THIS PROJECT IS DEAD AND IT DOESN'T WORK ON WINDOWS

[x011]

No working version for windows
no help
nothing works.
better delete this trash.

[x011]

For windows use Free Proxy
http://www.softpedia.com/get/Internet/Servers/Proxy-Servers/FreeProxy.shtml
Last update was 13 years ago but it still works flawlessly. That's how good software should work, not this pseudo proxy.

[zepingouin]

Squid is working for Windows, follow these instructions.

[totszwai]

@zepingouin Any idea on how to get https traffic to work? http traffic works but I am having a hard time getting https to go through.

https://groups.google.com/g/web-safety/c/COiZCGB0cQc

[guanzhujiaran]

太对了，浪费我老大精力用squid搞一个端口对应一个出站ip，又用了好久发现wss根本没法穿，查了之后才知道这个项目的windows可用版本太老了，不支持wss

[totszwai]

太对了，浪费我老大精力用squid搞一个端口对应一个出站ip，又用了好久发现wss根本没法穿，查了之后才知道这个项目的windows可用版本太老了，不支持wss

Indeed, I wasted so much time on this too.

[Eboubaker]

For windows use Free Proxy http://www.softpedia.com/get/Internet/Servers/Proxy-Servers/FreeProxy.shtml Last update was 13 years ago but it still works flawlessly. That's how good software should work, not this pseudo proxy.

Life safer, I like it when I see a WinXP UI application I know for a fact that it is stable

[dig12345]

Works for me, not sure if it's being updated, but can confirm it works as is. I installed the MSI and got things working. Try running squid.exe from cmd to see what config errors are preventing it from starting. Would be nice if that was available in the logs but that is my workaround...

[thewriteway]

I have an updated fork with Squid 6.10 version.
you can find it under https://github.com/diladele/squid-windows/forks
no additional support will be given though.

[coffeecodeconverter]

alternative option, just follow these steps:

TL;DR
you could just copy this entire comment, paste into chatgpt, and ask it how you can follow these steps - OR BETTER YET - give it the rules you want to allow and deny, and ask it to use this comment as a reference guide - it will then output a finished config based on your rules, not mine. Hardly any work needed on your part (apart from copy, paste, and provide rules in a natural language format)

for the manual process, read on...

download squid for windows from here:
https://squid.diladele.com/
(the page loads very slowly, at least for me, even on 100+mbps internet speeds!)

NOTE: download the MSI that says "Squid for Windows" (Approx 17MB, very small indeed)
DO NOT download the one for "Web Proxy for Windows" (that's an entirely different, and paid piece of software)

run the MSI, accept all defaults (or change your install directory if you want)
assuming defaults, it installs under "C:\Squid"
it installs a Service called "Squid for Windows" (service name is "squidsrv", displayname is "squid for windows")

you'll also get a 2nd app on your desktop and start menu called "Squid Server Tray" - run this to launch the system tray icon.

click the system tray icon and select "Open Squid Configuration"

it will open "C:\squid\etc\squid\squid.conf"
now,
almost at the very top, you'll see the list of ACLs for your local network like this:

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

amend it to match the CIDR notation of your LAN/WLAN network
so, if you run "ipconfig" in CMD, and lets say your IP is like this:

   IPv4 Address. . . . . . . . . . . : 192.168.1.232
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

then you'd amend the ACLs in squid.conf (assuming you want to allow all local traffic)
removing any that werent applicable to your situation
like this

acl localnet src 192.168.1.0/24  # Your local network - notice this is in CIDR notation 
acl localnet src 127.0.0.1        # Your local network - notice this is NOT in CIDR notation, and just needs the IP 
acl localnet src fc00::/7         # RFC 4193 local private network range
acl localnet src fe80::/10        # RFC 4291 link-local (directly plugged) machine

now lets add just 1 x ACL that we'll later block,
just underneath your local Network ACLs (i.e. the lines we just amended mentioned above)
lets say we want to add a rule for microsoft.com and any of its subdomains
add this line:

acl block_windows_updates_microsoft dstdomain .microsoft.com

note, the address is
.microsoft.com
not
*microsoft.com
not
microsoft.com

the first dot is the syntax squid uses for wildcards (so .microsoft.com = *microsoft.com and *.microsoft.com)

thats the rule created, we now need to tell squid what to do with it
lets say blocking it (if you want to stop automatic windows updates permanently for example)
further down the squid.conf, you'll see these lines:

