Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- ## squid.conf
- #========================================================#
- # Port
- #========================================================#
- #http_port 5128 transparent
- #http_port 5129 transparent tproxy
- http_port 0.0.0.0:5128 transparent
- icp_port 3130
- icp_query_timeout 0
- mcast_icp_query_timeout 2000
- dead_peer_timeout 10 seconds
- #=======================================================#
- # Arquivos de Discos
- #=======================================================#
- include /etc/squid/cfg/disks.conf
- #=======================================================#
- # Arquivos de Log
- #=======================================================#
- cache_access_log /var/log/squid/access.log
- cache_log /var/log/squid/cache.log
- cache_store_log /var/log/squid/store.log
- #cache_store_log none
- referer_log /var/log/squid/referer.log
- #========================================================#
- # Nega Cache de Straming ASX & ASF
- #========================================================#
- acl asx url_regex -i \.asx$
- cache deny asx
- acl asf url_regex -i \.asf$
- cache deny asf
- #========================================================#
- # Bloqueia Arquivos Suspeitos
- #========================================================#
- acl vbs url_regex -i .*\.VBS$
- http_access deny vbs
- acl scr url_regex -i .*\.SCR$
- http_access deny scr
- acl cmd url_regex -i .*\.CMD$
- http_access deny cmd
- acl pif url_regex -i .*\.PIF$
- http_access deny pif
- #========================================================#
- # Sem_Proxy
- #========================================================#
- acl Sem_Proxy_ServerCache dstdomain 192.168.10.2
- acl Sem_Proxy_Jus.Br url_regex .jus.br
- acl Sem_Proxy_Sky url_regex .sky.com.br
- acl Sem_Proxy_Captcha url_regex captcha
- acl Sem_Proxy_Captcha1 url_regex captucha
- acl Sem_Proxy_Captcha2 url_regex img.jpg
- no_cache deny Sem_Proxy_ServerCache
- no_cache deny Sem_Proxy_Jus.Br
- no_cache deny Sem_Proxy_Sky
- no_cache deny Sem_Proxy_Captcha
- no_cache deny Sem_Proxy_Captcha1
- no_cache deny Sem_Proxy_Captcha2
- #========================================================#
- # Ftp_Refresh
- #========================================================#
- include /etc/squid/cfg/ftp_refresh.conf
- #========================================================#
- # Linha cancelada
- # Ativar para Perl ou inComum
- #========================================================#
- acl QUERY url_regex cgi-bin \?
- no_cache deny QUERY
- #=====================================================#
- # Parametros Administrativos
- #=====================================================#
- cache_mgr webmaster
- cache_effective_user proxy
- cache_effective_group proxy
- visible_hostname proxy
- unique_hostname proxy
- error_directory /usr/share/squid/errors/Portuguese
- #========================================================#
- # Checar
- #========================================================#
- acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
- upgrade_http0.9 deny shoutcast
- acl apache rep_header Server ^Apache
- broken_vary_encoding allow apache
- extension_methods REPORT MERGE MKACTIVITY CHECKOUT
- hosts_file /etc/hosts
- coredump_dir /var/spool/squid
- #============================================================#
- # FTP section
- #============================================================#
- ftp_user anonymous@anonymous.com.br
- ftp_list_width 32
- ftp_passive on
- ftp_sanitycheck on
- cache_effective_user proxy
- #============================================================#
- # DNS resolution section
- #============================================================#
- dns_nameservers 127.0.0.1 192.168.10.1 208.67.222.220 208.67.222.222
- #------------------------------------------------------------#
- #Se o conteúdo "quick_abort_min" for igual ou menor do que o valor setado, o Squid continuará a baixá-lo.
- #quick_abort_min 0 KB
- quick_abort_min 8 KB
- #//Teste
- quick_abort_min -1
- #Se o conteúdo "quick_abort_max" for igual ou maior do que o valor setado, o Squid irá interromper a requisição
- #imediatamente.
- quick_abort_max 0 KB
- #Se o percentual do conteúdo "quick_abort_pct" for igual ou maior do o valor setado, o Squid continuará a baixá-lo. #Se quisermos abortar todas as requisição incompletas, devemos setar o valor das duas primeiras diretivas para 0,
- #se quisermos definir um valor ilimitado, devemos setar o valor para -1.
