How to setup non-logging Squid proxy

To setup a non-logging/zero-logging Squid proxy, there are just a couple of lines to be added/commented/updated. This simple tutorial is for Squid version 2.7 and very likely still work for version 3.x. The default configuration in Squid exposes the origin IP address which is fine if you intended for that but that is usually not the case.

Why disable logging

  1. For privacy reasons, period.
  2. To avoid trashing your storage medium with tons of logs you never ever refer especially when the Squid server is behind firewall, which means only you have access to it.

Why setup Squid proxy server behind firewall allowing only LAN PCs to go through it

Assuming you have configured one specific machine to log onto VPN network but your VPN provider limits you to just one concurrent login. Now you are thinking of sharing this connection but do not want to setup on router because it is more complicated. The easier way to go is to then share connection via a proxy server installed onto this specific machine.

I am not going to get into specifics about how to install Squid proxy server since you can find plenty of tutorials online for this. On Debian-based Linux such as Ubuntu and Raspbian, just type:

sudo apt-get install squid

You then need to configure your browser to go through the proxy server.

Test Squid before changing anything

To test, Google for “test browser headers“ then try any of the free service that tells you what browser headers are being sent when going through Squid.

You should be able to see the following:

X-Forwarded-For: <your IP address>

Do not like that do you?

Squid.conf lines to change

To get rid of those privacy leaking headers, you need to edit Squid’s configuration. The location of this file may differ based from one Linux distro to another. You may be able to find yours at:

/etc/squid/squid.conf

The lines to be commented are:

# cache_dir
# coredump_dir

The lines to be replaced/added are:

# No caching
cache deny all

# No logging
access_log none
cache_store_log none
cache_log /dev/null

# Privacy; do not tell websites your origin IP address
via off
forwarded_for delete
follow_x_forwarded_for deny all

Restart Squid and test

The Squid service must be restarted for the configuration changes to take effect. Remember to test again. Do not assume that you have configured everything correctly on first attempt.

Support Me

If this post helped you, would you buy me a cup of tea/coffee?