Squid proxy server is designed to cache web objects by default to improve performance. The caching mechanism stores frequently accessed content locally to reduce bandwidth usage and latency. However, in certain scenarios like content filtering or simple forwarding, caching might be undesirable.
To configure Squid as a pure forwarding proxy without any caching, modify your squid.conf with these directives:
# Disable disk caching completely
cache_dir null /tmp
# Set memory cache to zero
cache_mem 0 MB
# Maximum object size in memory (zero disables)
maximum_object_size_in_memory 0 KB
# Disable caching of any responses
no_cache deny allFor proper operation without caching, consider these complementary configurations:
# Disable shared memory caching
shared_transient_entries_limit_size 0
# Disable memory caching for collapsed forwarding
collapsed_forwarding off
# Set very short refresh patterns
refresh_pattern ^ftp: 0 20% 0
refresh_pattern ^gopher: 0 20% 0
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 0After applying these changes and restarting Squid (service squid restart), verify the configuration:
# Check active configuration
squid -k parse
# Verify no cache directories are in use
squidclient mgr:cache_dir
# Monitor live traffic (should show MISS for all requests)
tail -f /var/log/squid/access.logWhile disabling caching reduces memory usage, it increases:
- Upstream bandwidth consumption
- Response times for repeated requests
- Server load during peak traffic
For high-traffic environments, consider keeping minimal caching for static content while filtering dynamic content:
# Example of selective caching
acl static_content urlpath_regex \.(jpg|png|gif|css|js)$
cache allow static_content
cache deny allIf you encounter problems after disabling cache:
- Check SELinux permissions if using CentOS/RHEL
- Verify sufficient file descriptors (
ulimit -n) - Monitor system logs for errors (
/var/log/messages)
Remember to test your configuration with various content types and protocols to ensure complete non-caching behavior.
When implementing Squid proxy in environments where caching isn't desired (such as content filtering or monitoring scenarios), it's crucial to disable all caching mechanisms while maintaining proxy functionality. This is particularly common in:
- Corporate filtering systems
- Regulatory compliance monitoring
- Transparent proxy implementations
- Debugging and development environments
Here's the core configuration for Squid 3.1+ to function as a pure filtering proxy:
# Disable all caching mechanisms
cache deny all
maximum_object_size 0 KB
minimum_object_size 999999999 KB
# Disable memory caching
cache_mem 0 MB
# Disable on-disk caching
cache_dir null /tmp
# Important for proper functioning
refresh_pattern ^ftp: 0 20% 0
refresh_pattern ^gopher: 0 20% 0
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 0
While disabling caching reduces memory usage, consider these adjustments for optimal performance:
# Connection handling
max_filedescriptors 8192
workers 4
# Timeout settings
forward_timeout 30 seconds
connect_timeout 10 seconds
Here's how to implement basic filtering while maintaining non-caching behavior:
acl blocked_sites dstdomain "/etc/squid/blocked.acl"
http_access deny blocked_sites
acl allowed_ports port 80 443 21
http_access deny !allowed_ports
Create /etc/squid/blocked.acl with domains to block:
.facebook.com
.twitter.com
.youtube.com
After configuration, verify with:
squid -k parse
squid -k reconfigure
Test caching behavior with:
curl -x localhost:3128 -I http://example.com | grep X-Cache
You should see "X-Cache: MISS from yourproxy" without any "HIT" responses.
For transparent proxy mode without caching:
http_port 3128 intercept
https_port 3130 intercept ssl-bump cert=/etc/squid/ssl_cert/myca.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
Remember to add appropriate iptables rules for traffic redirection.