Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a

web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...

by caching repeated requests, caching

World Wide Web The World Wide Web (WWW or simply the Web) is an information system that enables Content (media), content sharing over the Internet through user-friendly ways meant to appeal to users beyond Information technology, IT specialists and hobbyis ...

(WWW),

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...

(DNS), and other network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although used for mainly

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

and

File Transfer Protocol The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and d ...

(FTP), Squid includes limited support for several other

protocols Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...

including Internet Gopher, Secure Sockets Layer (SSL),

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...

(TLS), and Hypertext Transfer Protocol Secure (

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...

). Squid does not support the

SOCKS A sock is a piece of clothing worn on the feet and often covering the ankle or some part of the Calf (leg), calf. Some types of shoes or boots are typically worn over socks. In ancient times, socks were made from leather or matted animal hair. ...

protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support. Squid was originally designed to run as a

daemon A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore. Demon, daemon or dæmon may also refer to: Entertainment Fictional entities * Daemon (G.I. Joe), a character ...

Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...

systems. A Windows port was maintained up to version 2.7. New versions available on Windows use the

Cygwin Cygwin ( ) is a free and open-source Unix-like environment and command-line interface (CLI) for Microsoft Windows. The project also provides a software repository containing open-source packages. Cygwin allows source code for Unix-like operati ...

environment. Squid is

free software Free software, libre software, libreware sometimes known as freedom-respecting software is computer software distributed open-source license, under terms that allow users to run the software for any purpose as well as to study, change, distribut ...

released under the

GNU General Public License The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...

History

Squid was originally developed as the ''Harvest object cache'',C.Mic Bowman, Peter B. Danzig, Darren R. Hardy, Udi Manper, Michael F. Schwartz, The Harvest information discovery and access system, Computer Networks and ISDN Systems, Volume 28, Issues 1–2, December 1995, Pages 119–125
doi:10.1016/0169-7552(95)00098-5
/ref> part of the Harvest project at the

University of Colorado Boulder The University of Colorado Boulder (CU Boulder, CU, or Colorado) is a public research university in Boulder, Colorado, United States. Founded in 1876, five months before Colorado became a state, it is the flagship university of the University o ...

. Further work on the program was completed at the

University of California, San Diego The University of California, San Diego (UC San Diego in communications material, formerly and colloquially UCSD) is a public university, public Land-grant university, land-grant research university in San Diego, California, United States. Es ...

and funded via two grants from the

National Science Foundation The U.S. National Science Foundation (NSF) is an Independent agencies of the United States government#Examples of independent agencies, independent agency of the Federal government of the United States, United States federal government that su ...

. Duane Wessels forked the "last pre-commercial version of Harvest" and renamed it to Squid to avoid confusion with the commercial fork called Cached 2.0, which became NetCache.Duane Wessel
Squid and ICP: Past, Present, and Future
Proceedings of the Australian Unix Users Group. September 1997, Brisbane, Australia Squid version 1.0.0 was released in July 1996. SquidNT, a port of the Squid proxy server was merged into the main Squid project in September 2006. Squid is now developed almost exclusively through volunteer efforts. In October 2023, it was revealed that Squid continued to suffer from 35 security vulnerabilities which had not been fixed for two and a half years after their initial reporting.

Basic functionality

After a Squid proxy server is installed,

web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...

s can be configured to use it as a proxy HTTP server, allowing Squid to retain copies of the documents returned, which, on repeated requests for the same documents, can reduce access time as well as

bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...

consumption. This is often useful for

Internet service provider An Internet service provider (ISP) is an organization that provides a myriad of services related to accessing, using, managing, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, no ...

s to increase speed to their customers, and LANs that share an

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

connection. Because the caching servers are controlled by the web service operator, caching proxies do not anonymize the user and should not be confused with anonymizing proxies. A client program (e.g. browser) either has to specify explicitly the proxy server it wants to use (typical for ISP customers), or it could be using a proxy without any extra configuration: "transparent caching", in which case all outgoing HTTP requests are intercepted by Squid and all responses are cached. The latter is typically a corporate set-up (all clients are on the same LAN) and often introduces the privacy concerns mentioned above. Squid has some features that can help anonymize connections, such as disabling or changing specific header fields in a client's HTTP requests. Whether these are set, and what they are set to do, is up to the person who controls the computer running Squid. People requesting pages through a network which transparently uses Squid may not know whether this information is being logged. Within UK organisations at least, users should be informed if computers or internet connections are being monitored.

