Вы находитесь на странице: 1из 20

Configure a Squid proxy server through

Webmin
A proxy server can prevent employees from visiting certain sites, help reduce the load on
your network by caching pages for clients, and make use of SSL to secure connections
between clients and servers. Many smaller companies assume they don't have the time or the
money to put into setting up a proxy server. Thanks to Webmin, that is not the case.
With the Webmin administration portal, you can easily set up a Squid proxy server and
manage that proxy with the user friendly web-based administration tool. I will walk you
through the steps of setting up a Squid proxy server through the Webmin tool. I will
demonstrate this on a Ubuntu 12.10 platform and do everything through the web-based GUI
(no command-line necessary). Because Squid is designed to run on UNIX-like systems (there
was a Windows port for a brief period, but it was abandoned), you need to have Webmin
running on a UNIX-based system. Once you have Webmin up and running, you are very
close to having Squid installed.

Installing Squid
In order to be able to enable the Squid module, Squid needs to be installed; fortunately,
Webmin is smart enough to handle this task for you. After you log in to Webmin as an
administrator, you can have Webmin install Squid and then enable the module for you. Here's
how:
1.
2.
3.
4.
5.

Log in to Webmin as your administrative user.


Scroll down until you see in the left navigation, the Unused Modules section.
Expand Unused Modules and scroll down until you see the entry for Squid.
Click the Squid proxy server entry.
In this new window (Figure A) click the Click Here link to have Webmin run the install. You
can watch the progress of the installation fly by in the same screen.

Figure A

Click the image to enlarge.


When the installation completes, refresh the view of your Webmin portal and then expand the
Servers section. You should now see a listing for Squid Proxy Server (Figure B). Click the Squid Proxy
Server, and you're ready to start setting it up. Figure B

Click the image to enlarge.

Setting up Squid
The first thing you will see is the error "Your Squid cache directory /var/spool/squid3 has not
been initialized. This must be done before Squid can be run." In order to initialize this, click
the Initialize Cache button (with either an existing user, or you can create a new user/group
"proxy"). At this point you will see the "Stopping Squid" warning. Once the system has been
initialized, you will be prompted with the Return To Squid Index link. If you continue seeing
this error, here's what you need to do:
1.
2.
3.
4.
5.
6.

Open a terminal window.


Open the file /etc/squid3/squid.conf.
Search for the line #cache_dir ufs /var/spool/squid3 100 16 256 (around line 2245).
Remove the "#" character.
Save the file.
Go back to Webmin and click the Initialize Cache button again.

Your plan for using the proxy will dictate how you configure it. Regardless of how you use it,
you will want to define the ports used by the proxy first. By default, Squid uses 3128. You
can stick with the default, or if you need to go with a non-standard port, here's how to change
it:
1. From the Webmin Squid page, click Ports And Networking.
2. In the Ports And Networking page (Figure C), configure the port.
3. Once you have the port set, click Save.
You can set Squid to listen to more than one port by going back into Ports And Network and adding a
new port.
Figure C

Click the image to enlarge.

By default, Squid will listen to requests coming from all addresses. You can set this on a peraddress or per-hostname basis by entering the IP address or hostname under the Hostname/IP
Address column in the table.
Let's say you want to block Facebook using Squid. You must first create a new Access
Control List (ACL), which you can do by following these steps:
1. From the module index, click Access Control.
2. Below the listing, select Webserver Hostname from the drop-down and click Create New
ACL.
3. In the Create ACL window (Figure D) enter a name for the ACL (Like Facebook) and then
enter the domain (facebook.com). (You could even create a single ACL for a group of related
domains.)
4. In the Failure Redirect, enter the page you would like this to be redirected to.
5. Click Save.
Figure D

Click the image to enlarge.

Now you have to create a Proxy Restriction. Here's how:


1.
2.
3.
4.
5.
6.

Click the Proxy Restriction tab in the ACL window.


Click Add Proxy Restriction.
Select Deny.
Select the new ACL from the list on the left (Figure E).
Click Save.
In the restrictions listing, you can move the restriction up or down (using the arrows)
according to your needs. Also, you can allow an ACL by selecting Allow instead of Deny.

Figure E

Click the image to enlarge.

Back at the module index, click Apply Changes to restart Squid with the newly created
restrictions.
You should now have a proxy set up to block all access to Facebook (I'm not advocating this
practice, just using it as an example). You can apply this same idea to nearly anything you'd
like to block. And remember, Squid can be used for a lot more than blocking domains.
Linux Transparent Squid Proxy Server Guide

How To Install Squid in Ubuntu Linux


As http://whatis.techtarget.com/definition/squid-proxy-server.html defines, Squid is a Unixbased proxy server that caches Internet content closer to a requestor than its original point of
origin. Squid supports caching of many different kinds of Web objects, including those
accessed through HTTP and FTP. Caching frequently requested Web pages, media files and
other content accelerates response time and reduces bandwidth congestion.
Squid works by tracking object use over the network. Squid will initially act as an
intermediary, simply passing the clients request on to the server and saving a copy of the
requested object. If the same client or multiple clients request the same object before it

expires from Squids cache, Squid can then immediately serve it, accelerating the download
and saving bandwidth.
Internet Service Providers (ISPs) have used Squid proxy servers since the early 1990s to
provide faster download speeds and reduce latency, especially for delivering rich media and
streaming video. Website operators frequently will put a Squid proxy server as a content
accelerator, caching frequently viewed content and easing loads on Web servers. Content
delivery networks and media companies employ Squid proxy servers and deploy them
throughout their networks to improve the experience of viewers requesting programming,
particularly for load balancing and handling traffic spikes for popular content.
Here I will discuss on howto setup it on popular linux flavour Ubuntu.
After installing Ubuntu , configure network interface cards, you must have at least 2 LAN
cards , one for local LAN, second with internet connection e.g DSL
After configuring networking, make sure you are able to browse the internet. After that install
& Configure Squid.
Default login type to linux is GUI (in Ubuntu Desktop or FEDORA) First login as root.
a) Then install SQUID service by issuing following command:
apt-get install squid squid-common
b) Now configure it using default squid configuration file.
gedit /etc/squid/squid.conf
If you have CLI access, then use nano e.g:
nano /etc/squid/squid.conf
o change squid port from http_port 3128 to http_port 8080
o find the http_access section, uncomment the following 2 lines and add your own networks
(for example 192.168.0.0/24):
acl our_networks src 192.168.0.0/24
http_access allow our_networks
o change hostname in the visible_hostname section after:
#Default: # is none , just add:
visible_hostname proxy.aacable.com
Now save file, and exit and restart squid to implement changes we made to squid
configuration:
service squid restart

Now in client browser, set proxy address to SQUID lan ip and port 8080, and test the
browsing. If you dont want to manually set the proxy at client end, setup squid in transparent
mode.
Configure Squid as Transparent Proxy (Squid version >= 2.6)
Edit the Squid configuration file
gedit /etc/squid/squid.conf
o change from: http_port 8008 to,
http_port 8080 transparent
Save & Exit. and restart squid proxy server by
service squid restart
OR
squid -k rec

Iptables configuration

Next, add following rules to forward all http requests (coming to port 80) to the Squid server
port 8080 :
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.0.1:8080
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --toport 8080
Where 192.168.0.1 is the ip of the Proxy LAN interface. &

eth0 is LAN , and

eth1 is WAN]
* Save the new iptables:
iptables-save
OR use the following
https://aacable.wordpress.com/2011/06/01/linux-simple-internet-sharing-script/
++++++++++++++++++++++++++++++++++++
Also, following is a great guide which will gonna help you in installing SQUID proxy server
in transparent mode.
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