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

so JUST ABOVE THESE, add the deny rule that references the ACL we created in the previous step
enter this line:

http_access deny block_windows_updates_microsoft

this means, "http_access" to "deny" the ACL named "block_windows_updates_microsoft"
NOTE:
the ACL name matches the earlier line we entered, i.e.:

acl block_windows_updates_microsoft dstdomain .microsoft.com

so to recap this step, in squid.conf, these lines:

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

should now look like this:

http_access deny block_windows_updates_microsoft

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

save squid.conf
to give a full example, the entire squid.conf contents should now be:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed

acl localnet src 192.168.33.0/24  # Your local network
acl localnet src 127.0.0.1        # Your local network
acl localnet src fc00::/7         # RFC 4193 local private network range
acl localnet src fe80::/10        # RFC 4291 link-local (directly plugged) machine

acl block_windows_updates_microsoft dstdomain .microsoft.com

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Block Windows Update domains
http_access deny block_windows_updates_microsoft

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
#cache_dir aufs /cygdrive/d/squid/cache 3000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

dns_nameservers 8.8.8.8 208.67.222.222

max_filedescriptors 3200

(so if you think you messed up, you can just copy this and save as Squid.conf under "C:\squid\etc\squid\squid.conf")

stop the squid service
start the squid service
TECHNICALLY Squid is now "up and running and configured" BUT it wont work yet, why?
you need to tell your system to USE the proxy as well.

to do this, there's 2 x main methods (although be aware some connections may be able to bypass this)

1. winhttp API
2. wininet API

"winhttp API" is just the "systems HTTP Stack" effectively.
in a new, ELEVATED, cmd.exe window, type this command

netsh winhttp set proxy 127.0.0.1:3128

this will force all system traffic (http and https) to go via the squid proxy. (assuming you left the squid port as its default 3128, otherwise, amend to what you set it as)

now to sort out 2.) "wininet API" - thats simply enabling the proxy via "internet options"
on OLDER WINDOWS go to "Control Panel > Internet options > connections (tab) > LAN Settings (button)" and TICK the option "use proxy server for your LAN"
in NEWER WINDOWS: just search "proxy settings" in start menu, and it will load the new Win10/Win11 "settings" app instead,
click "set up" button underneath the "manual Proxy" section
tick "use proxy server"
set the proxy IP address as 127.0.0.1
set the port to 3128 (again, assuming you left squid on defaults, otherwise, set to the port you used)
click Save.

this will force all web traffic to go via the proxy as well now.
so winhttp forces the system to go via proxy
wininet forces web traffic through it

ALMOST DONE, you also need to open the windows firewall to allow port 3128 (or whatever port you set for Squid) both inbound and outbound, you can probably just get away with setting for TCP, but for good measure, also allow port 3128 inbound and outbound for UDP too. (why not)

NOW FINALLY - if you tried to go to https://microsoft.com in a browser, it will fail
but any other address will work and allow you through.
windows update "should" largely fail, it might try another domain apart from microsoft.com in which case, repeat the "add ACL" and "Add Rule" steps in this guide for each domain you want to block.

i just used microsoft as an example
as i know MANY people on the internet might want to do just that! for whatever reason, but thats their decision.

TROUBLESHOOTING:
you should find an "access.log" under "C:\Squid\var\log\squid\access.log" that shows whats passing through the proxy
if you see nothing, then
stop the service,
rename access.log,
start the service again -
at the bare minimum, it should recreate the access.log
if so, that confirms the syntax of your squid.conf is correct at least, and should be able to log traffic,
if it doesn't recreate the file, you've got an error in your squid.conf, most likely syntax, but that will prevent the proxy from working, despite it still saying "service running" (and the diladele.squid.service.exe will still be running) yet wont report any error to you.
You can check for this problem, by
backing up your squid.conf,
reverting to the default squid.conf,
restart the service,
confirm if access.log is being written
if so, then your config was the problem, if not, then user permissions to write the access.log in the first place is the problem, check folder permissions / user permissions.

if however, if you find sending requests to test the proxy still logs nothing in access.log, but you've confirmed its not permissions or syntax in the conf file, it indicates something is preventing the request from even getting to the proxy, like a firewall, or some other error, or maybe a route is in place you don't know about, or redirect, etc. In which case, you can use CURL commands (download here: https://curl.se/windows/) to run tests to the proxy - try http address first, such as "http://example.com" to rule out SSL potentially getting in your way, if Http works, try a https address, if that fails, your SSL config is likely the culprit, but by default i havent needed to configure anything for SSL or HTTPs to get it to block them successfully. if you're unsure on how to write curl commands, just lean on chatgpt tell it what you want to test and it will write it for you easily.