Questions tagged as ['squid']

Squid is a FOSS package licensed under the GNU GPL and is primarily used as a web proxy server and cache.
Score: 0
mocart avatar
squid4 proxy with only whitelist allow policy for all
it flag

Ubuntu 20.04; Squid 4.10 (build with ssl);common dns-server for clients and server

I can't configure squid4 proxy with only whitelist(with SSL) allow policy for all. I build squid by sources with ssl support, and generate cert, all works (when allow all for all), but when i configure squid to allow only whitelist, it not works: all users have permissions for all sites, not only whitelist ...

Score: 0
Can Squid perform whitelisting on URL paths?
bm flag

I have Squid configured with SSL bumping and a whitelist. Users have submitted domains to add to the whitelist including a couple with paths to a specific service, e.g.

A comment on another post (Allow a certain URL path with Squid) says that using regexes is not possible when using SSL bumping. I'm wondering, though, if this can be accomplished using a specific directive.

In  ...

Score: -1
Squid is not returning http message body on debug
in flag

According to Squid documentation, when debug_options rotate=1 ALL,9 is set in squid.conf, I should see HTTP Message Body in cache.log

However, it's not showing up.

I do see, everything, including HTTP headers, but not the body.

I even tried to set debug_options to 11,9, but I only see HTTP headers, not the body.

Squid is configured as transparent proxy for both HTTP and HTTPS. The request I'm sending is  ...

Score: 0
Block websites for my VPN users
id flag

I have strongswan running fine, I need to block some bad websites by it's domains from being visiting by VPN users, I tried many methods but no luck as redirect traffic from vpn to proxy server like squid but I discovered that forwarded traffic to squid it done by it's website IP not domain name so this technique not succeeded.

maybe this is not strongswan business but any idea will be welcomed.


Score: 0
Anh Bảy avatar
Config Multiple IP config in squid proxy server
cn flag

This answer seem not fit my requirement: Squid config - same user multiple ips

Assume that I have a proxy server with 3 IPV4 ( and 20 IPV6 (ipv6_1 -> ipv6_20)

I want to config to

Allow IP(s) to connect to port 3000 to 3010 to use proxy ipv6_1 to ipv6_10

Allow IP(s) to connect to port 4000 to 4010 to use proxy ipv6_11 to ipv6_20

username1/pwd1 ...

Score: 0
Shouma avatar
Squid does not write into access.log with kerberos authentication
jp flag

I finally managed to get squid with kerberos authentication and LDAP group checking to work. I am using squid 4.1, kerberos v5 and Linux Mint Cinnamon 20.1.

Everything works fine, but I got a little problem: As soon as I am using Kerberos as authentication method, squid won't write the access.log anymore. When I use NTLM, squid is writing the access.log perfectly. But with Kerberos it won't work. ...

Score: 1
TravelWhere avatar
How to disable ipv4 in squid proxy?
cn flag

How do I disable ipv4 in squid proxy so when I visit a site it will use ipv6 ip only. I install squid proxy on ubuntu 20.04. I tested my config but on it can still detect ipv4. Here's my config

forwarded_for off
via off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Referer deny all
reque ...
Score: 0
ogbofjnr avatar
Why squid authentication fails?
cn flag

I'm trying to add authentication to squid installed on windows, here is the config:

auth_param basic program C:\Squid\lib\squid\basic_ncsa_auth.exe C:\Squid\etc\squid\.htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

http_port 2001

http_access allow localnet
http_access deny all

In .htpasswd


This corresponds to username admin and ...

Score: 0
ogbofjnr avatar
How to redirect traffic from squid to vpn?
cn flag

I have a windows machine with a squid server and VPN client connection(which is not the default gateway)

What I want is to redirect some traffic from squid to my default ethernet connection and some to VPN.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . .  ...
Score: 0
dranobob avatar
How to check if a remote server is up through a proxy?
in flag

I have a series of lab linux server (centos/rh) that are built using an automated PXE install via kickstart file. I would like to use another automated process (ansible) to monitor when the installations have completed. Normally I would use a simple tool like ping but these servers can only be accessed remotely through an internal proxy.

One idea was to add httpd and a simple index.html page via the k ...

Score: 0
Buildermine avatar
Allow only one ip to connect to squid server
eg flag

I'm trying to allow only one ip to connect to the squid server but it seems it's not working I did ban all domains and allow only one domain but for the ip address it's not working here what I have done:

http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the o ...
Score: 0
Jenia Glijenski avatar
Squid proxy's specific ports don't work for a short preiod of time, then start working again
gd flag

I am using Squid version 4.6 on a Raspberry Pi 4 which has 7 Huawei Wifi Modems connected to it through a hub. After successfully setting up squid to work with all 7 ports and redirect traffic to the modems, everything worked well and I could connect to it from every single port. However, as time went on, some ports/connections just casually stop working for a few minutes or even entire hours and then g ...

Score: 0
Mehran avatar
Why I'm Getting "Service web-cache lost on WCCP clinet" error on cisco router?
ar flag

I'm configuring wccp and squid.

Here is wccp configuration or router:

ip wccp web-cache redirect-list wccp-access group-list wccp-server
interface FastEthernet1/0
 ip address
 ip wccp web-cache redirect in
 duplex auto
 speed auto
ip access-list standard wccp-server
ip access-list extended wccp-access
 deny   ip host any
 permit tcp host 10. ...
Score: -2
Rodrigo avatar
Creating a HTTP proxy with user and pass with Squid
jp flag

I want to know if with Squid I can use as a proxy with basic auth, to use with cURL for example:

curl -vvv "" -x user:password@localhost:8000

Where localhost is the Squid instance.

Is it possible with Squid and HTTPS websites?

Score: -1
amirreza es avatar
squid proxy multiple ip
cf flag

i got a ubuntu vps and i want to turn it to a proxy server with multiple ip,so far every guid just needs me to a range of ip for this proxy like but i got only one ip for this vps

http_port name=3128
http_port name=8000
http_port name=8080

acl tasty3128 myportname 3128 src
http_access allow tasty3128
tcp_outgoi ...
Score: 0
Dnd avatar
Squid: Connection reset by peer (TLS code: SQUID_ERR_SSL_HANDSHAKE)
sn flag
Failed to establish a secure connection to *ip-address*

The system returned:

(104) Connection reset by peer (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Handshake with SSL server failed: [No Error]

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is no ...

Score: 0
Tilman Schmidt avatar
How to debug Squid ERR_DNS_FAIL
bd flag

I am managing a couple of web proxies running Squid 4.10 on Ubuntu 20.04LTS in several locations distributed worldwide. One of them has developed a nasty habit of occasionally failing to access a web page. The user receives instead an error page saying:

Hmmm... can't reach this page
It looks like the webpage at <URL> might be having issues,
or it may have moved permanently to a new web addres ...
Score: 0
Emma92 avatar
Sectigo is not trusted in Squid
in flag

I have Squid (version 6) with SSL bump. Most sites are trusted but some of them are not.

I get the error message: The following error was encountered while trying to retrieve the URL:

Failed to establish a secure connection to [unknown]

The system returned:


Failed to establish a secure connection: [No Error]

This proxy and the remote host f ...
Score: 0
Joshua Pinti avatar
How to enable socks5 and http on squid at the same time?
in flag

I'd like to enable both socks5 (I have checked and this is possible) and http at the same time for my squid proxy. So far the only way I've found to do this is to run 2 squid instances via docker but if there's a less resource intensive way I'd prefer that. I have also looked into using 3proxy and dante for socks5 but for my purposes they will not work.

Score: 0
xdnroot avatar
SQUID Transparent Proxy: Error INVALID_URL and ACCESS_DENIED
iq flag

I configure squid proxy on Centos 7. I am using Squid version 3.5.20. I also try squid 4.10 on Ubuntu 20.04, but I got the same problem. Maybe my ACL was wrong.

I configure DSTNAT on Router to intercept HTTP traffic from to Squid Proxy


This is /etc/squid/squid.conf file:

acl localnet src     # RFC1918 possible internal network
acl localnet src   ...
Score: 0
Is there a way to disable ipv4 fallback in squid proxy
us flag

Is there a way to disable ipv4 fallback in squid, i will only use ipv6 outgoing address but if e.g. site is accepting only ipv4 squid fallback to ipv4 i will no fallback.

