squid.conf

1. ··············································
2. acl manager proto cache_object
3. acl localhost src 127.0.0.1/32 ::1
4. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
5.  
6.  
7. # Example rule allowing access from your local networks.
8. # Adapt to list your (internal) IP networks from where browsing
9. # should be allowed
10.  
11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
12. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
14. acl localnet src fc00::/7 # RFC 4193 local private network range
15. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
16. ##########################################################################
17. #######INTERNET POR HORAS#######################
18.  
19. acl H_ADMIN time SMTWHFA 13:00-14:00
20. acl H_UPDATE time SMTWHFA 13:00-14:00
21. acl E_HORA time SMTWHFA 17:30-20:00
22. acl CONNECT method CONNECT
23.  
24. ###############################################
25. ####PAGINAS ADMITIDAS HORAS TRABAJO############
26.  
27. acl L_ADMIN url_regex "/etc/squid/pag_personal"
28. acl P_ADMIN url_regex "/etc/squid/pag_personalPAMPA"
29. ##############################################
30. acl restringido url_regex "/etc/squid/restringido.acl"
31. acl restringidoadmin url_regex "/etc/squid/restringidoadmin.acl"
32. acl EXTENSION1 urlpath_regex -i \.dll$
33. acl EXTENSION2 urlpath_regex -i \.exe$\.mp3$\.mov$\.mpeg$\.ppt$\.pps$\.wms$
34. acl badsites dstdomain .facebook.com
35. acl skype_url url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
36.  
37. acl ACT url_regex "/etc/squid/pag_actualizacion"
38.  
39. acl DIRECTORES src "/etc/squid/direccion.acl"
40. acl ADMIN src "/etc/squid/administrativos.acl"
41. acl UPADMIN src "/etc/squid/upadmin.acl"
42. acl JEFATURALPAMPA src "/etc/squid/jefaturalpampa.acl"
43. acl PAMPA src "/etc/squid/adminpampa.acl"
44. acl UPDATE url_regex "/etc/squid/update.acl"
45. acl SININTERNET src "/etc/squid/negados.acl"
46. ###############################################
47.  
48. #acl SSL_ports port 443
49. acl Safe_ports port 80 # http
50. acl Safe_ports port 21 # ftp
51. acl Safe_ports port 443 # https
52. acl Safe_ports port 70 # gopher
53. acl Safe_ports port 210 # wais
54. acl Safe_ports port 1025-65535 # unregistered ports
55. acl Safe_ports port 280 # http-mgmt
56. acl Safe_ports port 488 # gss-http
57. acl Safe_ports port 591 # filemaker
58. acl Safe_ports port 777 # multiling http
59.  
60. #http_reply_access deny badsites JEFATURALPAMPA
61. #
62. # Recommended minimum Access Permission configuration:
63. #
64. # Only allow cachemgr access from localhost
65. http_access allow manager localhost
66. #http_access deny block-fnes
67.  
68. #http_access allow all
69.  
70.  
71. # Deny requests to certain unsafe ports
72.  
73. http_access deny !Safe_ports
74.  
75. # Deny CONNECT to other than secure SSL ports
76. #http_access deny CONNECT !SSL_ports
77.  
78. # We strongly recommend the following be uncommented to protect innocent
79. # web applications running on the proxy server who think the only
80. # one who can access services on "localhost" is a local user
81. #http_access deny to_localhost
82.  
83. #
84. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
85. #
86.  
87. # Example rule allowing access from your local networks.
88. # Adapt localnet in the ACL section to list your (internal) IP networks
89. # from where browsing should be allowed
90.  
91. http_access allow localhost
92. http_access allow DIRECTORES !ACT
93. http_access allow UPADMIN !restringidoadmin !EXTENSION1 !EXTENSION2
94. http_access allow JEFATURALPAMPA !restringido !EXTENSION1 !EXTENSION2
95. http_access allow ADMIN L_ADMIN !restringidoadmin !EXTENSION1 !EXTENSION2
96. http_access allow H_ADMIN ADMIN
97. http_access allow H_UPDATE ADMIN UPDATE !restringido !EXTENSION1 !EXTENSION2
98. http_access allow SININTERNET UPDATE
99. http_access allow PAMPA P_ADMIN !restringidoadmin !restringido !EXTENSION1 !EXTENSION2
100. http_access allow H_ADMIN PAMPA
101. http_access allow H_ADMIN JEFATURALPAMPA
102. http_access allow E_HORA PAMPA
103. http_access allow H_ADMIN JEFATURALPAMPA
104. http_access deny badsites JEFATURALPAMPA
105. http_access deny badsites
106. http_access deny CONNECT badsites JEFATURALPAMPA
107.  
108. # And finally deny all other access to this proxy
109. #http_access deny CONNECT skype_url
110. http_access deny all
111.  
112. # Squid normally listens to port 3128
113. #http_port 3128 transparent
114. #http_port 3128
115. http_port 3128 intercept
116.  
117. # We recommend you to use at least the following line.
118. hierarchy_stoplist cgi-bin ?
119.  
120. # Uncomment and adjust the following to add a disk cache directory.
121. cache_dir ufs /var/spool/squid 10000 16 256
122. #cache_dir aufs /var/spool/squid 1000 16 256
123.  
124. # Leave coredumps in the first cache dir
125. coredump_dir /var/spool/squid
126. ###
127. #query_icmp on
128.  
129. #query_icmp on
130.  
131. ############
132.  
133. # Add any of your own refresh_pattern entries above these
134.  
135. refresh_pattern -i \.(html|htm|html\?|htm\?)$ 9440 90% 100000 override-expire reload-into-ims
136. #refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif\?|png\?|jpg\?|jpeg\?|ico\?|bmp\?|tiff\?|webp\?|bif\?)$ 36000 90% 100000 override-expire reload-into-ims ignore-reload
137. refresh_pattern \.(swf|swf\?|js|js\?|wav|css|css\?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-ims
138. refresh_pattern -i \.(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll\?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reload
139. refresh_pattern -i \.(xml)$ 0 90% 100000
140. refresh_pattern -i \.(json|json\?)$ 1440 90% 5760 override-expire reload-into-ims
141. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
142.  
143. refresh_pattern ^ftp: 1440 20% 10080
144. refresh_pattern ^gopher: 1440 0% 1440
145. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
146. refresh_pattern . 0 20% 4320
147. #####################
148. ignore_expect_100 on
149. log_icp_queries off
150. minimum_object_size 0 KB
151. buffered_logs on
152. pipeline_prefetch on
153. cache_effective_user squid
154. cache_effective_group squid
155. ###############
156. maximum_object_size 250 MB
157. maximum_object_size_in_memory 1 MB
158. visible_hostname shadow
159. unique_hostname shadow-DHS
160. #client_db off
161. #cache_store_log none
162. positive_dns_ttl 16 day
163. #shutdown_lifetime 0 second
164. cache_mem 1024 MB
165. cache_swap_low 90
166. cache_swap_high 95
167. ipcache_size 8192
168. fqdncache_size 8192
169. ######################
170. visible_hostname mail
171. forwarded_for on
172. ie_refresh on
173. dns_nameservers 200.62.191.11 200.62.191.12
174. dns_defnames off
175.  
176. ######################
177.  
178. request_header_max_size 256 KB
179. memory_replacement_policy heap GDSF
180. cache_replacement_policy heap LRU
181. memory_pools off
182. quick_abort_min 0 KB
183. quick_abort_max 0 KB
184. buffered_logs on
185. read_ahead_gap 1 MB
186. #access_log none
187. half_closed_clients off
188.  
189. ······································