Scribd
Upload
163 views4 pages

Squid - Conf

This document contains configuration settings for Squid 2.7.9, an open source proxy server and web cache. It defines access control lists (ACLs) for local networks and safe ports, allows cache access from localhost only, and denies all other access. It also specifies cache directories, log files, refresh patterns for cached content, and other caching and performance settings.

Uploaded by

bonae
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
163 views4 pages

Squid - Conf

This document contains configuration settings for Squid 2.7.9, an open source proxy server and web cache. It defines access control lists (ACLs) for local networks and safe ports, allows cache access from localhost only, and denies all other access. It also specifies cache directories, log files, refresh patterns for cached content, and other caching and performance settings.

Uploaded by

bonae
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

# WELCOME TO SQUID 2.7.

STABLE9
# ----------------------------

# configuration files.
#include /etc/squid/multimedia.conf

#Recommended minimum configuration:


acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 192.168.10.0/24
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost


http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy


http_access deny all
#Default:
# http_reply_access allow all

#Allow ICP queries from local networks only


icp_access allow localnet
icp_access deny all

#Allow HTCP queries from local networks only


# htcp_access allow localnet
# htcp_access deny all

#
#Default:
# reply_body_max_size 0 allow all

# Squid normally listens to port 3128


http_port 3128 transparent

#We recommend you to use at least the following line.


hierarchy_stoplist cgi-bin ?

# MEMORY CACHE OPTIONS


# -----------------------------------------------------------------------------

#Default:
cache_mem 8 MB

#Default:
maximum_object_size_in_memory 2000 KB

#Default:
# memory_replacement_policy lru

#Default:
# cache_replacement_policy lru

#Default:
cache_dir ufs /var/spool/squid 1000 32 256
cache_dir aufs /home/faish/squid1 3000 32 256
cache_dir aufs /home/faish/squid2 3000 32 256
cache_dir aufs /home/faish/squid3 3000 32 256

#Default:
# store_dir_select_algorithm least-load

#Default:
minimum_object_size 0 KB

#Default:
maximum_object_size 20480 KB

#Default:
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log squid

#Default:
logfile_daemon /usr/lib/squid/logfile-daemon

#Default:
cache_log /var/log/squid/cache.log

#Default:
cache_store_log /var/log/squid/store.log

#Default:
# max_stale 1 week

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880

refresh_pattern -i .(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire


override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(tiff|mov|avi|qt|mpeg|mp3)$ 10080 100% 43200 override-expire
refresh_pattern -i .(mpg|mpe|wav|au|mid|flv|mp4)$ 10080 100% 43200 override-
expire
refresh_pattern -i .(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i .(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i .(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i .(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i .(asp|acgi|pl|shtml|php3|php|html|xml)$ 10080 100% 4320
override-expire override-lastmod reload-into-ims
refresh_pattern -i .facebook.com$ 604800 100% 604800 override-expire override-
lastmod reload-into-ims
refresh_pattern -i .google.com$ 604800 100% 604800 override-expire override-
lastmod reload-into-ims
refresh_pattern -i .mail.google.com$ 604800 100% 604800 override-expire
override-lastmod reload-into-ims ignore-reload
#refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire
ignore-private
#acl youtube dstdomain .youtube.com$
#cache allow youtube
#refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999%
5259487 override-expire ignore-reload ignore-private negative-ttl=0
# example line deb packages
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320

#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

#Default:
# request_header_max_size 20 KB
#Default:
# reply_header_max_size 20 KB
#Default:
# request_body_max_size 0 KB

# Don't upgrade ShoutCast responses to HTTP


acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache


broken_vary_encoding allow apache

#
#Default:
# collapsed_forwarding off

#Default:
# refresh_stale_hit 0 seconds

extension_methods REPORT MERGE MKACTIVITY CHECKOUT


#
#Default:
# cache_mgr webmaster
#Default:
# cache_effective_user proxy
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|


videoplayback.*id)

You might also like