SQUID Proxy On RHEL5/CentOS - Everything That You Should Know About


[Part 1]
The main feature or duty of a proxy server could be a gateway that receives HTTP requests
from clients and forwards the request to the destination and relays the answer back to the
requestor.
Squid is most popular open-source software that brings this to us. It also has some excellent
features for doing something else such as web access controlling, bandwidth controlling,
restriction policies, and content caching and filtering. Actually people install SQUID to
pursuit 2 goals: first reduce the bandwidth charges by content caching and second for
restricting access to particular contents.
The following guide explains advantages of using Squid and will show you how to install,
configure, control, and maintain the Squid Proxy Server on RHEL5 and CentOS Linux.
*** Notice : This guide or tutorial or whatever you like to call it is based on my personal
exprience and I guarantee to you 100% that it's working like a charm for me. So if you install
this software and for any reason you have technical difficulties just post the comment and I'll
be with you to solve that. ***
Just something that you should know:
'#' hash sign before rule line in config file will disable the rule.
If you need to use your proxy server you need to modify the browser settings on your client
computer, for example: IE > Internet Option > Lan Setting > enable proxy server checkbox >
set IP Address of your Squid proxy server and port (default is 3128).
Before anything: If you are not sure Squid was installed, type the following command:
# rpm -q squid
squid-2.6.STABLE6-5.el5_1.3 //this means you have squid installed on your box and do
not need to install, so prepare your self for the configuration.
To install on RHEL5/CentOS type this command:
# yum install squid
And if you cannot use yum then try this way:
First download the latest version of squid from http://www.squid-cache.org/ (official Squid
website) and move it to /tmp:
# cd /tmp
# rpm -ivh squid-2.6.STABLE.rpm
This will install squid configurations and binaries in their directories. After that use this
command to run the program automatically when the system boots:

# chkconfig --level 35 squid on


running on x environments

// runlevel 3 is for running squid on text based and 5 is for

Ok, now it's time to start the service so:


# service squid start
For the configuration you need to open the config file depending on your version of Linux,
for RHEL5/CentOS do like this:
# vi /etc/squid/squid.conf
That's it, you can define most parameters in here, remember on start or restart of the service or
viewing the log files you may see this error:

WARNING: Could not determine this machines public hostname. Please configure one or set
'visible_hostname'.
It means the hostname isn't correctly defined and you need to change the visible_hostname in the
config file. It needs to change for identity of the cache server or troubleshooting or viewing the logs.
So change it before anything else like this:

visible_hostname HowtoForge
As you can see http_port 3128, it means Squid listens for requests from HTTP clients on this
port.

Access Control Lists (ACL)

ACLs are used to restrict usage, limit web access of host(s); each ACL line defines a
particular type of activity, such as an access time or source network, after that we need to link
the ACL to an http_access statement that tells Squid whether or not to deny or allow traffic
that matches the ACL.
When you install Squid for the first time, you need to add some acls to allow your network to
use the internet because squid by default denies web access.
The syntax of an ACL is like this:
acl aclname acltype value
aclname = rulename (it could be some desire name like mynetwork)
acltype = type of acl like : src, dst (src:source ip | dst:destination ip)
value = it could be ip address, networks, URLs ,...

This example will allow localhost to access the internet:

acl localhost src 127.0.0.1/32


http_access allow localhost
We are allowing the computer that matches the ip address range contained in the localhost
ACL to access the internet. There are other ACLs and ACL-operators available for Squid, but
this is good for practice.
So with this syntax, you can now tell squid how to work. Suppose you want to allow your
192.168.1 network range to access the internet, you can do this but first open the config file
and find these lines:
http_access allow localhost
http_access deny all

Replace them with:


acl mynetwork src 192.168.1.0/24
http_access allow localhost
http_access allow mynetwork
http_access deny all

Note: Specify the rules before the line http_access deny all. After that change save your file
and restart the squid service.
(If you use vi editor use this to save and quit > 1-press ESC key 2-type ':x' without quotation
and hit enter.)
# service squid restart
Remember you may see an error after restarting the squid service for using "/24" in your
config, if so don't panic you can easily change /24 to /255.255.255.0 and again restart the
squid service, after restarting your entire network which uses the IP addresses 192.168.1.1 to
192.168.1.254 have access to the internet.
You may ask yourself about allowing internet to everyone except particular ip addresses,
actually it's a good start and brings some fun :) . Ok, to do this open the config file and do
like this:
acl bad_employee src 192.168.1.18
http_access deny bad_employee
acl mynetwork src 192.168.1.0/24
http access allow mynetwork

In the above example the entire network will be allowed to use the internet except the
blocked person (bad_employee). Remember Squid interprets the rules from top to bottom, so
you need to be careful.
You can create a restricting rule by times for your company and assign that to your created
mynetwork acl like this:
acl mynetwork src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00

acl bad_employee src 192.168.1.18


http_access deny bad_employee
http_access allow mynetwork business_hours

Day-abbrevs: S - Sunday M - Monday T Tuesday W - Wednesday H - Thursday F - Friday


