squid.conf

The squid.conf file is the main configuration file for Squid, a popular open-source proxy server and web cache daemon. It controls various aspects of Squid's behavior, caching policies, access controls, and more. Here are some key sections and directives you'll typically find in squid.conf:

1. Access Controls

acl

Defines Access Control Lists (ACLs) to specify which clients or requests are allowed or denied access.

Example:

acl localnet src 192.168.1.0/24
acl SSL_ports port 443

http_access

Specifies the access rules based on ACLs for allowing or denying HTTP requests.

Example:

http_access allow localnet
http_access deny all

2. Cache Settings

cache_dir

Specifies the directory and size of the disk cache used by Squid.

Example:

cache_dir ufs /var/spool/squid 100 16 256

refresh_pattern

Defines how Squid handles caching based on URL patterns and refresh patterns.

Example:

refresh_pattern ^ftp:           1440    20%     10080

3. Authentication

auth_param

Configures authentication parameters, such as authentication schemes and realms.

Example:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm Squid proxy-caching web server
auth_param basic children 5
auth_param basic credentialsttl 2 hours

acl

Defines ACLs for authentication purposes.

Example:

acl auth_users proxy_auth REQUIRED

http_access

Specifies access rules based on authentication ACLs.

Example:

http_access allow auth_users
http_access deny all

4. Network Configuration

http_port

Specifies the port on which Squid listens for incoming HTTP requests.

Example:

http_port 3128

cache_peer

Configures upstream proxy servers for hierarchical caching.

Example:

cache_peer parent-proxy.example.com parent 8080 0 no-query default

5. Logging

access_log

Specifies the location and format of the access log file.

Example:

access_log /var/log/squid/access.log squid

cache_log

Specifies the location and format of the cache log file.

Example:

cache_log /var/log/squid/cache.log

6. SSL/TLS

https_port

Specifies the port on which Squid listens for incoming HTTPS requests.

Example:

https_port 443 cert=/etc/squid/ssl_cert.pem key=/etc/squid/ssl_key.pem

7. Miscellaneous

forwarded_for

Controls how Squid handles the X-Forwarded-For header.

Example:

forwarded_for on

visible_hostname

Sets the visible hostname for error messages and HTTP headers.

Example:

visible_hostname proxy.example.com

Notes

  • Configuration Syntax: squid.conf uses a hierarchical, block-structured syntax similar to many other configuration files.

  • Security: Ensure that ACLs and access rules (http_access) are carefully configured to prevent unauthorized access.

  • Performance: Adjust cache settings (cache_dir, refresh_pattern) based on expected usage patterns and available disk space.

  • Logging: Configure logging (access_log, cache_log) to monitor Squid's activity and troubleshoot issues.

This overview covers essential directives commonly found in squid.conf. Squid's flexibility allows for extensive customization to meet specific caching, security, and performance requirements in various network environments. Adjust these configurations according to your specific needs and security policies.

PreviousSMB Daemons: smbd, nmbd, winbinddNextsshd

Last updated