Install Squid 6 Proxy with Bandwidth Controls

Set up Squid 6 proxy server with advanced traffic shaping, content filtering, and user authentication. Configure bandwidth limits, access control lists, and comprehensive logging for enterprise proxy deployments.

Prerequisites

Root or sudo access
At least 2GB RAM
20GB available disk space
Basic understanding of networking concepts
Email server for monitoring alerts (optional)

What this solves

Squid 6 is a high-performance caching proxy server that provides bandwidth control, content filtering, and user authentication for enterprise networks. This tutorial shows you how to install Squid 6, configure traffic shaping with delay pools, set up content filtering with access control lists, and enable comprehensive logging with authentication mechanisms.

Step-by-step installation

Update system packages

Start by updating your package manager to ensure you get the latest versions of all packages.

sudo apt update && sudo apt upgrade -y

sudo dnf update -y

Install Squid proxy server

Install Squid 6 and additional packages needed for authentication and SSL support.

sudo apt install -y squid apache2-utils ssl-cert
sudo apt install -y squid-langpack squidclient

sudo dnf install -y squid httpd-tools openssl
sudo dnf install -y squid-helpers

Create backup of default configuration

Create a backup of the original Squid configuration file before making changes.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup
sudo chmod 644 /etc/squid/squid.conf.backup

Configure basic Squid settings

Create a new Squid configuration with basic proxy settings, custom port, and access controls.

# Squid 6 Configuration with Bandwidth Controls and Content Filtering

Basic proxy settings
http_port 3128
coredump_dir /var/spool/squid

Memory and cache settings
cache_mem 256 MB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/spool/squid 1000 16 256
maximum_object_size 50 MB

Access Control Lists (ACLs)
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10

Define business hours (Monday to Friday, 8 AM to 6 PM)
acl business_hours time MTWHF 08:00-18:00

Content filtering ACLs
acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt"
acl allowed_sites dstdomain "/etc/squid/allowed_sites.txt"

File type restrictions
acl multimedia urlpath_regex -i \.(avi|mp4|mkv|mov|wmv|flv|mp3|wav|ogg)$
acl executables urlpath_regex -i \.(exe|msi|dmg|pkg|deb|rpm)$

Safe ports and SSL ports
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

Bandwidth control delay pools
delay_pools 3
delay_class 1 2
delay_class 2 2
delay_class 3 1

Pool 1: Standard users (512 KB/s individual, 2 MB/s aggregate)
delay_parameters 1 2097152/2097152 524288/524288
delay_access 1 allow localnet

Pool 2: Multimedia restriction (128 KB/s for multimedia)
delay_parameters 2 131072/131072 131072/131072
delay_access 2 allow multimedia
delay_access 2 deny all

Pool 3: Business hours throttling (1 MB/s during business hours)
delay_parameters 3 1048576/1048576
delay_access 3 allow business_hours localnet
delay_access 3 deny all

Access rules
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny blocked_sites
http_access deny executables
http_access allow localnet
http_access allow localhost
http_access deny all

Logging configuration
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
coredump_dir /var/spool/squid

Performance tuning
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Anonymity settings
forwarded_for off
via off

DNS settings
dns_nameservers 8.8.8.8 1.1.1.1

Create content filtering lists

Create blocked and allowed sites lists for content filtering. These files will contain domains to block or allow.

sudo mkdir -p /etc/squid
sudo touch /etc/squid/blocked_sites.txt
sudo touch /etc/squid/allowed_sites.txt
sudo chown proxy:proxy /etc/squid/blocked_sites.txt /etc/squid/allowed_sites.txt
sudo chmod 644 /etc/squid/blocked_sites.txt /etc/squid/allowed_sites.txt

Configure blocked sites list

Add common sites to block for content filtering. You can customize this list based on your organization's policy.

facebook.com
twitter.com
youtube.com
instagram.com
tiktok.com
reddit.com
netflix.com
gaming.com
porn.com
adult.com
gambling.com
betting.com

Configure allowed sites list

Add business-critical sites that should always be accessible, even if they might match other blocking rules.

google.com
microsoft.com
office.com
outlook.com
gmail.com
github.com
stackoverflow.com
documentation.example.com
company.example.com

Set up user authentication

Create user authentication using htpasswd for basic HTTP authentication. This adds a security layer to your proxy.

sudo mkdir -p /etc/squid/auth
sudo htpasswd -c /etc/squid/auth/users john
sudo htpasswd /etc/squid/auth/users jane
sudo htpasswd /etc/squid/auth/users admin
sudo chown proxy:proxy /etc/squid/auth/users
sudo chmod 600 /etc/squid/auth/users

Configure authentication in Squid

Add authentication configuration to Squid. This will require users to authenticate before accessing the proxy.

sudo tee -a /etc/squid/squid.conf > /dev/null << 'EOF'

Authentication configuration
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/auth/users
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 2 hours

Authentication ACLs
acl authenticated proxy_auth REQUIRED

Modify access rules to require authentication
http_access allow authenticated localnet
http_access deny all
EOF

Configure log rotation

Set up log rotation to prevent Squid logs from consuming too much disk space.

/var/log/squid/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    create 0644 proxy proxy
    postrotate
        test ! -e /run/squid.pid || /usr/sbin/squid -k rotate
    endscript
}

Initialize Squid cache directories

Initialize the cache directories that Squid will use for storing cached content.

sudo squid -z
sudo chown -R proxy:proxy /var/spool/squid
sudo chmod -R 755 /var/spool/squid

Configure firewall rules

Open the necessary ports for Squid proxy access. We'll allow access on port 3128 from local networks.

sudo ufw allow from 192.168.0.0/16 to any port 3128
sudo ufw allow from 172.16.0.0/12 to any port 3128
sudo ufw allow from 10.0.0.0/8 to any port 3128
sudo ufw reload

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/16" port protocol="tcp" port="3128" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.0.0/12" port protocol="tcp" port="3128" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" port protocol="tcp" port="3128" accept'
sudo firewall-cmd --reload

Test configuration and start Squid

Test the Squid configuration for syntax errors, then enable and start the service.

sudo squid -k parse
sudo systemctl enable squid
sudo systemctl start squid
sudo systemctl status squid

Configure monitoring and alerting

Create a script to monitor Squid performance and generate alerts for high bandwidth usage or blocked requests.

#!/bin/bash

Squid monitoring script
LOG_FILE="/var/log/squid/access.log"
ALERT_EMAIL="admin@example.com"
THRESHOLD_MB=100

Check bandwidth usage in last hour
CURRENT_HOUR=$(date +"%d/%b/%Y:%H")
BANDWIDTH=$(grep "$CURRENT_HOUR" $LOG_FILE | awk '{sum += $7} END {print int(sum/1048576)}')

if [ "$BANDWIDTH" -gt "$THRESHOLD_MB" ]; then
    echo "High bandwidth usage detected: ${BANDWIDTH}MB in the last hour" | \
    mail -s "Squid Bandwidth Alert" $ALERT_EMAIL
fi

Check for blocked requests
BLOCKED_COUNT=$(grep "$(date +"%d/%b/%Y")" $LOG_FILE | grep "TCP_DENIED" | wc -l)

if [ "$BLOCKED_COUNT" -gt 50 ]; then
    echo "High number of blocked requests: $BLOCKED_COUNT today" | \
    mail -s "Squid Security Alert" $ALERT_EMAIL
fi

Log current statistics
echo "$(date): Bandwidth: ${BANDWIDTH}MB, Blocked: ${BLOCKED_COUNT}" >> /var/log/squid/monitoring.log

Set up monitoring cron job

Schedule the monitoring script to run every hour and make it executable.

sudo chmod +x /usr/local/bin/squid-monitor.sh
sudo chown root:root /usr/local/bin/squid-monitor.sh

Add cron job
echo "0     /usr/local/bin/squid-monitor.sh" | sudo crontab -

Configure advanced bandwidth controls

Set up user-based bandwidth limits

Configure different bandwidth limits for different user groups using external ACL helpers.

john manager
jane employee
admin manager
guest guest

Configure group-based delay pools

Add group-based bandwidth controls to your Squid configuration for more granular traffic shaping.

sudo tee -a /etc/squid/squid.conf > /dev/null << 'EOF'

User group definitions
external_acl_type user_group ttl=60 children-max=10 %LOGIN /usr/local/bin/user_group_helper.py
acl managers external user_group manager
acl employees external user_group employee
acl guests external user_group guest

Manager bandwidth (2 MB/s)
delay_pools 4
delay_class 4 2
delay_parameters 4 2097152/2097152 2097152/2097152
delay_access 4 allow managers authenticated
delay_access 4 deny all

Employee bandwidth (1 MB/s)
delay_class 5 2
delay_parameters 5 1048576/1048576 1048576/1048576
delay_access 5 allow employees authenticated
delay_access 5 deny all

Guest bandwidth (512 KB/s)
delay_class 6 2
delay_parameters 6 524288/524288 524288/524288
delay_access 6 allow guests authenticated
delay_access 6 deny all
EOF

Create user group helper script

Create a Python script to determine user groups for bandwidth allocation.

