Press "Enter" to skip to content

Useful Configs for Squid3 Cache

Shahriar 0

Hi everyone!

After searching the web so many times and testing different configurations of Squid, I have found these minimal working configs which you can use to achieve the features you want from Squid3 Cache (which is really robust and powerful btw)

Read more for config…

“shutdown_lifetime 3” added for quicker restart of squid service, It’s not really important.

Basic caching forward proxy:

 

Transparent caching forward proxy:

*You will also need to forward port to squid!*
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Note that using forward proxy compared to transparent proxying has better performance and is a better solution in general for reasons which are outside the scope of this How-To. So try to use it if you can and then use a proxy config script or Active Directory (if in a domain environment) to make users’ browsers use your proxy.

 

Caching forward proxy with basic file authentication:

Authentication is not available with transparent proxy (obviously…duh)

 

Caching forward proxy with LDAP authentication:

This LDAP config can’t be used with Active Directory. That’s because unlike openldap (default config), AD DS doesn’t allow a user to bind to its ldap database without presenting a valid user (Binding DN). If you want to use this config with AD DS or a securely and properly configured OpenLDAP,
you should specify the binding DN in the auth_param line using “-D”
for more info visit Official Squid Guide on ActiveDirectory (which has way more than necessary info and may be a little confusing, just use the syntax from the last part of the guide, I hope it works!)

 

Caching forward proxy with PAM authentication:

Basically for authentication with local linux users…

 

Caching forward proxy with RADIUS authentication:

 

Caching forward proxy with domain filtering and PAM authentication:

You can use all types of access-list in Squid. Which allows for really flexible and powerful access control for your users.

 

Squid3 not only has lots of features but also very good documentation. The main config file is around 6000 lines which only like 15 are not comments! LOL. so you get the idea…

  • Further reading: WCCP, Delay Pools

Thanks for reading this post. Any advice? please tell me in the comments!

Leave a Reply

Your email address will not be published. Required fields are marked *