- quick_abort_pct 70
- #negative_ttl 3 minutes
- negative_ttl 5 minutes
- #positive_dns_ttl 53 seconds
- #negative_dns_ttl 29 seconds
- positive_dns_ttl 24 hours
- negative_dns_ttl 10 seconds
- forward_timeout 4 minutes
- connect_timeout 2 minutes
- peer_connect_timeout 1 minutes
- pconn_timeout 120 seconds
- shutdown_lifetime 10 seconds
- read_timeout 15 minutes
- #request_timeout 5 minutes
- request_timeout 40 seconds
- persistent_request_timeout 1 minute
- #client_lifetime 60 minutes
- half_closed_clients off
- ignore_expect_100 on
- strip_query_terms off
- #====================================================#
- # ACL Geral_Usuarios
- #====================================================#
- acl all src all
- acl allowed_net src "/etc/squid/cfg/acl/redes_autorizadas.conf"
- acl bgu1_net src "/etc/squid/cfg/acl/block_guser1.conf"
- acl bgu2_net src "/etc/squid/cfg/acl/block_guser2.conf"
- acl bgu3_net src "/etc/squid/cfg/acl/block_guser3.conf"
- acl bgu4_net src "/etc/squid/cfg/acl/block_guser4.conf"
- acl bgu5_net src "/etc/squid/cfg/acl/block_guser5.conf"
- acl manager proto cache_object
- acl purge method PURGE
- acl CONNECT method CONNECT
- acl localhost src 127.0.0.1/32
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
- #====================================================#
- # ACL Safe_Ports
- #====================================================#
- acl Safe_ports port 80 # http
- acl Safe_ports port 20 # ftp
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl Safe_ports port 631 # cups
- acl Safe_ports port 873 # rsync
- acl Safe_ports port 901 # SWAT
- acl SSL_ports port 563 # snews
- acl SSL_ports port 873 # rsync
- acl SSL_ports port 10000 # webmin
- acl Safe_ports port 110 # POP3
- acl Safe_ports port 25 # SMTP
- acl Safe_ports port 2095-2096 # webmail from cpanel
- acl Safe_ports port 2082-2083 # cpanel
- #====================================================#
- # ACL -> Bypass Excessao
- #====================================================#
- acl exc_dst_ip dst "/etc/squid/cfg/acl/exc_dst_ip.conf"
- acl exc_dst_dominio dstdomain "/etc/squid/cfg/acl/exc_dst_dominio.conf"
- acl exc_dst_regex url_regex -i "/etc/squid/cfg/acl/exc_dst_regex.conf"
- acl exc_src_ip src "/etc/squid/cfg/acl/exc_src_ip.conf"
- acl exc_src_dominio srcdomain "/etc/squid/cfg/acl/exc_src_dominio.conf"
- acl exc_src_regex url_regex -i "/etc/squid/cfg/acl/exc_src_regex.conf"
- # Cache Deny -> Bypass
- no_cache deny exc_dst_ip
- no_cache deny exc_dst_dominio
- no_cache deny exc_dst_regex
- no_cache deny exc_src_ip
- no_cache deny exc_src_dominio
- no_cache deny exc_src_regex
- # Always_Direct -> Bypass
- always_direct allow exc_dst_ip
- always_direct allow exc_dst_dominio
- always_direct allow exc_dst_regex
- always_direct allow exc_src_ip
- always_direct allow exc_src_dominio
- always_direct allow exc_src_regex
- #====================================================#
- # ACL -> Bloqueio Conteudo
- #====================================================#
- acl bck1_dst_ip dst "/etc/squid/cfg/acl/bck1_dst_ip.conf"
- acl bck1_dst_dominio dstdomain "/etc/squid/cfg/acl/bck1_dst_dominio.conf"
- acl bck1_dst_regex url_regex -i "/etc/squid/cfg/acl/bck1_dst_regex.conf"
- acl bck1_src_ip src "/etc/squid/cfg/acl/bck1_src_ip.conf"
- acl bck1_src_dominio srcdomain "/etc/squid/cfg/acl/bck1_src_dominio.conf"
- acl bck1_src_regex url_regex -i "/etc/squid/cfg/acl/bck1_src_regex.conf"
- acl bck2_dst_ip dst "/etc/squid/cfg/acl/bck2_dst_ip.conf"
- acl bck2_dst_dominio dstdomain "/etc/squid/cfg/acl/bck2_dst_dominio.conf"
- acl bck2_dst_regex url_regex -i "/etc/squid/cfg/acl/bck2_dst_regex.conf"
- acl bck2_src_ip src "/etc/squid/cfg/acl/bck2_src_ip.conf"
- acl bck2_src_dominio srcdomain "/etc/squid/cfg/acl/bck2_src_dominio.conf"
- acl bck2_src_regex url_regex -i "/etc/squid/cfg/acl/bck2_src_regex.conf"
- acl bck3_dst_ip dst "/etc/squid/cfg/acl/bck3_dst_ip.conf"
- acl bck3_dst_dominio dstdomain "/etc/squid/cfg/acl/bck3_dst_dominio.conf"
- acl bck3_dst_regex url_regex -i "/etc/squid/cfg/acl/bck3_dst_regex.conf"
