Complete Squid Proxy Configuration Guide on IPFire Firewall

Complete Squid Proxy Configuration Guide on IPFire Firewall
IPFire uses squid proxy to control access or to log and cache visits to web pages, optimization of bandwidth and speed. It features a proxy cache as well as an update accelerator to help in distributing windows and linux updates and patches centrally to all client computers in the network.
IPFire also ships as an addon, the squidClamAV that takes care of data privacy.
All these and more, we will be covering in this “Complete Squid Proxy Configuration Guide on IPFire Firewall” series.
If you are new to web proxies, take a look at web proxy implementation on ubuntu.

Also web proxy can be implemented on vyos router .

Want to know how to monitor your web proxy? Check this “How to install SARG for squd proxies“.

To install IPFire Firewall properly, follow this guide.

There are 2 modes used by IPFire to run squid. These are:

(a) Conventional mode. This is the Non transparent mode.

(b) Transparent Mode.

Complete Squid Proxy Configuration Guide on IPFire Firewall

In the non transparent mode, the ip address of the squid proxy is entered into each clients browser settings as shown. Note that the default port used by IPFire squid proxy in non transparent mode is 800. This can be changed according to your needs.


To ensure that our web proxy is working in transparent or non transparent mode, simply enable logging.

Tick log enabled to activate the  web proxy logging feature.

To view full url of web pages visited, tick log query terms. Logs can be viewed in Logs => Proxy logs.

Click on update to get data from the proxy log.

click on update to get data from proxy log

Also generate log reports by going to Logs => Proxy Reports.

To view proxy reports, tick enable requester in the proxy report screen. Click on create report, and click view

You could also access your IPFire terminal and view your logs by typing #cat /var/log/squid/access.log.


The cache management feature is a whole lot similar to what we have accomplished in this guide “how to manage and monitor squid proxy traffic“, but a lot easier.

To achieve cache management, tick activate cache manager to display statistics of memory used by proxy process and other important details.

Save and restart the squid proxy. Enter an email address and password.

Now navigate to https://ip address of IPFire:444/cgi-bin/cachemgr.cgi

The familiar looking screen will be shown as under.


To allow or deny some computers with ip addresses access to the internet, simply create a group and place the ip addresses to be denied or allowed access to the internet under the group created.

First tick classroom extension to enable it. Save and restart squid.

enable classroom extension

Now create a group ,say, ITSupport like this [ITSupport], then add all ip addresses of computers used by IT Support personnel under the group just created.

To block or allow access to the internet, visit https://ip address of IPFire:444/cgi-bin/webaccess.cgi.






Did You Enjoy What You Read? Sign Up To Our News Letter
I agree to have my personal information transfered to MailChimp ( more information )
Join over 1.000 visitors who are receiving our newsletter and learn how to design networks that work using open source technology and commercial offerings. Also learn how to proactively defend against security threats.
We hate spam. Your email address will not be sold or shared with anyone else.
Share This.