API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 29th, 2013
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.85 KB | None | 0 0
raw download clone embed print report
  1. ##
  2. ## squid.conf
  3.  
  4. #========================================================#
  5. # Port
  6. #========================================================#
  7. #http_port 5128 transparent
  8. #http_port 5129 transparent tproxy
  9. http_port 0.0.0.0:5128 transparent
  10. icp_port 3130
  11. icp_query_timeout 0
  12. mcast_icp_query_timeout 2000
  13. dead_peer_timeout 10 seconds
  14.  
  15. #=======================================================#
  16. # Arquivos de Discos
  17. #=======================================================#
  18. include /etc/squid/cfg/disks.conf
  19.  
  20. #=======================================================#
  21. # Arquivos de Log
  22. #=======================================================#
  23. cache_access_log /var/log/squid/access.log
  24. cache_log /var/log/squid/cache.log
  25. cache_store_log /var/log/squid/store.log
  26. #cache_store_log none
  27. referer_log /var/log/squid/referer.log
  28.  
  29. #========================================================#
  30. # Nega Cache de Straming ASX & ASF
  31. #========================================================#
  32. acl asx url_regex -i \.asx$
  33. cache deny asx
  34. acl asf url_regex -i \.asf$
  35. cache deny asf
  36.  
  37. #========================================================#
  38. # Bloqueia Arquivos Suspeitos
  39. #========================================================#
  40. acl vbs url_regex -i .*\.VBS$
  41. http_access deny vbs
  42. acl scr url_regex -i .*\.SCR$
  43. http_access deny scr
  44. acl cmd url_regex -i .*\.CMD$
  45. http_access deny cmd
  46. acl pif url_regex -i .*\.PIF$
  47. http_access deny pif
  48.  
  49. #========================================================#
  50. # Sem_Proxy
  51. #========================================================#
  52. acl Sem_Proxy_ServerCache dstdomain 192.168.10.2
  53. acl Sem_Proxy_Jus.Br url_regex .jus.br
  54. acl Sem_Proxy_Sky url_regex .sky.com.br
  55. acl Sem_Proxy_Captcha url_regex captcha
  56. acl Sem_Proxy_Captcha1 url_regex captucha
  57. acl Sem_Proxy_Captcha2 url_regex img.jpg
  58. no_cache deny Sem_Proxy_ServerCache
  59. no_cache deny Sem_Proxy_Jus.Br
  60. no_cache deny Sem_Proxy_Sky
  61. no_cache deny Sem_Proxy_Captcha
  62. no_cache deny Sem_Proxy_Captcha1
  63. no_cache deny Sem_Proxy_Captcha2
  64.  
  65. #========================================================#
  66. # Ftp_Refresh
  67. #========================================================#
  68. include /etc/squid/cfg/ftp_refresh.conf
  69.  
  70. #========================================================#
  71. # Linha cancelada
  72. # Ativar para Perl ou inComum
  73. #========================================================#
  74. acl QUERY url_regex cgi-bin \?
  75. no_cache deny QUERY
  76.  
  77. #=====================================================#
  78. # Parametros Administrativos
  79. #=====================================================#
  80. cache_mgr webmaster
  81. cache_effective_user proxy
  82. cache_effective_group proxy
  83. visible_hostname proxy
  84. unique_hostname proxy
  85. error_directory /usr/share/squid/errors/Portuguese
  86.  
  87. #========================================================#
  88. # Checar
  89. #========================================================#
  90. acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
  91. upgrade_http0.9 deny shoutcast
  92. acl apache rep_header Server ^Apache
  93. broken_vary_encoding allow apache
  94. extension_methods REPORT MERGE MKACTIVITY CHECKOUT
  95. hosts_file /etc/hosts
  96. coredump_dir /var/spool/squid
  97.  
  98. #============================================================#
  99. # FTP section
  100. #============================================================#
  101. ftp_user anonymous@anonymous.com.br
  102. ftp_list_width 32
  103. ftp_passive on
  104. ftp_sanitycheck on
  105. cache_effective_user proxy
  106.  
  107. #============================================================#
  108. # DNS resolution section
  109. #============================================================#
  110. dns_nameservers 127.0.0.1 192.168.10.1 208.67.222.220 208.67.222.222
  111. #------------------------------------------------------------#
  112. #Se o conteúdo "quick_abort_min" for igual ou menor do que o valor setado, o Squid continuará a baixá-lo.
  113. #quick_abort_min 0 KB
  114. quick_abort_min 8 KB
  115. #//Teste
  116. quick_abort_min -1
  117. #Se o conteúdo "quick_abort_max" for igual ou maior do que o valor setado, o Squid irá interromper a requisição
  118. #imediatamente.
  119. quick_abort_max 0 KB
  120. #Se o percentual do conteúdo "quick_abort_pct" for igual ou maior do o valor setado, o Squid continuará a baixá-lo. #Se quisermos abortar todas as requisição incompletas, devemos setar o valor das duas primeiras diretivas para 0,
  121. #se quisermos definir um valor ilimitado, devemos setar o valor para -1.
