Step by Step Configure Squid Proxy In Pfsense

Squid is a caching and forwarding HTTP Web Proxy and its supporting HTTP, HTTPS, FTP, and more. its also It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.

In this artical we know how install and setup Squid proxy on Pfsense. if you need to install using the following steps.

Install Squid Package on Pfsense

1. Login if Pfsense with User Name and Password.

2. Navigate to System and click on Package Manager.

3. Once Package manager opens, click on Available Package and type Squid in the Search bar.

4. Now click on Search button for the squid package.

5. Once Squid related package show in package, Select Squid and click on Install after that click on confirm the installation.

6. Once Squid Installation completed, Now Navigate to Service and click on Squid Proxy Server.

7. Here Local cache has to be done before configuring squid. for Local cache configuration click on Local Cache Tab.

8. Go to Squid Hard Disk Cache Settings. Here we are only change the disk size and Leave the others settings default. you can put the size of cache as you requirement. Now click on Save. The default Hard Disk Cache Location in Pfsense is /var/squid/cache.

9. Once Local Cache Setting Done. Now click on General Tab for Enable Squid Proxy Server.

10. Under Squid General Settings section Check the box of Enable Squid Proxy. Choose the interface for Proxy Server which port on Proxy Working Here we are selected Lan Port. Set the Proxy Port the default port of Proxy server is 3128. You can change if you want to another port. Now check the box of Allow Users ON interface (If checked, the users connected to the interface selected in the 'Proxy interface field will be allowed to use the proxy) the same subnets as the Proxy LAN interface selected automatic access without the need for creating an allow Access Control List.

11. Now Configure Squid Proxy Logging Settings. Check the box of Enable Access Logging. Path of logs file /Var/Squid/logs. The default log Rotation is disabled if left empty you can able to set the days as your requirement.

12. Configure Headers Handling, Language and Other Customizations as you want to set. Set Visible Hostname. Administrator's Email, Error Language. Disable Squid Via header in requests and replies and Enable suppression of squid version string info in HTTP headers and HTML error pages. After Headers Handling, Language and Other Customizations completed Click on Save.

13. After Squid General Settings completed Now Configure Squid Proxy Server Access Control Lists. Allowed Subnet (Enter subnets that are allowed to use the proxy in CIDR format. All the other subnets won't be able to use the proxy) ex:10.0.0.0/8. Unrestricted IPs (Enter unrestricted IP address / network in CIDR format. Configured entries will NOT be filtered out by the other access control directives set in this page). Banned Hosts Address (Enter IP address / network(s) in CIDR format. Configured entries will NOT be allowed to use the proxy). WhiteList (Destination domains that will be accessible to the users that are allowed to use the proxy) Blacklist (Destination domains that will be blocked for the users that are allowed to use the proxy).

14. Under Squid Allowed Ports The following default port already allowed, 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535. If you to allow another you can do from here.

15. Under Squid Advanced Filtering You can apply policy on YouTube Restrictions As per your requrement and click on Save.

16. Now click on Firewall and select Rule. choose your interface on this firewall I have selected LAN. because I have configure Squid proxy Server on LAN Address.

17. Under Edit Firewall Rule Select Action Pass, Interface Lan, Address Family IPV4 and Protocol TCP/UDP.

18. Under Source Select Any. Under Destination Select Lan Address (192.168.0.1). Under Destinations Port Range that you configure in proxy server (3128). Under Extra Options Check the Log box (Log packets that are handled by this rule). In Description type Description (Allow Proxy Server Port) And click on Save.