- acl bck3_src_ip src "/etc/squid/cfg/acl/bck3_src_ip.conf"
- acl bck3_src_dominio srcdomain "/etc/squid/cfg/acl/bck3_src_dominio.conf"
- acl bck3_src_regex url_regex -i "/etc/squid/cfg/acl/bck3_src_regex.conf"
- acl bck4_dst_ip dst "/etc/squid/cfg/acl/bck4_dst_ip.conf"
- acl bck4_dst_dominio dstdomain "/etc/squid/cfg/acl/bck4_dst_dominio.conf"
- acl bck4_dst_regex url_regex -i "/etc/squid/cfg/acl/bck4_dst_regex.conf"
- acl bck4_src_ip src "/etc/squid/cfg/acl/bck4_src_ip.conf"
- acl bck4_src_dominio srcdomain "/etc/squid/cfg/acl/bck4_src_dominio.conf"
- acl bck4_src_regex url_regex -i "/etc/squid/cfg/acl/bck4_src_regex.conf"
- acl bck5_dst_ip dst "/etc/squid/cfg/acl/bck5_dst_ip.conf"
- acl bck5_dst_dominio dstdomain "/etc/squid/cfg/acl/bck5_dst_dominio.conf"
- acl bck5_dst_regex url_regex -i "/etc/squid/cfg/acl/bck5_dst_regex.conf"
- acl bck5_src_ip src "/etc/squid/cfg/acl/bck5_src_ip.conf"
- acl bck5_src_dominio srcdomain "/etc/squid/cfg/acl/bck5_src_dominio.conf"
- acl bck5_src_regex url_regex -i "/etc/squid/cfg/acl/bck5_src_regex.conf"
- #====================================================#
- # Controles -> Sistema | Clientes
- #====================================================#
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow manager localhost
- http_access deny manager
- http_access allow purge localhost
- http_access deny purge
- http_access deny to_localhost
- # Redes Clientes
- http_access deny bck1_dst_ip bgu1_net
- http_access deny bck1_dst_dominio bgu1_net
- http_access deny bck1_dst_regex bgu1_net
- http_access deny bck1_src_ip bgu1_net
- http_access deny bck1_src_dominio bgu1_net
- http_access deny bck1_src_regex bgu1_net
- http_access deny bck2_dst_ip bgu2_net
- http_access deny bck2_dst_dominio bgu2_net
- http_access deny bck2_dst_regex bgu2_net
- http_access deny bck2_src_ip bgu2_net
- http_access deny bck2_src_dominio bgu2_net
- http_access deny bck2_src_regex bgu2_net
- http_access deny bck3_dst_ip bgu3_net
- http_access deny bck3_dst_dominio bgu3_net
- http_access deny bck3_dst_regex bgu3_net
- http_access deny bck3_src_ip bgu3_net
- http_access deny bck3_src_dominio bgu3_net
- http_access deny bck3_src_regex bgu3_net
- http_access deny bck4_dst_ip bgu4_net
- http_access deny bck4_dst_dominio bgu4_net
- http_access deny bck4_dst_regex bgu4_net
- http_access deny bck4_src_ip bgu4_net
- http_access deny bck4_src_dominio bgu4_net
- http_access deny bck4_src_regex bgu4_net
- http_access deny bck5_dst_ip bgu5_net
- http_access deny bck5_dst_dominio bgu5_net
- http_access deny bck5_dst_regex bgu5_net
- http_access deny bck5_src_ip bgu5_net
- http_access deny bck5_src_dominio bgu5_net
- http_access deny bck5_src_regex bgu5_net
- #------------ Teste Youtube --------#
- strip_query_terms off
- acl yutub dstdomain .youtube.com .youtu.be .google.com .google.com.br .googlevideo.com
- logformat squid1 %{Referer}>h %ru
- access_log /var/log/squid/yt.log squid1 yutub
- acl redirec urlpath_regex -i &redirect_counter=1&cms_redirect=yes &ir=1&rr=12
- cache deny redirec
- storeurl_access deny redirec
- storeurl_access allow yutub
- #storeurl_access deny all
- storeurl_rewrite_program /etc/squid/storeurl.pl
- storeurl_rewrite_children 70
- #storeurl_rewrite_concurrency 0
- refresh_pattern ^http://2[0]{0,2}\.195\.190\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(get_video|videoplayback|videoplay|youtube-videoplay)\?|[^/]*\.(youtube|googlevideo)\.com/(get_video|videoplayback|videoplay|youtube-videoplay|liveplay)\? 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
- #------------ Teste Youtube --------#
- http_access allow allowed_net
- http_access allow localhost
- http_access deny all
- icp_access allow all
- #============================================================#
- # Generic
- #============================================================#
- #mime_table /etc/squid/mime.conf
- pid_filename /var/run/squid.pid
- #Resolve Nome Dominio no log
- log_fqdn off
- log_mime_hdrs off
- log_ip_on_direct off
- logfile_rotate 7
- debug_options ALL,1
- buffered_logs off