Score: 0
ArcherPacman avatar
Squid Proxy Server - Port numbers - HTTP - HTTPS etc
in flag

I have a virtual proxy client and I have a squid proxy server.

root@arch:/etc/squid # cat /etc/squid/acls/ports.acl
80 # http
21 # ftp

root@arch:/etc/squid # cat /etc/squid/acls/sslports.acl
443 # https
3001 # ntop

I am curious about port numbers and squid. I know that the port number is not "magic", you can use any port from 1-65535 you like. Ports in the range 1-1023 are "well-known ports" which ar ...

Score: 0
ArcherPacman avatar
Squid : Do not cache these destinations ( I do not want some address to be cached by squid )
in flag

I have a virtual proxy client and I have a squid proxy server. I would like to add some addresses to block caching for them. Either their domain or IP address:
root@SERVER:/etc/squid # cat /etc/squid/acls/dst_nocache.acl

I added them to the list for non-cache, but it still caches. I check from here:

root@SERVER:/etc/squid # tail -f /var/log/s ...
Score: 0
Francisco avatar
How to block some categories with squidGuard at certain times of the day?
ca flag

I have a non-transparent proxy server (squid on debian 11) implemented with basic authentication. The web filtering is done with the squidGuard, in it create two groups of users: usradmins and usinternet. The blacklist used is the shallalist. I try to block access to entertainment content at a certain time of the day, but I can't configure the squidGuard acl taking into account the time. I do not pr ...

Score: -2
minisch avatar
Provide WSUS access to Internet when using Squid proxy
ni flag

I am planning to deploy a WSUS server. Of course this WSUS server will need access to Windows Update Catalog to download the patches. So it needs Internet access and we have a Squid proxy on the network.

I know you can configure Internet browser with the Squid Proxy URL so the users can browse the Internet but how do we give WSUS server access to the Internet to download the patches? Is there som ...

Score: 0
user4867444 avatar
How does Squid 4 compute a request's cache key?
cn flag

Sorry if I wasn't able to find the relevant doc on this: how does Squid 4 compute a given GET request's cache key? Is there a way to instruct to ignore HTTP headers in how it does this, i.e. only use the URL?

Long story short, I would need Squid to cache (and serve cached answers) purely based on the URL, and ignoring in particular Authorization headers (but still use that header if it needs to hit the  ...

Score: 0
mk1 avatar
strongswan and Squid Proxy on the same saver
za flag
mk1 client<--->cisco_router<----IPSec/Ikev2----->eth1(<------->Internet.

on the scenario above I have IPSec working. The client can ping eth0 and vice versa. My issue is with IPTABLES. How do I route my traffic after coming out of the IPSec tunnel through squid(proxy) to access the internet.

Score: 0
Francisco avatar
Redirect to internal page on squid errors
ca flag

I try to redirect to an internal page when a squid error occurs. In order not to customize squid template by template and that the error messages are different, what I try to do is in each original squid lang error file, change the onload event of the page so that it redirects to the own php script: For example, in the ERR_DNS_FAIL file I added a script tag:

 <script type="text/javascript">funct ...
Score: 0
Whitelisting a domain and all dependencies via Squid or other
jp flag

I don't know if this is a common requirement, but usually when you whitelist a single domain say or, you usually have to also whitelist some other cdns or other external dependencies may be required to be loaded, with some websites, payment systems for example, this domains can be dynamic or changing.

Is it possible to write use something like ContentStream or ecap alon ...

Score: 1
xrisk avatar
Transparently tunnel HTTPS using squid with SNI filtering
cn flag

My requirements are:

  1. The proxy should be transparent.
  2. I should be able to filter websites by domain name.
  3. I do not want to decrypt traffic. I'm looking for an SNI sniffing based solution -- no installing certificates on clients.

There are plenty of answers floating around but they are either incorrect (claiming you need to decrypt traffic in order to do this) or incomplete.