A - Saturday
You can also block a particular URL like this:
acl block_site dst www.yahoo.com
http_access deny block_site

www.yahoo.com will be filtered BUT mail.yahoo.com is open because we block yahoo.com,


so if you want to block a single url and its subdomains we do it like this:
acl block_domain dstdomain .yahoo.com
http_access deny block_domain

And you can do more than blocking one URL, if you want to block more than a single
domain we need to create a file to hold the particular URLs and give this file read
permissions like this:
# touch /etc/squid/block_list.txt
# chmod 444 /etc/squid/block_list.txt
# vi /etc/squid/block_list.txt
Enter some URLs to block like this:
www.sxx.com
www.yahoo.com
www.hotmail.com

And then save and quit, it's time to create rules. Open the config file and put these parameters
in it:
acl block_list url_regex "/etc/squid/block_list.txt"
http_access deny block_list

You can block the URLs that contain unexpected words like this:
acl blockword url_regex sxx
http_access deny blockword

(You can block case insensitive words like this : -i sxx)


You can block downloads of .exe files like this:
acl block_exe url_regex .*\.exe$
http_access deny block_exe

If you want block more extensions to download you can specify all in a file as described
before (exact like some URL to block section).

You can block TLDs (.br .eu) like this:


acl block_tld dstdom_regex \.br$
http_access deny block_tld

You can configure squid to prompt for username and password from users with ncsa_auth
that reads an NCSA-compliant encrypted password file, so:
# htpasswd -c /etc/squid/squid_passwd your_username
enter pass : your_password
# chmod o+r /etc/squid/squid_passwd
Open the config file and put these lines in it and change to your own configuration:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl ncsa_user proxy_auth REQUIRED
http_access allow ncsa_user

If you don't want to modify the browser for using a proxy there is a method that is called
"Transparent Proxy"; to use this you need to do like this:
Prior to Squid Version 2.6:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Squid Version 2.6 to 3.0:


http_port 3128 transparent

Squid Version 3.1+ :


http_port 3128 intercept

Thanks for taking the time to read this guide, I hope it's helpful.
This guide was part 1, and in part 2 we will know about "Content Caching" , "Load
Balancing", "Bandwidth Management", "Squid Logs", "Nmap" and "Monitoring [Visited
URLs by Useres]" and more ...

Squid as Transparent Proxy on CentOs 6.4


In this tutorial I am going to configure squid acting as transparent proxy what does it means?
It means we have no part of configurations on the client end, just to setup squid in transparent
proxy mode so it will sits between client and internet. And redirect their port 80 requests to
3128 port which is default squid port.

Here the simple steps which you need to perform on squid server. I am using CentOs 6.4 read
out more about CentOs 6.4
Lab Environment:
CetnOs 6.4 (as squid transparent proxy server), Hostname = pxy.broexperts.com
eth0 : (Connected to Internet)
IP = 192.168.1.211/24, Gateway = 192.168.1.1 and DNS = 8.8.8.8
eth1 : (Connected to LAN)
IP = 10.0.0.1/8, and DNS = 172.0.0.1
Xp Pro SP3 (Client PC for testing). Hostname = xp1.broexperts.com
IP = 10.0.0.11/8, Gateway = 10.0.0.1(squid Servers IP) and DNS = 10.0.0.3
TIP : Setting up DNS server for this Tutorial you can follow this BIND Caching-only
Configurations on CentOs 6.4
Step-1 Installing squid packages.
yum install squid -y

Step-2 Edit squid configuration file /etc/squid/squid.conf.


vi /etc/squid/squid.conf
Create one acl
acl lan src 10.0.0.0/8
Allow http access for lan
http_access allow lan
Add the word transparent or intercept after the port 3128 just follow the below line.
http_port 3128 transparent

Step-3 Specify the hostname at the end of the file.


visible_hostname pxy.broexperts.com
Save and Exit :wq

Step-4 Restart and chkconfig the squid service so the service can be available on time of
boot.
Service squid start
Chkconfig squid on
Step-5 IPtables rule for transparent squid proxy.
iptables -t nat -A PREROUTING -i eth1 -p tcp dport 80 -j DNAT to 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp dport 80 -j REDIRECT to-port 3128
iptables -I INPUT -s 10.0.0.0/8 -p tcp dport 3128 -j ACCEPT
Now we can test browsing on Client Machine.

