Proxy Server Setup

Hi all,

       Please guide me on how to setup & configure SQUID Proxy Server.

Who is Participating?
Peer cache servers and Squid hierarchy
Tag Name      cache_peer
Usage      cache_peer hostname type http_port icp_port options

This tag is used to specify the other caches in the hierarchy. The cache_peer option is split into five fields. The first field is the hostname or IP of the cache that is to be queried. The second field indicates the type of relationship. The third field sets the HTTP port of the destination server, while the fourth sets the ICP (UDP) query port. The fifth field can contain zero or more keywords. Here are the detailed explanations on each field. See cache_peer_access also.

Hostname (FQDN) or IP address of the cache to be queried should be mentioned.

For ex,

cache_peer sibling 3128 3130 [proxy-only]
cache_peer sibling 3128 3130 [proxy-only]

Here cache hierarchy should be specified. This option plays an important role in deciding neighbor selection.

    * parent
    * sibling
    * multicast

The port number where the cache listens for proxy requests. See also http_port

Used for querying neighbor caches about objects. To have a non-ICP neighbor specify '7' for the ICP port and make sure the neighbor machine has the UDP echo port enabled in its /etc/inetd.conf file. See also icp_port


    To specify that objects fetched from this cache should not be saved locally.

    To specify a weighted parent. The weight must be an integer. The default weight is 1, larger weights are favoured more.

    To specify a IP multicast Time To Live (ttl) value when sending ICP queries to multicast groups. We do not accept ICP replies from random hosts. So you must configure other group members as peers with the multicast-responder option below.

    This option is set for those peers, which do not support ICP queries. It is obvious to have doubt about the ICP port specified in, while using this option. Squid does not care what digit has been given in the ICP port when no-query is specified. Using any number is fine. It is recommended to use 0 to emphasis the fact that ICP is not used in any way (not even to UDP echo port 7).

    This might be the typical example for this option :

    cache_peer hostname sibling 8080 0 proxy-only no-query

    By default, Port 3130 is typically where an ICP-aware proxy listens for ICP packets. Port 7 is the "echo" port (see /etc/services). It is typically handled by inetd as an internal process and simply "echoes" back what has been sent it. Since option "no-query" specified, port "7" is there so that if peer is queried, Squid gets an answer and not declares peer as dead and therefore stop using it.

    Port 7 is used when Squid has a non-ICP peer but still want to query it before sending requests there (no-query not specified). In such case, Squid will send the ICP queries to port 7 which is the UDP echo port.

    If this is a parent cache which can be used as a "last-resort." and not ICP enabled then "default" would be the appropriate option. Simply adding default to a parent does not force all requests to be sent to that parent. The term default is perhaps a poor choice of words. If the cache is able to make direct connections, direct will be preferred over default. If needed to force all requests to parent cache(s), use the never_direct option.

    To define a set of parents which should be used in a round-robin fashion in the absence of any ICP queries.

    Indicates that the named peer is a member of a multicast group. ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.

    Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.

    To NOT request cache digests from this neighbor.

    It disables requesting ICMP RTT database (NetDB) from the neighbor.

    To prevent access to this neighbor from influencing the delay pools.

    If this is a personal/workgroup proxy and your parent requires proxy authentication.

    To specify a peer specific connect timeout (also see the peer_connect_timeout directive).

    To tell Squid to fetch the cache digest (if digests are enabled) for this host from the specified URL rather than the Squid default location.

No cache peer is defined
Default      none

cache_peer parent 3128 3130 default

cache_peer sibling 3128 3130 proxy-only

cache_peer sibling 3129 5500 weight=2

If you compiled Squid to support HTCP, your cache will automatically attempt to connect to TCP port 4827 (there is currently no option to change this port value). Cache digests are transferred via the HTTP port specified on the cache_peer line. Non-ICP neighbors must be specified as 'parent'.

Is the parent proxy configured to allow clients? Also the default port for squid to listen on is 3128 - you have the cache_peer set as if the parent proxy is on port 80 - is this correct?

$Id: QUICKSTART,v 2003/09/14 01:36:25 dwsquid Exp $

This document is intended only for people who want to get Squid running
quickly It is not a substitute for the real documentation.  Squid has
many features, but only a few of them are useful at the beginning.  Use
this only if you have quite a simple setup.

After you retrieved, compiled and installed the Squid software (see
INSTALL in the same directory), you have to configure the squid.conf
file. This is the list of the values you *need* to change, because no
sensible defaults could be defined. Do not touch the other variables
for now.  We assume you have installed Squid in the default location:

Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:


cache_peer, never_direct/always_direct

    If you have a parent cache, put it here.  The administrators of the
    parent cache typically provided you with instructions.  You should
    always ask permission before adding a parent cache. See also the
    never_direct/always_direct directives.

cache_dir /usr/local/squid/var/cache 100 16 256

    Add here (first number, here 100) the amount of hard disk space
    (in megabytes) to devote to caching.

acl, http_access, icp_access

    Access control lists.  This is important because it prevents people
    from stealing your network resources.  To fill in the
    "allowed_hosts" ACL, use your network address (for instance and your network mask (for instance

        acl manager proto cache_object
        acl localhost src
        acl all src
        acl allowed_hosts src

        http_access deny manager all
        http_access allow allowed_hosts
        http_access deny all

        icp_access  allow  allowed_hosts
        icp_access deny all


    Put here the e-mail address of the manager:


    If you must start Squid as root, find a safe user and group to run
    as after startup (typically "nobody" and "nogroup").  Do not use
    "root", for security reasons.


    The host name you advertise for the cache.


After editing squid.conf to your liking, run Squid from the command
line TWICE:

    % /usr/local/squid/sbin/squid -z
    % /usr/local/squid/sbin/squid

Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
everything is all right.

Once Squid created all its files (it can take several minutes on some
systems), test it with echoping or a regular Web client. By default,
your Squid will run on port 3128. See the Squid FAQ for more details.

Once you have Squid working from the command line, tell your Unix to
start Squid at startup (it depends heavily on the Unix you use, you'll
typically have to modify something in a /etc/rc_something).

This quick start file written by: Stephane Bortzmeyer and Duane
sallauddinsAuthor Commented:
Hi owensleftfoot,
   Thanks for the quick reply but will the above solution work on redhat Linux 7.3 or Redhat Linux 9.0.

Thanx & Regardz

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

sallauddinsAuthor Commented:
Hi owensleftfoot,
         When I type squid -z as u have mentioned above it display's an error message :
FATAL: Bungled squid.conf line 146:     cache_peer       parent    80
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 217

Please do see f this can be resolved.

One more thing I would like to add is I am trying to use this SQUID proxy in the company & the companies server is also having SQUID proxy. So my SQUID proxy will be a client to the parent proxy.

I hope u have got the scenario.

Waiting for a favorable & reply at the earliest.

Thanx & Regardz.

sallauddinsAuthor Commented:
Knock, Knock .... experts
Are there any takers ???.
sallauddinsAuthor Commented:
Dear admin,

    Since I have accepted the answer please close this query.

Thanks & Regards,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.