Squid can be fun, but also cryptic if you're not familiar with the configuration syntax. Which isn't that far off for most programs, so it's actually a moot point. Let's begin...
1. Download the source files:
2. Create a squid user and group, for security. Below, the "netfilter" argument assumes you're using Linux 2.4 with iptables; if this isn't you, simply leave it out. Then:
$ ./configure --prefix=/usr/local/squid --disable-ident-lookups--enable-linux-netfilter --enable-dl-malloc
$ make all
# make install
3. Next, we need to create our cache. Edit the squid.conf file, /usr/local/squid/etc/squid.conf, and make the following changes, assuming your box has an IP address of x.y.z.z:
http_port x.y.z.z:3128
icp_port 0
# Performance
maximum_object_size 4096 KB
cache_mem 32 MB
# Allow server to abort if requesting client aborts
# But continue if less than 16 KB left or 95+% done
quick_abort_min 16 KB
quick_abort_pct 95
# Prevent caching these
acl QUERY urlpath_regex cgi-bin \?
acl PHP url_regex .php?
no_cache deny QUERY PHP
# transparent proxy settings
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Avoid non-specific ports
acl Safe_ports port 80 21 443 563 70 210 1025-65535
http_access deny !Safe_ports
# Avoid these ad-servers (example only)
acl icq dstdomain ads.icq.com
acl netscape dstdomain messenger.netscape.com
acl ls dstdomain ads.linuxsecurity.com
acl msn dstdomain ads.msn.com
acl aol dstdomain ads.web.aol.com
acl akami dstdomain akami.net
acl msads dstdomain global.msads.net
acl double dstdomain ad.doubleclick.net
http_access deny double
http_access deny aol
http_access deny ls
http_access deny netscape
http_access deny akami
http_access deny msads
http_access deny msn
http_access deny icq
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_access_log /var/adm/squid-access
cache_log /var/adm/squid-log
cache_store_log none
debug_options ALL,1
ftp_user anonymous@nowhere.com
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl CONNECT method CONNECT
acl allowed_hosts src x.y.z.0/255.255.255.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowed_hosts
http_access deny all
cache_mgr admin@yourhost.com
cache_effective_user squid
cache_effective_group squid
append_domain .yourdomain.com
forwarded_for off
cachemgr_passwd disable all
anonymize_headers deny From Referer Server
anonymize_headers deny User-Agent WWW-Authenticate Link
fake_user_agent FluffyGerbil/1.0 (HPUX; 128 bit)
4. Change the user and group ownerships to squid's user and group for these directories: /usr/local/squid/logs, /usr/local/squid/cache
5. Then, create the initial cache/swap directories:
bash# /usr/local/squid/bin/squid -z
6. Finally, start the cache. Note: If DNS is not working on your box, this next bit will fail...
bash# /usr/local/squid/bin/squid