Reverse proxy

The above setup, caching the contents of an unlimited number of webservers for a limited number of clients, is the classical one. Another setup is " reverse proxy" or "webserver acceleration" (using ). In this mode, the cache serves an unlimited number of clients for a limited number of—or just one—web servers. As an example, if ''slow.example.com'' is a "real" web server, and ''www.example.com'' is the Squid cache server that "accelerates" it, the first time any page is requested from ''www.example.com'', the cache server would get the actual page from ''slow.example.com'', but later requests would get the stored copy directly from the accelerator (for a configurable period, after which the stored copy would be discarded). The result, without any action by the clients, is less traffic to the source server, meaning less CPU and memory usage, and less need for bandwidth. This does, however, mean that the source server cannot accurately report on its traffic numbers without additional configuration, as all requests would seem to have come from the reverse proxy. A way to adapt the reporting on the source server is to use the X-Forwarded-For HTTP header reported by the reverse proxy, to get the real client's IP address. It is possible for one Squid server to serve simultaneously as a normal and a reverse proxy. For example, a business might host its own website on a web server, with a Squid server acting as a reverse proxy between clients (customers accessing the website from outside the business) and the web server. The same Squid server could act as a classical web cache, caching HTTP requests from clients within the business (i.e., employees accessing the internet from their workstations), so accelerating web access and reducing bandwidth demands.

Media-range limits

For example, a feature of the HTTP protocol is to limit a request to the range of data in the resource being referenced. This feature is used extensively by video streaming websites such as

YouTube YouTube is an American social media and online video sharing platform owned by Google. YouTube was founded on February 14, 2005, by Steve Chen, Chad Hurley, and Jawed Karim who were three former employees of PayPal. Headquartered in ...

, so that if a user clicks to the middle of the video progress bar, the server can begin to send data from the middle of the file, rather than sending the entire file from the beginning and the user waiting for the preceding data to finish loading. Partial downloads are also extensively used by Microsoft

Windows Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers sof ...

so that extremely large update packages can download in the background and pause halfway through the download, if the user turns off their computer or disconnects from the Internet. The Metalink download format enables clients to do segmented downloads by issuing partial requests and spreading these over a number of mirrors. Squid can relay partial requests to the origin web server. In order for a partial request to be satisfied at a fast speed from cache, Squid requires a full copy of the same object to already exist in its storage. If a proxy video user is watching a video stream and browses to a different page before the video completely downloads, Squid cannot keep the partial download for reuse and simply discards the data. Special configuration is required to force such downloads to continue and be cached.

Supported operating systems

Squid supports many

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s, including: * AIX * BSDI * Digital Unix *

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

FreeBSD jail The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called ''jails'', all sharing the same kernel, with ...

OpenWRT OpenWrt (from ''open wireless router'') is an open-source project for embedded operating systems based on Linux kernel, Linux, primarily used on Embedded system, embedded devices to Router (computing), route network traffic. The main components ...

* Raspbian *

Docker (software) Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called ''containers''. The service has both free and premium tiers. The software that hosts the containers is called Do ...

Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed primarily of free and open-source software. Developed by the British company Canonical (company), Canonical and a community of contributors under a Meritocracy, meritocratic gover ...

pfSense pfSense is a firewall/ router computer software distribution based on FreeBSD. The open source pfSense Community Edition (CE) and pfSense Plus is installed on a physical computer or a virtual machine In computing, a virtual machine (VM) is ...

