Squid behing proxy server (parent proxy)

Hi all,

Its been a long time since i posted stuff. Anyways some time we need to configure Squid to work behind another proxy server (I needed the same to bypass the internet timing restrictions imposed on us). Although lot of guides exists for the same still some configuration is required which one needs to figure out. Here i give the basic configuration which you can do to place squid behind another proxy.

WARNING : Using a proxy server hosted by some one else for the sake of just bypassing some restrictions might lead to Man in the middle attack, even on SSL enabled sites. Its better to have your own proxy for that sake.



Download Squid from http://wiki.squid-cache.org/SquidFaq/BinaryPackages or use package managers in linux.

Carefull :- Don't install all the versions from synaptic. only one version of squid must be running else you will have an error. This is working as of 10 Aug 2011.


Configuration settings in file located in squid directory (/etc/squid/squid.conf in linux or squid.conf in instaleld directory in windows, rename squid.conf.default to squid.conf if it exists in some versions) . Take a backup before any updations.

1. Look for a string "http_access deny all" and comment it, It basically Restricts Http access from all but some machines which are listed just above this command. You can define your own ACL and use "http_access allow youracl" or just "http_access allow all"
   
2. To hide the hostname visible outside from your computer name, find the "visible_hostname" Tag, just below default add "visible_hostname myproxyname"
   
   It looks like
   
   #  TAG: visible_hostname
   #       If you want to present a special hostname in error messages, etc,
   #       define this.  Otherwise, the return value of gethostname()
   #       will be used. If you have multiple caches in a cluster and
   #       get errors about IP-forwarding you must set them to have individual
   #       names with this setting.
   #
   #Default:
   visible_hostname myproxyname
   
3.  In the end of file add lines
   
   Replace hostname with your proxy host, similar for port, give icp.port as 0 for disabling local cahich protocol (more conf is required to enable it, i am skipping that here)
   
   cache_peer [hostname] parent [proxy.port] [icp.port] no-query no-digest default login=username:password
   
   
   never_direct allow all
   
   
   (login=username:password is in the same line as cache_peer, or use line continuation symbol, or skip it if not required)
4. If you wan to change the default port number of proxy (3128), modify the lines
   # Squid normally listens to port 3128
   http_port 3128
   
   To what ever you want.
5. The never_direct directive says that all links accessed through this proxy server must not be sent directly but rather over parent proxy. you can do additonal conf here. Like directing different sites to different proxy or going directly to those sites.
6. Also multiple parent proxy can be specified. I am looking to handle parent proxy error messages, instead of passing to user proxy must skip to next in schedule (See Link http://gwagit.wordpress.com/2011/04/02/using-a-parent-proxy-with-squid/ ) for more info here.
   
   Like other services use /etc/init.d/squid restart , or restart service manually in windows after configuration change. Might need root permissions to change the file and restart the service.
   
   
   References:
   
   1. http://gwagit.wordpress.com/2011/04/02/using-a-parent-proxy-with-squid/
   2. http://eitwebguru.com/configure-multiple-ip-for-squid-proxy-server-hide-version-and-hostname/
   3. http://www.reaper-x.com/2006/07/18/complete-guide-on-installing-and-configuring-squid-proxy-server-for-windows/
   4. Some thinking :P
   
   Thanx for reading:)
   
   Always have your stuff when you need it with @Dropbox. Sign up for free! http://db.tt/V9f0DFoI