Overview
Squid Proxy Server - Caching Forward Proxy, Web Filter & Gateway
Squid Proxy Server is a production-ready, caching forward and reverse proxy for the web, supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth usage and improves response times by caching and reusing frequently requested content, while providing powerful access controls that make it an ideal secure web gateway, content filter, and outbound internet proxy for your AWS workloads.
Squid is trusted by thousands of organizations worldwide as part of the open-source Squid project community, which has been actively maintained for over two decades.
Why Choose This Pre-Configured Squid AMI?
- Domain-level filtering and user authentication - Gain granular control with advanced access controls, user authentication, and content filtering beyond basic outbound connectivity.
- Cost efficiency at scale - Reduce data egress costs through intelligent caching of repeated requests.
- Pre-hardened and preconfigured - Eliminate hours of manual setup with sensible security defaults, optimized caching configuration, and ready-to-use ACL templates.
Common Use Cases
- Outbound internet control for private subnets - Give EC2 instances in a private VPC controlled, audited internet access without exposing them directly to the internet.
- Web content filtering - Block or allow websites, domains, and content types to enforce compliance and acceptable-use policies.
- Bandwidth saving and acceleration - Cache static and dynamic content to reduce data egress costs and latency.
- Reverse proxy / server accelerator - Offload and accelerate origin web servers.
- User authentication and auditing - Require LDAP, Active Directory, RADIUS, or POP3 login and log all access for visibility and reporting.
Key Features
Caching and Performance
- Cache frequently accessed websites, files, media, and dynamic content
- DNS lookup caching
- Load balancing with other Squid proxies
- SMP CARP clustering for scale and high availability
Access Control and Content Filtering
- ACL-based rules for networks, domains, IP ranges, MIME types, and time-of-day
- Block or allow instant messaging, coin-mining, and torrents
- Webwasher integration for virus filtering and adult content blocking
Authentication
- User authentication via LDAP, Active Directory, RADIUS, POP3, database, and more
Transparent and Intercepting Proxy
- Traffic interception with WCCPv2 and TPROXYv2
- Multiple interception ports, NAT on private networks
- Adaptation protocol support (C-ICAP / eCAP) and PHP redirectors
Security and Privacy
- Hide users' internal IP addresses from external servers
- SSL/TLS interception and caching of HTTPS requests
- Hardened CentOS Stream 9 base with unnecessary services disabled
Deployment Details and Requirements
- Operating System: CentOS Stream 9, preconfigured and hardened
- Minimum Instance: t3.small (2 vCPU, 2 GB RAM) for light workloads up to 50 concurrent users
- Recommended Instance: t3.medium or m5.large for production workloads with 200+ concurrent users
- Disk: Minimum 20 GB root volume; allocate additional EBS storage proportional to desired cache size (e.g., 50-100 GB for active caching)
- Ports: Default proxy on port 3128 (configurable); SSH on port 22
- Networking: Place in a public or private subnet depending on architecture; configure security groups to allow inbound on port 3128 from your VPC CIDR
Security Hardening
This AMI is built on CentOS Stream 9 with the following hardening measures applied:
- Unnecessary services and packages removed
- Firewall rules configured to restrict access to essential ports only
- SSH hardened with key-based authentication (password auth disabled)
- Regular security patches applied at build time
Getting Started
- Launch the AMI from AWS Marketplace and select your instance type
- Configure your security group to allow inbound TCP 3128 from your VPC
- SSH into the instance and edit /etc/squid/squid.conf to define your ACLs
- Restart Squid and configure your clients or route tables to use the proxy
- Verify connectivity and review access logs at /var/log/squid/access.log
Full post deployment setup guide is below under vendor resources.
Highlights
- Caching web proxy & gateway speeds up browsing and cuts bandwidth/egress costs by caching frequently requested web content. Works as a forward proxy, reverse proxy, or transparent/intercepting proxy.
- Access control & content filtering ACL-based rules to allow or block sites, domains, IP ranges, MIME types, and time-of-day access. Authenticate users via LDAP, Active Directory, RADIUS, POP3, or database.
- Secure & ready to run hardened, preconfigured Squid deployment with sensible defaults. SSL/TLS interception, WCCP, ICAP/eCAP, and clustering supported out of the box.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
- ...
Dimension | Cost/hour |
|---|---|
t2.medium Recommended | $0.05 |
t3.micro | $0.05 |
t2.micro | $0.05 |
d3en.6xlarge | $0.05 |
u-12tb1.metal | $0.05 |
inf1.24xlarge | $0.05 |
c5a.12xlarge | $0.05 |
d2.xlarge | $0.05 |
c5n.2xlarge | $0.05 |
m5zn.2xlarge | $0.05 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Latest OS updates installed, simply run 'sudo yum -y update' to install latest updates
Additional details
Usage instructions
Once deployed login via SSH to the instance.
Open up Squid config located /etc/squid/squid.conf
You will need to configure which networks are allowed access to Squid.
Please refer to our setup guide on the following URL: https://cloudinfrastructureservices.co.uk/how-to-setup-squid-proxy-cache-in-aws/
Resources
Vendor resources
Support
Vendor support
Support from Cloud Infrastructure Services
The Cloud Infrastructure Services team provides support for this Squid Proxy AMI to help you with deployment, configuration, troubleshooting, and ongoing operation.
Support Channels
- Submit Support Ticket Via: https://cloudinfrastructureservices.co.uk/contact-us/
- Setup Guide on: Follow post deployment instructions on: https://cloudinfrastructureservices.co.uk/how-to-setup-squid-proxy-cache-in-aws/
What Is Covered
- Initial deployment and launch assistance
- Configuration guidance for squid.conf, ACLs, and authentication setup
- Troubleshooting connectivity, caching, and filtering issues
- Security group and VPC networking recommendations
- Guidance on instance sizing and cache storage allocation
- Assistance with refund requests
Getting Started After Launch
- SSH into your instance using your key pair on port 22
- Edit /etc/squid/squid.conf to define your access control lists
- Configure your security group to allow inbound TCP on port 3128 from your VPC CIDR
- Restart the Squid service and point your clients to the proxy
- Monitor access logs at /var/log/squid/access.log to verify proper function
Follow our post deployment setup guide above.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products