#!/usr/bin/env python3
import sys
import os

Read user groups from file
GROUP_FILE = '/etc/squid/user_groups.txt'
user_groups = {}

try:
    with open(GROUP_FILE, 'r') as f:
        for line in f:
            if line.strip() and not line.startswith('#'):
                parts = line.strip().split()
                if len(parts) >= 2:
                    user_groups[parts[0]] = parts[1]
except:
    pass

Process requests
while True:
    try:
        line = sys.stdin.readline().strip()
        if not line:
            break
        
        username = line.split()[0] if line.split() else ''
        group = user_groups.get(username, 'employee')
        
        print(f"OK user={username} group={group}")
        sys.stdout.flush()
    except:
        print("ERR")
        sys.stdout.flush()

Make helper script executable

Set proper permissions for the user group helper script.

sudo chmod +x /usr/local/bin/user_group_helper.py
sudo chown proxy:proxy /usr/local/bin/user_group_helper.py
sudo chown proxy:proxy /etc/squid/user_groups.txt
sudo chmod 644 /etc/squid/user_groups.txt

Verify your setup

Test your Squid proxy configuration to ensure all features are working correctly.

# Check Squid service status
sudo systemctl status squid

Test configuration syntax
sudo squid -k parse

Check if Squid is listening on port 3128
sudo netstat -tlnp | grep :3128

Test proxy functionality
curl -x localhost:3128 -U john:password http://example.com

Check access logs
sudo tail -f /var/log/squid/access.log

Monitor bandwidth usage
sudo tail -f /var/log/squid/monitoring.log

Test blocked site (should be denied)
curl -x localhost:3128 -U john:password http://facebook.com

Check cache statistics
squidclient -p 3128 mgr:info

View current delay pool status
squidclient -p 3128 mgr:delay

Note: Replace "password" with the actual password you set during user creation. Monitor the access logs to verify that bandwidth controls and content filtering are working as expected.

Common issues

Symptom	Cause	Fix
Squid won't start	Configuration syntax error	`sudo squid -k parse` to check syntax
Authentication not working	Wrong file permissions	`sudo chmod 600 /etc/squid/auth/users`
Cache directory errors	Uninitialized cache	`sudo squid -z` to initialize cache
Bandwidth limits not applied	Delay pools misconfigured	Check ACL order and delay_access rules
Content filtering not working	Wrong file format	Ensure blocked_sites.txt has one domain per line
High CPU usage	Too many auth helpers	Reduce auth_param basic children count
Logs growing too large	Log rotation not working	Check logrotate configuration and permissions
User group helper failing	Python script permissions	`sudo chmod +x /usr/local/bin/user_group_helper.py`

Next steps

Setup NGINX reverse proxy with SSL certificates for additional web server protection
Configure HAProxy with Consul for dynamic service discovery to load balance multiple Squid instances
Set up centralized logging with rsyslog and logrotate for better log management
Configure Squid SSL-Bump for HTTPS content filtering to filter encrypted traffic
Implement Squid load balancing with HAProxy for high availability proxy deployment
Setup Squid monitoring with Prometheus and Grafana for comprehensive proxy analytics

Automated install script

Run this to automate the entire setup

install.sh

#!/usr/bin/env bash

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Configuration
SQUID_USER="proxy"
SQUID_GROUP="proxy"

# Usage function
usage() {
    echo "Usage: $0 [OPTIONS]"
    echo "Options:"
    echo "  -p PORT     Squid proxy port (default: 3128)"
    echo "  -h          Show this help message"
    exit 1
}

# Parse arguments
PROXY_PORT=3128
while getopts "p:h" opt; do
    case $opt in
        p) PROXY_PORT="$OPTARG" ;;
        h) usage ;;
        *) usage ;;
    esac
done

# Check if running as root
if [[ $EUID -ne 0 ]]; then
    echo -e "${RED}Error: This script must be run as root${NC}" >&2
    exit 1
fi

# Error cleanup function
cleanup() {
    echo -e "${RED}Installation failed. Cleaning up...${NC}"
    systemctl stop squid 2>/dev/null || true
    systemctl disable squid 2>/dev/null || true
    if [[ -f /etc/squid/squid.conf.backup ]]; then
        mv /etc/squid/squid.conf.backup /etc/squid/squid.conf 2>/dev/null || true
    fi
}

trap cleanup ERR

# Auto-detect distribution
echo -e "${YELLOW}[1/8] Detecting operating system...${NC}"
if [ -f /etc/os-release ]; then
    . /etc/os-release
    case "$ID" in
        ubuntu|debian) 
            PKG_MGR="apt"
            PKG_INSTALL="apt install -y"
            PKG_UPDATE="apt update && apt upgrade -y"
            SQUID_PACKAGES="squid apache2-utils ssl-cert squid-langpack squidclient"
            FIREWALL_CMD="ufw"
            ;;
        almalinux|rocky|centos|rhel|ol|fedora) 
            PKG_MGR="dnf"
            PKG_INSTALL="dnf install -y"
            PKG_UPDATE="dnf update -y"
            SQUID_PACKAGES="squid httpd-tools openssl squid-helpers"
            FIREWALL_CMD="firewall-cmd"
            ;;
        amzn) 
            PKG_MGR="yum"
            PKG_INSTALL="yum install -y"
            PKG_UPDATE="yum update -y"
            SQUID_PACKAGES="squid httpd-tools openssl"
            FIREWALL_CMD="firewall-cmd"
            ;;
        *) 
            echo -e "${RED}Unsupported distribution: $ID${NC}"
            exit 1
            ;;
    esac
else
    echo -e "${RED}Cannot detect operating system${NC}"
    exit 1
fi

echo -e "${GREEN}Detected: $PRETTY_NAME${NC}"

# Update system packages
echo -e "${YELLOW}[2/8] Updating system packages...${NC}"
eval $PKG_UPDATE

# Install Squid and dependencies
echo -e "${YELLOW}[3/8] Installing Squid proxy server and dependencies...${NC}"
eval "$PKG_INSTALL $SQUID_PACKAGES"

# Create backup of default configuration
echo -e "${YELLOW}[4/8] Backing up default configuration...${NC}"
cp /etc/squid/squid.conf /etc/squid/squid.conf.backup
chmod 644 /etc/squid/squid.conf.backup

# Create Squid configuration
echo -e "${YELLOW}[5/8] Creating Squid configuration...${NC}"
cat > /etc/squid/squid.conf << EOF
# Squid 6 Configuration with Bandwidth Controls and Content Filtering

# Basic proxy settings
http_port $PROXY_PORT
coredump_dir /var/spool/squid

# Memory and cache settings
cache_mem 256 MB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/spool/squid 1000 16 256
maximum_object_size 50 MB

# Access Control Lists (ACLs)
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10

# Define business hours (Monday to Friday, 8 AM to 6 PM)
acl business_hours time MTWHF 08:00-18:00

# Content filtering ACLs
acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt"
acl allowed_sites dstdomain "/etc/squid/allowed_sites.txt"

# File type restrictions
acl multimedia urlpath_regex -i \.(avi|mp4|mkv|mov|wmv|flv|mp3|wav|ogg)$
acl executables urlpath_regex -i \.(exe|msi|dmg|pkg|deb|rpm)$

# Safe ports and SSL ports
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

# Bandwidth control delay pools
delay_pools 3
delay_class 1 2
delay_class 2 2
delay_class 3 1

# Pool 1: Standard users (512 KB/s individual, 2 MB/s aggregate)
delay_parameters 1 2097152/2097152 524288/524288
delay_access 1 allow localnet

# Pool 2: Multimedia restriction (128 KB/s for multimedia)
delay_parameters 2 131072/131072 131072/131072
delay_access 2 allow multimedia
delay_access 2 deny all

# Pool 3: Business hours throttling (1 MB/s during business hours)
delay_parameters 3 1048576/1048576
delay_access 3 allow business_hours localnet
delay_access 3 deny all

# Access rules
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny blocked_sites
http_access deny executables
http_access allow localnet
http_access allow localhost
http_access deny all

# Logging configuration
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
coredump_dir /var/spool/squid

# Performance tuning
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Anonymity settings
forwarded_for off
via off

# DNS settings
dns_nameservers 8.8.8.8 1.1.1.1
EOF

# Create content filtering lists and set proper permissions
echo -e "${YELLOW}[6/8] Creating content filtering lists...${NC}"
touch /etc/squid/blocked_sites.txt
touch /etc/squid/allowed_sites.txt

# Add some default blocked sites
cat > /etc/squid/blocked_sites.txt << EOF
# Social media and entertainment
facebook.com
twitter.com
instagram.com
youtube.com
tiktok.com
netflix.com

# Adult content
*.xxx
*.adult
EOF

# Set proper ownership and permissions
chown $SQUID_USER:$SQUID_GROUP /etc/squid/blocked_sites.txt /etc/squid/allowed_sites.txt
chmod 644 /etc/squid/blocked_sites.txt /etc/squid/allowed_sites.txt
chmod 644 /etc/squid/squid.conf