OPNsense __NOTOC__ OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. Launched in 2015, it is a Fork_(software_development) ...

Kali Linux Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian''Testing'' branch: most packages Kali uses are imported from the De ...

CentOS CentOS (, from Community Enterprise Operating System; also known as CentOS Linux) is a discontinued Linux distribution that provided a free and open-source community-supported computing platform, functionally compatible with its upstream (softw ...

HP-UX HP-UX (from "Hewlett Packard Unix") is a proprietary software, proprietary implementation of the Unix operating system developed by Hewlett Packard Enterprise; current versions support HPE Integrity Servers, based on Intel's Itanium architect ...

IRIX IRIX (, ) is a discontinued operating system developed by Silicon Graphics (SGI) to run on the company's proprietary MIPS architecture, MIPS workstations and servers. It is based on UNIX System V with Berkeley Software Distribution, BSD extensio ...

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64. Fedora Linux and ...

SUSE Linux openSUSE () is a free and open-source Linux distribution developed by the openSUSE project. It is offered in two main variations: ''Tumbleweed'', an upstream rolling release distribution, and ''Leap'', a stable release distribution which is so ...

Arch Linux Arch Linux () is an Open-source software, open source, rolling release Linux distribution. Arch Linux is kept up-to-date by regularly updating the individual pieces of software that it comprises. Arch Linux is intentionally minimal, and is meant ...

Linux Mint Linux Mint is a community-developed Linux distribution. It is based on Ubuntu and designed for x86-64 based computers; another variant is based on Debian which is named Linux Mint Debian Edition (LMDE) and has both 64-bit and IA-32 support. T ...

Debian Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...

webOS webOS, also known as LG webOS, is a Linux kernel-based multitasking operating system for smart devices, such as smart TVs, that has also been used as a mobile operating system. Initially developed by Palm, Inc. (which was acquired by Hewlett ...

on Palm *

macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...

NeXTStep NeXTSTEP is a discontinued object-oriented, multitasking operating system based on the Mach kernel and the UNIX-derived BSD. It was developed by NeXT, founded by Steve Jobs, in the late 1980s and early 1990s and was initially used for its ...

OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...

OS/2 OS/2 is a Proprietary software, proprietary computer operating system for x86 and PowerPC based personal computers. It was created and initially developed jointly by IBM and Microsoft, under the leadership of IBM software designer Ed Iacobucci, ...

(including

ArcaOS ArcaOS is a Proprietary software, proprietary operating system based on OS/2, developed and marketed by Arca Noae, LLC under license from IBM. It was first released in 2017 and builds on OS/2 Warp 4.52 by adding support for new hardware, fixing ...

and

eComStation eComStation or eCS is an operating system based on OS/2 Warp for the 32-bit x86 architecture. It was originally developed by Serenity Systems and Mensys BV under license from IBM. It includes additional applications, and support for new hardwa ...

)OS/2 Ports by Paul Smedley
OS/2 Ports * SCO OpenServer * Solaris * UnixWare *

Microsoft Azure Microsoft Azure, or just Azure ( /ˈæʒər, ˈeɪʒər/ ''AZH-ər, AY-zhər'', UK also /ˈæzjʊər, ˈeɪzjʊər/ ''AZ-ure, AY-zure''), is the cloud computing platform developed by Microsoft. It has management, access and development of ...

also Microsoft Nano Server *

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

References

External links

*
Squid Blog

Squid User's Guide

Squid Transparent Proxy For DD-WRT

Palm WebOS Guide
- Squid install guide
Squid reverse proxy
– Create a reverse proxy with Squid
Configuration Manual
– ViSolve Squid Configuration Manual Guide
Configuration Manual
– Authoritative Squid Configuration Options * – Setup squid on solaris
SQUID – Installation on CentOS, Fedora and Red Hat
{{DEFAULTSORT:Squid (Software) Free proxy servers Reverse proxy Proxy server software for Linux Unix network-related software Gopher clients Cross-platform free software