bandwidth shaping then you must download SquidNT with Delay Pool version. On this installation guide, I use the Delay Pool version as I want to do bandwidth shaping.

Step 1: download SquidNT Delay Pool version here

Step 2: extract the zip file and put it on C: drive

Step 3: configure the squid.conf file on /etc folder. There is squid.conf.default you can rename it to squid.conf and edit it.

Step 4: configure the DNS nameserver. On squid.conf find:

# TAG: dns_nameservers
# Use this if you want to specify
# a list of DNS name servers (IP addresses)
# to use instead of those given in your
# /etc/resolv.conf file.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 192.168.0.1

To find what is your nameserver is type: ipconfig on command prompt and find the IP number on Default Gateway field. Copy it to your squid.conf file like above.

Step 5: setup ACL

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from
# where browsing should be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl our_networks src 192.168.0.0/16
http_access allow our_networks

Here you can setup which network that allowed to use your proxy server. From ipconfig command you can find out what is your IP address, usually it have 192.168.0.x format so you can apply the configuration above.

Step 6: Setup the hostname

# TAG: visible_hostname
# If you want to present a special hostname ...
# then define this. Otherwise, the return ...
# will be used. If you have multiple caches ...
# get errors about IP-forwarding you must ...
# names with this setting.
#
#Default:
# none
visible_hostname localhost

Here you can define the name for your hostname, for example you can use “localhost” or “server.youdomain.com”

Step 7: Setup cache directory

Run this command from command prompt: c:\squid\sbin\squid -D -z

Step 8: On Windows XP/2000/2003 you can setup SquidNT as a service

Run this command from command prompt: c:\squid\sbin\squid -i

You can start/stop/restart the service called Squid from: Control Panel > Administrative Tools > Services

Step 9: Setup your browser to use proxy server

For Internet Explorer users, go to: Tools > Internet Options. Select Connection tab and click on LAN Settings

On the pop up window you’ll find proxy box, give a check on “Use a proxy server for your LAN…” and fill your server’s IP (where you install SquidNT) on the address field and fill “3128” on port field. 3128 is the default port for SquidNT.

Click Ok to save the configuration. Now try to open a web page and see if you can open it. If you can then the configuration is set correctly.

Step 10: Setup the Delay Pool.

As I want to do bandwidth shaping then I needs to setup the Delay Pool. Here is the configuration:

#
#Default:
# delay_pools 0
delay_pools 1
delay_class 1 1

Then create delay_access:

# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none
delay_access 1 allow our_networks
delay_access 1 deny all

Now we setup how much bandwidth we want to allocate. For example, you have 384 Kbps ADSL connection which means you can download at around 40KB/s. Now you want to shape the maximum to around 30KB/s download rate, here is the configuration:

#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
# There must be one delay_parameters line for each delay pool.
#
#Default:
# none
delay_parameters 1 30000/30000

Step 11: Restart the Squid service from: Control Panel > Administrative Tools > Services

Done! Now you have 30KB/s for browsing and another 10KB/s reserved for other internet connection like chatting or streaming radio

Tagged as: proxy, squid, windows Leave a comment

Comments (80) Trackbacks (6) ( subscribe to comments on this post )

Markus
September 28th, 2009 - 17:17

@Thang
check your squid.conf and look for “dns_nameservers” variable and make sure you have the correct DNS ip address from your ISP

( REPLY )
Thang
September 28th, 2009 - 18:14

Hello
Yes i checked and i can also ping this address from server
195.238.2.21 this is our ISP DNS
Thanks

( REPLY )
Markus
September 28th, 2009 - 18:31

@Thang
do you have firewall installed? make sure squid are allowed to access internet

( REPLY )
Thang
September 28th, 2009 - 18:39

Yes , maybe due to our firewall.
thanks

( REPLY )
Mulyono
October 6th, 2009 - 10:30

i have 2 lan connection
cable 192.168.9.0
wirelsess 192.168.218.0
n wireless
i want squid to use only wireless connection,
how i do that

( REPLY )
marsel
October 8th, 2009 - 18:05

Hi Markus,

I have tried already using your suggestion, but still not effected if user download any file such as mp3. the speed still higher then i specified in squid.conf.

FYI: I install squid in win server 2000.

Thank you

( REPLY )
premise
February 7th, 2010 - 14:22

still confused in settingup squid totally can any one send me a link about the full description will be really great.

( REPLY )
- Sagi
  May 20th, 2010 - 18:03
  
  hi, i managed to install squid on windows 2008, the proxy works fine, when i install the BDM it redirects the http requests to the squid, but the squid wont give a reply.
  
  i do get bunch of messages:
  1274344238.652 60326 127.0.0.1 TCP_MISS/302 431 GET http://www.google.co.il/url? – DIRECT/74.125.43.104 text/html
  1274344370.044 63219 127.0.0.1 TCP_MISS/504 1520 GET http://markus.revti.com/2007/06/installing-squid-cache-for-windows/ – DIRECT/64.120.141.148 text/html
  1274344544.656 62938 127.0.0.1 TCP_MISS/504 1477 GET http://www.softperfect.com/products/bandwidth/ – DIRECT/216.92.24.234 text/html
  1274344588.017 63033 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
  1274344588.314 62877 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
  1274344588.517 62877 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
  
  please assist,
  thanks in advance
  Sagi
  
  ( REPLY )
  - Markus
    May 21st, 2010 - 01:16
    
    HTTP error 504:
    
    504 Gateway Timeout
    The server was acting as a gateway or proxy and did not receive a timely request from the upstream server.
    
    make sure the gateway/proxy server can reach the internet.
Alan502
June 18th, 2010 - 06:08

Thanks for this great guide markus, i could successfully install squidnt on a mini-home server i’ve got to store backups, as an internet bridge etc. However, i have my c: drive frozen for protection from malware and other malicious software. I installed squidnt on another partition though (after fighting with the installation for the paths) so the frozen state of my c: drive would not affect squid. But my question is, is installing squid on my d: drive enough or do you think it might not keep some configuration files that would make the cache info useless? (since squid is a service and i assume services are on the c: drive) the squid.conf, and all the other configuration files under the squid folder are on the d: drive.

Thanks

( REPLY )
- Markus
  June 18th, 2010 - 06:12
  
  you can install squid nt on d: drive it’s not a problem, just change all the c: into d: in this tutorial.
  
  ( REPLY )
microtelcartago
July 3rd, 2010 - 21:21

Hello thanks for your excellent guide, I´m a new squid user and have been trying to installing in my windows 2003 server, but when i add the acl : acl our_networks src 192.168.0.0/16, and the line: http_access allow our_networks, the service no start, when you refer to our_networks it means the name of my work_group? in my case MICROTEL, sorry about my english I´m from Colombia.
Thank for what yo can do for me.

( REPLY )
- Markus
  July 3rd, 2010 - 21:26
  
  acl our_networks src 192.168.0.0/16
  http_access allow our_networks
  
  our_networks = is the name of the acl and not your windows network. you should check the log files to see what went wrong
  
  ( REPLY )
Jerry
August 15th, 2010 - 05:10

hi : do you know what is going on?
sbin.sqid.exe.log

2010/08/15 10:10:49| aclParseIpData: WARNING: Netmask masks away part of the specified IP in ’10.1.1.3/24′
2010/08/15 10:10:49| parseConfigFile: squid.conf:3478 unrecognized: ‘delay_pools’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3479 unrecognized: ‘delay_class’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3540 unrecognized: ‘delay_access’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3541 unrecognized: ‘delay_access’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3603 unrecognized: ‘delay_parameters’

is the first line that use 10.1.1.3 to 10.1.1.24 ip as client ip only?

the other few lines, i have no idea…

( REPLY )
- Jerry
  August 15th, 2010 - 05:18
  
  also, i don’t know squid is working or not, when i enable proxy, i set 10.1.1.10 (my ip) as proxy, prot 3128, it is ok to connect to internet, but when i disable proxy, it still can connect to internet, is this ok?
  how can i setup to: client must using proxy to connect internet, else no connection. ??
  
  please help, thanks
  
  ( REPLY )
  - Markus
    August 15th, 2010 - 15:52
    
    if what you mean by disabling proxy is from your browser then it’s correct behavior. that means your browser is connecting to the internet directly and not via proxy..
    
    if you stop the proxy service and still able to connect although on your browser’ configuration is still set to use proxy then this is unlikely to happens. you should get an error message that saying the proxy is denying the connection.
- Markus
  August 15th, 2010 - 15:48
  
  it seems that your config file is corrupted, please check again or restore it from the zip package and reconfigure it again.
  
  ( REPLY )
Normz
August 19th, 2010 - 18:16

can u help me on the delay pool regarding bandwidth shaping of streaming videos and downloads, i have this but it doesnt seem to work. can u please look at it and tell me what have i done wrong. thanks.

acl files url_regex -i .flv .avi .wmv .mpg .mpeg .mpe .divx .mov
.qt .mp3 .wav .ram .rm .rar .zip .gz .bz2 .iso .exe .rpm .deb .raw
acl files url_regex -i youtube.com
delay_pools 1
delay_class 1 1
delay_parameters 1 56000/56000
delay_access 1 allow files youtube

AND Here is my whole squid.conf

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl our_networks src 192.168.0.100/24 192.168.0.199/24
http_access allow our_networks

http_access deny all

icp_access allow localnet
icp_access deny all

http_port 192.168.0.xxx:3128

hierarchy_stoplist cgi-bin ?

cache_mem 500 MB

maximum_object_size_in_memory 10 MB

cache_dir ufs c:/squid/var/cache 7000 16 512

maximum_object_size 8192 KB

access_log c:/squid/var/logs/access.log squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i youtube.com/.* 10080 90% 43200
refresh_pattern -i facebook.com/.* 10080 90% 43200
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

visible_hostname localhost

acl files url_regex -i .flv .avi .wmv .mpg .mpeg .mpe .divx .mov
.qt .mp3 .wav .ram .rm .rar .zip .gz .bz2 .iso .exe .rpm .deb .raw
acl files url_regex -i youtube.com
delay_pools 1
delay_class 1 2
delay_parameters 1 56000/56000
delay_access 1 allow files youtube
dns_nameservers 192.168.0.1

coredump_dir c:/squid/var/cache

( REPLY )