Skip to content
Pricing RU Sign In
RU

Port 3128: Squid HTTP proxy

By · Updated
Key idea:

Port 3128 (TCP) is the standard for Squid HTTP proxy. Port 3128 — default for Squid — caching HTTP proxy. Also used in HTTP tunnel for transparent proxies in corporate networks. An open Squid proxy = zombie for spam and malware.

Below: what uses this port, security considerations, online check, FAQ.

Try it now — free →

What runs on this port

Squid HTTP proxy

Port 3128 — default for Squid — caching HTTP proxy. Also used in HTTP tunnel for transparent proxies in corporate networks. An open Squid proxy = zombie for spam and malware.

Security considerations

Squid without ACL = open forward proxy. In squid.conf: `http_access deny all` + `http_access allow internal_net`. Never expose 3128 on a public IP without strict auth.

Check this port online

Check port online →

Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).

Related guides

ICMP PingHost availability and latency
Port ScannerOpen TCP port detection
LatencyResponse time in milliseconds
Packet LossPercentage of dropped packets

Why teams trust us

ICMP+TCP
check protocols
14
key ports scanned
<2s
result
3
regions

How it works

1

Enter IP or domain

2

ICMP packets sent

3

Latency & packet loss shown

How Do Ping and Port Scanning Work?

Ping sends ICMP packets to a host and measures response time. Port scanning checks which TCP ports are open and accepting connections — helping diagnose serviceavailability issues.

Configurable Ping

Choose packet count (3, 4, 6, 10). Stats: min/avg/max latency and packet loss.

Common Port Scanner

Check 14 key ports: HTTP, HTTPS, SSH, FTP, SMTP, MySQL, PostgreSQL, and more.

Cloud-Based Check

Testing from our server — see site availability from outside, not just your local network.

Uptime Monitoring

Need constant monitoring? Create a monitor — checks every minute with notifications.

Who uses this

DevOps

availability diagnosis

Network engineers

TCP port scanning

Developers

connection debugging

SRE

basic health check

Common Mistakes

ICMP blocked = server is downMany servers block ICMP. Ping fails but site works — check ports instead.
High ping = server problemLatency depends on geography. 150ms between continents is normal, not an error.
Closed ports — cause for alarmClosed ports of unused services are good. Unnecessary open ports are a risk.
One check = sufficientNetworks are unstable. A single timeout ≠ a problem. Check multiple times or set up monitoring.

Best Practices

Combine ping and port checksPing shows host availability, ports show specific service availability. Use both.
Check from different locationsThe problem may be local. A cloud test shows the real picture.
Close unused portsEvery open port is a potential attack vector. Keep only necessary ports open.
Set up monitoringManual checks do not scale. Set up automated monitoring with notifications.

Get more with a free account

Ping check history, host availability monitoring and downtime alerts.

Sign up free

Related tools

TracerouteDNS LookupWHOISSSL Check

Frequently Asked Questions

Is port 3128 open by default?

No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 3128 in a Security Group or firewall.

How to check if port 3128 is reachable?

Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 3128</code>.

Is port 3128 safe to expose?

Depends on the service. Squid HTTP proxy should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation