Installing Squid Cache for Windows
Linux users mostly already know Squid proxy server as the best and most used proxy server. As on my previous post “Bandwidth Shaping Using Squid Cache and WIPFW” I need a free proxy server for my windows server. I found SquidNT which is ported from its Linux version by Guido Serassio.
You can download SquidNT from Acme Consulting’s website or here. If you want to do bandwidth shaping then you must download SquidNT with Delay Pool version. On this installation guide, I use the Delay Pool version as I want to do bandwidth shaping.
Step 1: download SquidNT Delay Pool version here
Step 2: extract the zip file and put it on C: drive
Step 3: configure the squid.conf file on /etc folder. There is squid.conf.default you can rename it to squid.conf and edit it.
Step 4: configure the DNS nameserver. On squid.conf find:
# TAG: dns_nameservers
# Use this if you want to specify
# a list of DNS name servers (IP addresses)
# to use instead of those given in your
# /etc/resolv.conf file.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 192.168.0.1
To find what is your nameserver is type: ipconfig on command prompt and find the IP number on Default Gateway field. Copy it to your squid.conf file like above.
Step 5: setup ACL
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from
# where browsing should be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl our_networks src 192.168.0.0/16
http_access allow our_networks
Here you can setup which network that allowed to use your proxy server. From ipconfig command you can find out what is your IP address, usually it have 192.168.0.x format so you can apply the configuration above.
Step 6: Setup the hostname
# TAG: visible_hostname
# If you want to present a special hostname ...
# then define this. Otherwise, the return ...
# will be used. If you have multiple caches ...
# get errors about IP-forwarding you must ...
# names with this setting.
#
#Default:
# none
visible_hostname localhost
Here you can define the name for your hostname, for example you can use “localhost” or “server.youdomain.com”
Step 7: Setup cache directory
Run this command from command prompt: c:\squid\sbin\squid -D -z
Step 8: On Windows XP/2000/2003 you can setup SquidNT as a service
Run this command from command prompt: c:\squid\sbin\squid -i
You can start/stop/restart the service called Squid from: Control Panel > Administrative Tools > Services
Step 9: Setup your browser to use proxy server
For Internet Explorer users, go to: Tools > Internet Options. Select Connection tab and click on LAN Settings
On the pop up window you’ll find proxy box, give a check on “Use a proxy server for your LAN…” and fill your server’s IP (where you install SquidNT) on the address field and fill “3128” on port field. 3128 is the default port for SquidNT.
Click Ok to save the configuration. Now try to open a web page and see if you can open it. If you can then the configuration is set correctly.
Step 10: Setup the Delay Pool.
As I want to do bandwidth shaping then I needs to setup the Delay Pool. Here is the configuration:
#
#Default:
# delay_pools 0
delay_pools 1
delay_class 1 1
Then create delay_access:
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none
delay_access 1 allow our_networks
delay_access 1 deny all
Now we setup how much bandwidth we want to allocate. For example, you have 384 Kbps ADSL connection which means you can download at around 40KB/s. Now you want to shape the maximum to around 30KB/s download rate, here is the configuration:
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
# There must be one delay_parameters line for each delay pool.
#
#Default:
# none
delay_parameters 1 30000/30000
Step 11: Restart the Squid service from: Control Panel > Administrative Tools > Services
Done! Now you have 30KB/s for browsing and another 10KB/s reserved for other internet connection like chatting or streaming radio 
September 28th, 2009 - 17:17
@Thang
check your squid.conf and look for “dns_nameservers” variable and make sure you have the correct DNS ip address from your ISP
September 28th, 2009 - 18:14
Hello
Yes i checked and i can also ping this address from server
195.238.2.21 this is our ISP DNS
Thanks
September 28th, 2009 - 18:31
@Thang
do you have firewall installed? make sure squid are allowed to access internet
September 28th, 2009 - 18:39
Yes , maybe due to our firewall.
thanks
October 6th, 2009 - 10:30
i have 2 lan connection
cable 192.168.9.0
wirelsess 192.168.218.0
n wireless
i want squid to use only wireless connection,
how i do that
October 8th, 2009 - 18:05
Hi Markus,
I have tried already using your suggestion, but still not effected if user download any file such as mp3. the speed still higher then i specified in squid.conf.
FYI: I install squid in win server 2000.
Thank you
February 7th, 2010 - 14:22
still confused in settingup squid totally can any one send me a link about the full description will be really great.
May 20th, 2010 - 18:03
hi, i managed to install squid on windows 2008, the proxy works fine, when i install the BDM it redirects the http requests to the squid, but the squid wont give a reply.
i do get bunch of messages:
1274344238.652 60326 127.0.0.1 TCP_MISS/302 431 GET http://www.google.co.il/url? – DIRECT/74.125.43.104 text/html
1274344370.044 63219 127.0.0.1 TCP_MISS/504 1520 GET http://markus.revti.com/2007/06/installing-squid-cache-for-windows/ – DIRECT/64.120.141.148 text/html
1274344544.656 62938 127.0.0.1 TCP_MISS/504 1477 GET http://www.softperfect.com/products/bandwidth/ – DIRECT/216.92.24.234 text/html
1274344588.017 63033 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
1274344588.314 62877 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
1274344588.517 62877 127.0.0.1 TCP_MISS/504 1457 GET http://www.softperfect.com/download/ – DIRECT/216.92.24.234 text/html
please assist,
thanks in advance
Sagi
May 21st, 2010 - 01:16
HTTP error 504:
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely request from the upstream server.
make sure the gateway/proxy server can reach the internet.
June 18th, 2010 - 06:08
Thanks for this great guide markus, i could successfully install squidnt on a mini-home server i’ve got to store backups, as an internet bridge etc. However, i have my c: drive frozen for protection from malware and other malicious software. I installed squidnt on another partition though (after fighting with the installation for the paths) so the frozen state of my c: drive would not affect squid. But my question is, is installing squid on my d: drive enough or do you think it might not keep some configuration files that would make the cache info useless? (since squid is a service and i assume services are on the c: drive) the squid.conf, and all the other configuration files under the squid folder are on the d: drive.
Thanks
June 18th, 2010 - 06:12
you can install squid nt on d: drive it’s not a problem, just change all the c: into d: in this tutorial.
July 3rd, 2010 - 21:21
Hello thanks for your excellent guide, I´m a new squid user and have been trying to installing in my windows 2003 server, but when i add the acl : acl our_networks src 192.168.0.0/16, and the line: http_access allow our_networks, the service no start, when you refer to our_networks it means the name of my work_group? in my case MICROTEL, sorry about my english I´m from Colombia.
Thank for what yo can do for me.
July 3rd, 2010 - 21:26
acl our_networks src 192.168.0.0/16
http_access allow our_networks
our_networks = is the name of the acl and not your windows network. you should check the log files to see what went wrong
August 15th, 2010 - 05:10
hi : do you know what is going on?
sbin.sqid.exe.log
2010/08/15 10:10:49| aclParseIpData: WARNING: Netmask masks away part of the specified IP in ’10.1.1.3/24′
2010/08/15 10:10:49| parseConfigFile: squid.conf:3478 unrecognized: ‘delay_pools’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3479 unrecognized: ‘delay_class’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3540 unrecognized: ‘delay_access’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3541 unrecognized: ‘delay_access’
2010/08/15 10:10:49| parseConfigFile: squid.conf:3603 unrecognized: ‘delay_parameters’
is the first line that use 10.1.1.3 to 10.1.1.24 ip as client ip only?
the other few lines, i have no idea…
August 15th, 2010 - 05:18
also, i don’t know squid is working or not, when i enable proxy, i set 10.1.1.10 (my ip) as proxy, prot 3128, it is ok to connect to internet, but when i disable proxy, it still can connect to internet, is this ok?
how can i setup to: client must using proxy to connect internet, else no connection. ??
please help, thanks
August 15th, 2010 - 15:52
if what you mean by disabling proxy is from your browser then it’s correct behavior. that means your browser is connecting to the internet directly and not via proxy..
if you stop the proxy service and still able to connect although on your browser’ configuration is still set to use proxy then this is unlikely to happens. you should get an error message that saying the proxy is denying the connection.
August 15th, 2010 - 15:48
it seems that your config file is corrupted, please check again or restore it from the zip package and reconfigure it again.
August 19th, 2010 - 18:16
can u help me on the delay pool regarding bandwidth shaping of streaming videos and downloads, i have this but it doesnt seem to work. can u please look at it and tell me what have i done wrong. thanks.
acl files url_regex -i .flv .avi .wmv .mpg .mpeg .mpe .divx .mov
.qt .mp3 .wav .ram .rm .rar .zip .gz .bz2 .iso .exe .rpm .deb .raw
acl files url_regex -i youtube.com
delay_pools 1
delay_class 1 1
delay_parameters 1 56000/56000
delay_access 1 allow files youtube
AND Here is my whole squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.100/24 192.168.0.199/24
http_access allow our_networks
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 192.168.0.xxx:3128
hierarchy_stoplist cgi-bin ?
cache_mem 500 MB
maximum_object_size_in_memory 10 MB
cache_dir ufs c:/squid/var/cache 7000 16 512
maximum_object_size 8192 KB
access_log c:/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i youtube.com/.* 10080 90% 43200
refresh_pattern -i facebook.com/.* 10080 90% 43200
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname localhost
acl files url_regex -i .flv .avi .wmv .mpg .mpeg .mpe .divx .mov
.qt .mp3 .wav .ram .rm .rar .zip .gz .bz2 .iso .exe .rpm .deb .raw
acl files url_regex -i youtube.com
delay_pools 1
delay_class 1 2
delay_parameters 1 56000/56000
delay_access 1 allow files youtube
dns_nameservers 192.168.0.1
coredump_dir c:/squid/var/cache
October 28th, 2010 - 19:04
how about using 2 connection at the same time? what i want to do is browsing use my modem (1st connection) and i still can do my works that use Office’s LAN (2nd connection) which it should be a full connection.
November 2nd, 2010 - 11:59
Having a problem with Google search when I installed Squid following your instructions:
ERROR
The requested URL could not be retrieved
While trying to process the request:
GET /search?q=where&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&safe=active HTTP/1.1
Host: http://www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=1e62c30140e82e07:U=fc39a1053e09d45b:FF=0:TM=1288614717:LM=1288614746:S=nZ65DIKuAiQ0Afhr; NID=40=N9e1uDnrsZk1vpsWza6pOL9DhjCUyGJ6uswFgzYUSdvgJWY02bn1tky40TzTWyo6G8MxLoSqAuMYo6Q716VOvQEtsatdyHqZ7Sjg8mRCqRwJ3NveobZem-fzpmL5QkxW; SID=DQAAAJ0AAACng52Tu70efrb5o54pw8sX62DtzqRihRRL6cCjvtVwQ5sOGKfAd_c0DJHpvYEtdqEJlRkkByn3lejx_Kl9azP2Uw0B82MGs51IS-lYwEEw8iKtkb10lNDBpnvbg4l4kfbSWNtEVllyT17j6idGoFr7S1nk_4W8dWLu-OSMO603hXwk4RaueknDDjemYuokUUwNWOSX_3836HUpYHOVT-Nc; HSID=AJHhh5CGt3KGld7_R
The following error was encountered:
* Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
Your cache administrator is webmaster.
Generated Tue, 02 Nov 2010 04:55:41 GMT by squidhost (squid/2.7.STABLE8)
November 2nd, 2010 - 22:26
hmm… not sure what cause that.. never had problem doing google search via squid proxy.
November 5th, 2010 - 08:09
When I try to install squid with the above steps, at step 7 and 8 I get the following error on command window:
C:\squid\sbin>squid -D -z
FATAL: Unable to open configuration file: c:/squid/etc/squid.conf: (2) No such f
ile or directory
Squid Cache (Version 2.7.STABLE5): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
abnormal program termination
C:\squid\sbin>squid -i
CreateService failed
How can I deal with this?
November 10th, 2010 - 17:14
check whether c:/squid/etc/squid.conf exists
November 26th, 2010 - 13:48
thx markus
can u assist here . i cant find tag dns_nameserver
are my eyes decieving me or m such a noob ;]
thx
November 26th, 2010 - 14:29
this is big file and if u cud mention the line where the tags are ..it would be great help .. thx
November 26th, 2010 - 14:32
and pls send a mail here if u reply very late :] thx thx thx i may not check back daily here
ax2dpranjalsagar@gmail.com
November 29th, 2010 - 06:23
use the search function of your text editor :)
January 2nd, 2011 - 05:42
hey Sir Markus, when I start squid, windows says “Windows could not start the squid service on local Computer” “Error 1067: The process terminated unexpectedly.”
before it was working on the same machine, the same configuration.
thanks
January 2nd, 2011 - 06:30
Hi Jamer,
please check on Squid’s error log in c:\squid\var\log and see if it give some explanation on why the service won’t start.
January 22nd, 2011 - 10:56
these happened to me
what i did when it occured was i installed the squid into g: directory. so i change it to c: directory, voila! problems solved.
anyway thank to mr markus for giving such good manual. one question:
my ip address is 192.168.1.100, which is not like u said “usually it have 192.168.0.x format so you can apply the configuration above” in step 5 (setup acl). how can i edit the squid.conf file if i want my ip address to be the proxy server.
btw, great info!
January 24th, 2011 - 07:38
am am , your ip is still in 192.168.x.x format,the last digits are always a bit different[depending on ur country and ISP ]… :]]]]
January 31st, 2011 - 15:24
your PC’s LAN IP should be using 192.168.x.x address (or 10.0.x.x), you install squid on the gateway pc on your home network. and the outside network (internet server) will see your public IP if you browse through the proxy
January 24th, 2011 - 08:02
helo markus, thx u for ur guide..:)
i am using squid on my home .. as for caching only… its working great.
but i recently added some auth_parameters.
pls see below…..
auth_param basic program c:/squid/libexec/ncsa_auth.exe c:/squid/etc/interface/UsersInfo
auth_param basic children 5
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 10.0.0.0/255.0.0.0
acl localnet src 192.168.0.0/255.255.0.0
#acl localnet proxy_auth REQUIRED src 10.0.0.0/255.0.0.0
#acl localnet proxy_auth REQUIRED src 192.168.0.0/255.255.0.0
acl our_networks src 192.168.1.1
acl ncsa_users proxy_auth REQUIRED
acl sleeping_time time S 00:00-06:00
acl sleeping_time time M 00:00-06:00
acl sleeping_time time T 00:00-06:00
acl sleeping_time time W 00:00-06:00
acl sleeping_time time H 00:00-06:00
acl sleeping_time time F 01:00-06:00
acl sleeping_time time A 01:00-06:00
http_access deny ncsa_users sleeping_time
http_access allow ncsa_users
this script is working.. but i wanna add a admin account[ for emergency needs ]
i have two acc. right now admin and user1,
but like u see above all ncsa users will be denied access at night.
how can i conf it so that it can differentiate two accounts.
can u assist me here…. :]]
January 31st, 2011 - 08:14
Hello,
It’s possible to configure so i can access it from outside. For example at work i want to use my home proxy to access some website with my home ip instead of work ?
thanks you
January 31st, 2011 - 15:19
yes it’s possible you have to create an acl with your office IP address
March 24th, 2011 - 05:16
Not sure I’m reading this incorrectly or not. or if what I’m asking is possible.
I have a server box with 2 NIC cards. 1 will be connected to an external modem that goes directly out to the internet. the other will be connected to a large internal LAN which I’d like to provide internet access from card 1 to any PC on the internal LAN via HTTP browsing proxy setting I’ve tried setting this up and failed several times. I’m trying to mimic the setup of an old Squid Linux box via windows this time using your guide. So in more detail.
NIC 1.) (external internet access) 173.xxx.xxx.xxx I can also buy a small router if need be to work properly (wasn’t sure if it was necessary for several connections) I have it setup with a static address that never changes from my cable provider.
NIC 2.) (internal LAN) 170.17.xxx.xxx (but will also allow access from 170.12.xxx.xxx, 170.10.xxx.xxx, 170.22.xxx.xxx etc etc.)
Many thanks and much appreciated for your help!!!
May 10th, 2011 - 12:46
yes it should work, first you have to make sure that the windows server can access the internet. then you have to make sure all the clients can connect to the internet through the windows server. only after that you can install squid on the windows server and then setup the proxy settings on client’s PC