How to set up Squid as a transparent web


proxy on CentOS or RHEL
In a previous tutorial, we have seen the method of creating a gateway using iptables. This
tutorial will focus on turning the gateway into a transparent proxy server. A proxy is called
"transparent" when clients are not aware that their requests are processed through the proxy.
There are several benefits of using a transparent proxy. First of all, for end users, a
transparent proxy can enhance their web browsing performance by caching frequently
accessed web content, while introducing minimal configuration overhead for them. For
administrators, it can be used to enforce various administrative policies such as
content/URL/IP filtering, rate limiting, etc.
A proxy server acts as an intermediary between a client and a destination server. The client
sends requests to the proxy server which then evaluates the requests and takes necessary
actions. In this tutorial, we will be setting up a web proxy server using Squid, which is a
robust, customizable and stable proxy server. Personally, I had administered a Squid server
with 400+ client workstations for about a year. Although I had to restart the service about
once a month in average, CPU and storage utilization, throughput and client response time
were all great.
We will be configuring Squid for the following topology. The CentOS/RHEL box has one
NIC (eth0) connected to the private LAN, and the other one (eth1) connected to the Internet.

Squid Installation
To set up a transparent proxy with Squid, we start by adding necessary iptables rules.
These rules should help you get started, but please make sure that they do not conflict with
any of the existing configuration.
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

The first rule will cause all outbound packets from eth1 (WAN interface) to have the source
IP address of eth1 (i.e., enable NAT). The second rule will redirect all incoming HTTP
packets (destined to TCP 80) from eth0 (LAN interface) to Squid listening ort (TCP 3128),
instead of forwarding it out to WAN interface right away.
We start Squid installation by using yum.
# yum install squid

Now we will modify Squid configuration to turn it into a transparent proxy. We define our
LAN subnet (e.g., 10.10.10.0/24) as a valid client network. Any traffic not originating from
the LAN subnet will be denied access.
# vim /etc/squid/squid.conf
1

visible_hostname proxy.example.tst

2 http_port 3128 transparent


3
4 ## Define our network ##
5 acl our_network src 10.10.10.0/24
6
7 ## make sure that our network is allowed ##
8 http_access allow our_network
9
## finally deny everything else ##

10

http_access deny all

11

Now we start Squid service and make sure it is added to startup.


# service squid start
# chkconfig squid on

Now that Squid is up and running, we can test its functionality by monitoring Squid log. Visit
any URL from a computer connected to the LAN, and you should see something like the
following in the log.
# tailf /var/log/squid/access.log
1402987348.816
1048 10.10.10.10 TCP_MISS/302 752 GET
http://www.google.com/ - DIRECT/173.194.39.178 text/html
1402987349.416
445 10.10.10.10 TCP_MISS/302 762 GET
http://www.google.com.bd/? - DIRECT/173.194.78.94 text/html

According to the log file, the machine with IP 10.10.10.10 tried to access google.com and
Squid processed the request.
The most basic form of Squid proxy server is now ready. In the rest of the tutorial, we will be
tuning some parameters of Squid to control outbound traffic. Note that this is for
demonstration only. Actual policies should be customized to meet your requirements.

Preliminary
Before starting the configuration, we clarify a few points.
Squid Configuration Parsing

While reading a configuration file, Squid parses the file in a top-down fashion. Rules are
parsed top-down until a match is found. Whenever a match is found, that rule is executed,
and any other rule below it is ignored. So, the best practice for adding filtering rules is to
specify rules in the following sequence.
explicit allow
explicit deny
allow entire LAN
deny all

Squid restart vs. Squid reconfigure

Whenever Squid configuration is modified, Squid service needs to be restarted. Depending on


the number of active connections, restarting the service may take a a while, sometimes
several minutes. LAN users will not be able to access the Internet during this time. To avoid
such service interruption, we can use the following command instead of "service squid
restart".
# squid -k reconfigure

This command will allow Squid to run with updated parameters without restarting itself.

Filtering LAN Hosts by IP Address


In this demonstration, we want to set up Squid such that hosts with IP address 10.10.10.24
and 10.10.10.25 are prevented from accessing the Internet. We create a text file 'denied-ipfile' containing the IP addresses of all denied hosts, and add that file in Squid configuration.

# vim /etc/squid/denied-ip-file
10.10.10.24
10.10.10.25

# vim /etc/squid/squid.conf
1## first we create an ACL to isolate the denied IPs ##
2acl denied-ip-list src "/etc/squid/denied-ip-file"
3
4## then we apply the ACL ##
5http_access deny denied-ip-list

## explicit deny ##

6http_access allow our_network

## allow LAN ##

http_access deny all

## deny all ##

Now we need to restart Squid service. Squid will no longer honor requests from these IP
addresses. If we check the squid log, we will find 'TCP_DENIED' for requests originated
from these hosts.

Filtering Websites in a Blacklist


This method will work for HTTP only. Assuming that we want to block badsite.com and
denysite.com, we add the addresses to a file and add the reference to squid.conf.
# vim /etc/squid/badsite-file
badsite
denysite

# vim /etc/squid/squid.conf
1

## ACL definition ##

2acl badsite-list url_regex "/etc/squid/badsite-file"


3
4## ACL application ##
5http_access deny badsite-list
6http_access deny denied-ip-list ## previously set, no effect here ##
7

http_access allow our_network

http_access deny all

Please note that we have used the ACL type 'url_regex', which will match the words 'badsite'
and 'denysite' in requested URLs. That is, any request whose URL contains 'badsite' or
'denysite' (e.g., badsite.org, newdenysite.com, otherbadsite.net) will be blocked.

Combining Multiple ACLs


We will create an access list to block clients with IP addresses 10.10.10.200 and 10.10.10.201
from accessing custom-block-site.com. Any other clients would be able to access the site. To
do this, we will create an access list to isolate the IP addresses first, and then create another
access list to isolate the required website. Finally, we will use both access lists
simultaneously to meet the requirement.
# vim /etc/squid/custom-denied-list-file
10.10.10.200
10.10.10.201

# vim /etc/squid/custom-block-website-file
custom-block-site

# vim /etc/squid/squid.conf
1

acl custom-denied-list src "/etc/squid/custom-denied-list-file"

2acl custom-block-site url_regex "/etc/squid/custom-block-website-file"


3
4## ACL application ##
5http_access deny

custom-denied-list custom-block-site

6http_access deny badsite-list

## previously set, no effect here ##

7http_access deny denied-ip-list ## previously set, no effect here ##


8

http_access allow our_network

http_access deny all

# squid -k reconfigure

The blocked hosts should not be able to access the mentioned site now. The log file
/var/log/squid/access.log should contain 'TCP_DENIED' for corresponding requests.

Setting Maximum Download Size


Squid can be used to control the maximum downloadable file size. We want to restrict
maximum download size to 50 MB for hosts 10.10.10.200 and 10.10.10.201. We have
already created the ACL 'custom-denied-list' previously to isolate the traffic from these
sources. Now we will use the same access list to restrict download size.
# vim /etc/squid/squid.conf

1reply_body_max_size 50 MB custom-denied-list
# squid -k reconfigure

Setting up Squid Caching Hierarchy


Squid supports caching by storing frequently accessed files in the local storage. Imagine 100
users within your LAN are accessing google.com. Without caching, the logo or doodle for the
page needs to be fetched individually for each request. Squid can store the logo or doodle in
its cache to serve them from its cache. This results in improved user perceived performance
as well as reduced bandwidth usage. A win-win if you will.
To enable caching, we modify the configuration file squid.conf.
# vim /etc/squid/squid.conf
1cache_dir ufs /var/spool/squid 100 16 256

The numbers 100, 16 and 256 have the following meaning.

100 MB storage is allocated for Squid cache. You may increase the allocated space if you
want.
16 directories, each containing 256 subdirectories will be used to store cache files. This
parameter should not be modified.

We can verify whether Squid cache is enabled from the log file /var/log/squid/access.log. For
successful cache hits, we should see entries with 'TCP_HIT'.
To sum up, Squid is a powerful, industry standard web proxy server that is used widely by
system admins worldwide. Squid provides easy access control that can be used to administer
traffic originating from the LAN. It can be deployed in small companies as well as large
enterprise networks. This tutorial covered only a subset of all Squid features. Refer to the
official documentation for a complete feature list.
Hope this helps.