- emulate_httpd_log off
- #============================================================#
- # ACCELERATOR
- #============================================================#
- memory_pools off
- forwarded_for on
- log_icp_queries off
- icp_hit_stale on
- minimum_direct_hops 4
- minimum_direct_rtt 400
- store_avg_object_size 13 KB
- store_objects_per_bucket 20
- client_db on
- netdb_low 9900
- netdb_high 10000
- netdb_ping_period 30 seconds
- query_icmp on
- pipeline_prefetch on
- detect_broken_pconn on
- reload_into_ims on
- vary_ignore_expire on
- max_open_disk_fds 65535
- nonhierarchical_direct on
- prefer_direct off
- update_headers on
- httpd_suppress_version_string on
- client_persistent_connections on
- server_persistent_connections on
- httpd_accel_no_pmtu_disc on
- #============================================================#
- # OPTIONS WHICH AFFECT THE CACHE SIZE
- #============================================================#
- #cache_mem 356 MB
- cache_mem 1024 MB
- minimum_object_size 1 KB
- #minimum_object_size 64 KB
- #maximum_object_size 5 GB
- maximum_object_size 5242880 KB
- #maximum_object_size_in_memory 32 KB
- maximum_object_size_in_memory 1024 KB
- cache_swap_low 90%
- cache_swap_high 94%
- store_dir_select_algorithm round-robin
- #store_dir_select_algorithm least-load
- ipcache_size 51200
- ipcache_low 90
- ipcache_high 95
- fqdncache_size 51200
- #Mantendo objetos recentes e pequenos na memoria
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LFUDA
- #============================================================#
- # SNMP
- #============================================================#
- snmp_port 3401
- acl snmp snmp_community public
- snmp_access allow snmp localhost
- snmp_access deny all
- #============================================================#
- #ZPH
- #============================================================#
- ###Permite marcar TOS/Diffserv para conexoes de saida
- ##baseado em usernames e source address que faz o pedido.
- ##Exemplo para normal_service_net usuarios com TOS = 0x00
- ##e good_service_net usuarios TOS = 0x20
- ## acl normal_service_net src 10.0.0.0/255.255.255.0
- ## acl good_service_net src 10.0.1.0/255.255.255.0
- ## tcp_outgoing_tos 0x00 normal_service_net
- ## tcp_outgoing_tos 0x20 good_service_net
- #tcp_outgoing_tos
- #tcp_outgoing_tos 0x08 mikrotik
- ###Geralmente permite mapear pedidos de diferentes IP.
- ##tcp_outgoing_address ipaddr [[!]aclname] ...
- ##Exemplo de onde as requisicoes serao encaminhadas
- ##10.0.0.0/24 com fonte 10.1.0.1.
- ##acl normal_service_net src 10.0.0.0/24
- ##acl good_service_net src 10.0.1.0/24 10.0.2.0/24
- ##tcp_outgoing_address 10.1.0.1 normal_service_net
- ##tcp_outgoing_address 10.1.0.2 good_service_net
- ##tcp_outgoing_address 10.1.0.3
- ##Processando em ordem especifica e parando a primeira
- ##linha de congruencia.
- ##Nota: O uso desta directiva usando ACLs dependente de
- ##cliente e incompativel com o uso de conexoes persistentes.
- ##Para garantir um melhor resultado deve-se usar server_persistent_connections.
- #tcp_outgoing_address
- #tcp_outgoing_address 192.168.10.2
- ###Permite a marcacao de pacotes de resposta HIT / MISS,
- ##usando IP/TOS/Sockets.
- ##off Disable
- ##tos Seleciona IP/TOS/Diffserv
- ##priority Seleciona Sockets de Prioridade (chega mapeado
- ## por TOS por OS,otherwise only usable in local rulesets)
- ##
- ##option Incopora a marcacao no campo IP. Veja tambem zph_option.
- ## Veja tambem para tcp_outgoing_tos detalhes de como usar TOS.
- #zph_mode
- zph_mode tos
- ###Geralmente seleciona TOS/Diffserv/Prioryty
- ##para marcar o HIT local. Default: 0 (disable)
- #zph_local
- #zph_local 0x08
- zph_local 0x30
- ###Geralmente seleciona TOS/Diffserv/Priority
- ##para marcasibling. Default: 0 (disable)
- #zph_sibling
- ###Geralmente seleciona TOS/Diffserv/Priority
- ##para marcar HIT. Default: 0 (disabled).
- #zph_parent
- zph_parent 0x38
- ###Geralmente usada para STREAM
- ##Padrao 136
- #zph_option
- zph_option 136
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement