== Squid as a Transparent Proxy on pfSense ==


Proxy servers can be very useful for improving the speed of an internet connection by caching, logging internet usage, or filtering the traffic. The proxy server will store local copies of HTML pages, images, and other files in its cache.

Caching proxy servers can greatly improve the internet performance of corporate networks where many users may be requesting similar pages.

'''Transparent proxys''' route the clients traffic through the proxy server automatically, unlike traditional proxys which require configuration changes on the client systems.

Following is how to install popular proxy server application '''squid''' as a transparent proxy.


==== Step 1: ====

The first thing you'll need to do is install the squid package in pfSense.  Goto Package Manager from drop down '''System''' menu

Select '''Available Packages''' and search for Squid. Then locate the Squid package and click the + symbol next to it and confirm the setup to begin the installation. The installation process normally takes a few minutes to complete, make sure you do not leave the package installer page while it is installing.

==== Step 2: ====

Once the installation is completed goto '''Squid Proxy Server''' on Services menu.

Select '''Local Cache''' and configure following:

* Cache Replacement Policy : Heap LFUDA
* Low-Water Mark in %: 90
* High-Water Mark in %: 95
* Hard Disk Cache Size: 1024
* Level 1 Directories: 16
* Hard Disk Cache Location:  /var/squid/cache
* Minimum Object Size: 0
* Maximum Object Size: 4
* Memory Cache Size: 64
* Maximum Object Size in RAM: 256
* Memory Replacement Policy: Heap GDSF
* and Save

==== Step 3: ====

Configure '''General''' tab settings as follows:

* Check/tick '''Enable Squid Proxy''' option
* Tick '''Keep !Settings/Data'''
* As we need to enable proxy for the internal users select '''LAN''' from '''Proxy Interface(s)'''
* Keep other '''Squid General Settings''' as it is.

==== Step 4: ====

Setup the '''Transparent Proxy Settings''' as follows:

* Enable transparent mode by checking '''Transparent HTTP Proxy'''
* Select '''LAN''' on '''Transparent Proxy Interface(s)'''

> If you have any specific sources or destinations that needs to be bypassed from getting cached you may use '''Bypass Proxy for These Source IPs''' and '''Bypass Proxy for These Destination IPs''' in production.

==== Step 5: ====

Logging Settings:

* Check '''Enable Access Logging''', keep in mind about the warning!!!
* '''Rotate Logs''': 1

==== Step 6: ====
Headers Handling, Language and Other Customizations:

* Visible Hostname: pf01.instxy.ac.lk
* Administrator's Email: you@instxy.ac.lk
* X-Forwarded Header Mode: transparent
* Disable VIA Header: set
* URI Whitespace Characters Handling: strip
* Suppress Squid Version: set