# Initialize Squid cache and start service
echo -e "${YELLOW}[7/8] Initializing Squid cache and starting service...${NC}"
squid -z -N -d 1
systemctl enable squid
systemctl start squid

# Configure firewall
echo -e "${YELLOW}[8/8] Configuring firewall...${NC}"
case "$FIREWALL_CMD" in
    "ufw")
        if command -v ufw >/dev/null 2>&1; then
            ufw allow $PROXY_PORT/tcp
        fi
        ;;
    "firewall-cmd")
        if command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active --quiet firewalld; then
            firewall-cmd --permanent --add-port=$PROXY_PORT/tcp
            firewall-cmd --reload
        fi
        ;;
esac

# Verification checks
echo -e "${YELLOW}Verifying installation...${NC}"
sleep 5

if systemctl is-active --quiet squid; then
    echo -e "${GREEN}✓ Squid service is running${NC}"
else
    echo -e "${RED}✗ Squid service is not running${NC}"
    exit 1
fi

if netstat -tlnp 2>/dev/null | grep -q ":$PROXY_PORT "; then
    echo -e "${GREEN}✓ Squid is listening on port $PROXY_PORT${NC}"
else
    echo -e "${RED}✗ Squid is not listening on port $PROXY_PORT${NC}"
    exit 1
fi

if squid -k parse 2>/dev/null; then
    echo -e "${GREEN}✓ Squid configuration is valid${NC}"
else
    echo -e "${RED}✗ Squid configuration has errors${NC}"
    exit 1
fi

# Display final information
echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${GREEN}Squid 6 proxy server installation completed successfully!${NC}"
echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${YELLOW}Configuration details:${NC}"
echo -e "  Proxy URL: http://$(hostname -I | awk '{print $1}'):$PROXY_PORT"
echo -e "  Configuration file: /etc/squid/squid.conf"
echo -e "  Blocked sites list: /etc/squid/blocked_sites.txt"
echo -e "  Allowed sites list: /etc/squid/allowed_sites.txt"
echo -e "  Access log: /var/log/squid/access.log"
echo -e "  Cache log: /var/log/squid/cache.log"
echo -e "${YELLOW}Management commands:${NC}"
echo -e "  Start: systemctl start squid"
echo -e "  Stop: systemctl stop squid"
echo -e "  Restart: systemctl restart squid"
echo -e "  Reload: systemctl reload squid"
echo -e "  Status: systemctl status squid"

Review the script before running. Execute with: bash install.sh

#squid #proxy server #bandwidth control #content filtering #authentication

Install and configure Squid 6 proxy server with bandwidth controls and content filtering

Prerequisites

What this solves

Step-by-step installation

Update system packages

Install Squid proxy server

Create backup of default configuration

Configure basic Squid settings

Basic proxy settings

Memory and cache settings

Access Control Lists (ACLs)

Define business hours (Monday to Friday, 8 AM to 6 PM)

Content filtering ACLs

File type restrictions

Safe ports and SSL ports

Bandwidth control delay pools

Pool 1: Standard users (512 KB/s individual, 2 MB/s aggregate)

Pool 2: Multimedia restriction (128 KB/s for multimedia)

Pool 3: Business hours throttling (1 MB/s during business hours)

Access rules

Logging configuration

Performance tuning

Anonymity settings

DNS settings

Create content filtering lists

Configure blocked sites list

Configure allowed sites list

Set up user authentication

Configure authentication in Squid

Authentication configuration

Authentication ACLs

Modify access rules to require authentication

Configure log rotation

Initialize Squid cache directories

Configure firewall rules

Test configuration and start Squid

Configure monitoring and alerting

Squid monitoring script

Check bandwidth usage in last hour

Check for blocked requests

Log current statistics

Set up monitoring cron job

Add cron job

Configure advanced bandwidth controls

Set up user-based bandwidth limits

Configure group-based delay pools

User group definitions

Manager bandwidth (2 MB/s)

Employee bandwidth (1 MB/s)

Guest bandwidth (512 KB/s)

Create user group helper script

Read user groups from file

Process requests

Make helper script executable

Verify your setup

Test configuration syntax

Check if Squid is listening on port 3128

Test proxy functionality

Check access logs

Monitor bandwidth usage

Test blocked site (should be denied)

Check cache statistics

View current delay pool status

Common issues

Next steps

Related tutorials

Configure SNMP v3 authentication and encryption for secure network monitoring

Configure HAProxy load balancing with multiple backend servers

Monitor OSPF network topology with Prometheus and Grafana dashboards

Don't want to manage this yourself?