  122. quick_abort_pct 70
  123. #negative_ttl 3 minutes
  124. negative_ttl 5 minutes
  125. #positive_dns_ttl 53 seconds
  126. #negative_dns_ttl 29 seconds
  127. positive_dns_ttl 24 hours
  128. negative_dns_ttl 10 seconds
  129. forward_timeout 4 minutes
  130. connect_timeout 2 minutes
  131. peer_connect_timeout 1 minutes
  132. pconn_timeout 120 seconds
  133. shutdown_lifetime 10 seconds
  134. read_timeout 15 minutes
  135. #request_timeout 5 minutes
  136. request_timeout 40 seconds
  137. persistent_request_timeout 1 minute
  138. #client_lifetime 60 minutes
  139. half_closed_clients off
  140. ignore_expect_100 on
  141. strip_query_terms off
  142.  
  143. #====================================================#
  144. # ACL Geral_Usuarios
  145. #====================================================#
  146. acl all src all
  147. acl allowed_net src "/etc/squid/cfg/acl/redes_autorizadas.conf"
  148. acl bgu1_net src "/etc/squid/cfg/acl/block_guser1.conf"
  149. acl bgu2_net src "/etc/squid/cfg/acl/block_guser2.conf"
  150. acl bgu3_net src "/etc/squid/cfg/acl/block_guser3.conf"
  151. acl bgu4_net src "/etc/squid/cfg/acl/block_guser4.conf"
  152. acl bgu5_net src "/etc/squid/cfg/acl/block_guser5.conf"
  153. acl manager proto cache_object
  154. acl purge method PURGE
  155. acl CONNECT method CONNECT
  156. acl localhost src 127.0.0.1/32
  157. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
  158.  
  159. #====================================================#
  160. # ACL Safe_Ports
  161. #====================================================#
  162. acl Safe_ports port 80 # http
  163. acl Safe_ports port 20 # ftp
  164. acl Safe_ports port 21 # ftp
  165. acl Safe_ports port 443 # https
  166. acl Safe_ports port 70 # gopher
  167. acl Safe_ports port 210 # wais
  168. acl Safe_ports port 1025-65535 # unregistered ports
  169. acl Safe_ports port 280 # http-mgmt
  170. acl Safe_ports port 488 # gss-http
  171. acl Safe_ports port 591 # filemaker
  172. acl Safe_ports port 777 # multiling http
  173. acl Safe_ports port 631 # cups
  174. acl Safe_ports port 873 # rsync
  175. acl Safe_ports port 901 # SWAT
  176. acl SSL_ports port 563 # snews
  177. acl SSL_ports port 873 # rsync
  178. acl SSL_ports port 10000 # webmin
  179. acl Safe_ports port 110 # POP3
  180. acl Safe_ports port 25 # SMTP
  181. acl Safe_ports port 2095-2096 # webmail from cpanel
  182. acl Safe_ports port 2082-2083 # cpanel
  183.  
  184. #====================================================#
  185. # ACL -> Bypass Excessao
  186. #====================================================#
  187. acl exc_dst_ip dst "/etc/squid/cfg/acl/exc_dst_ip.conf"
  188. acl exc_dst_dominio dstdomain "/etc/squid/cfg/acl/exc_dst_dominio.conf"
  189. acl exc_dst_regex url_regex -i "/etc/squid/cfg/acl/exc_dst_regex.conf"
  190. acl exc_src_ip src "/etc/squid/cfg/acl/exc_src_ip.conf"
  191. acl exc_src_dominio srcdomain "/etc/squid/cfg/acl/exc_src_dominio.conf"
  192. acl exc_src_regex url_regex -i "/etc/squid/cfg/acl/exc_src_regex.conf"
  193.  
  194. # Cache Deny -> Bypass
  195. no_cache deny exc_dst_ip
  196. no_cache deny exc_dst_dominio
  197. no_cache deny exc_dst_regex
  198. no_cache deny exc_src_ip
  199. no_cache deny exc_src_dominio
  200. no_cache deny exc_src_regex
  201.  
  202. # Always_Direct -> Bypass
  203. always_direct allow exc_dst_ip
  204. always_direct allow exc_dst_dominio
  205. always_direct allow exc_dst_regex
  206. always_direct allow exc_src_ip
  207. always_direct allow exc_src_dominio
  208. always_direct allow exc_src_regex
  209.  
  210. #====================================================#
  211. # ACL -> Bloqueio Conteudo
  212. #====================================================#
  213. acl bck1_dst_ip dst "/etc/squid/cfg/acl/bck1_dst_ip.conf"
  214. acl bck1_dst_dominio dstdomain "/etc/squid/cfg/acl/bck1_dst_dominio.conf"
  215. acl bck1_dst_regex url_regex -i "/etc/squid/cfg/acl/bck1_dst_regex.conf"
  216. acl bck1_src_ip src "/etc/squid/cfg/acl/bck1_src_ip.conf"
  217. acl bck1_src_dominio srcdomain "/etc/squid/cfg/acl/bck1_src_dominio.conf"
  218. acl bck1_src_regex url_regex -i "/etc/squid/cfg/acl/bck1_src_regex.conf"
  219.  
  220. acl bck2_dst_ip dst "/etc/squid/cfg/acl/bck2_dst_ip.conf"
  221. acl bck2_dst_dominio dstdomain "/etc/squid/cfg/acl/bck2_dst_dominio.conf"
  222. acl bck2_dst_regex url_regex -i "/etc/squid/cfg/acl/bck2_dst_regex.conf"
  223. acl bck2_src_ip src "/etc/squid/cfg/acl/bck2_src_ip.conf"
  224. acl bck2_src_dominio srcdomain "/etc/squid/cfg/acl/bck2_src_dominio.conf"
  225. acl bck2_src_regex url_regex -i "/etc/squid/cfg/acl/bck2_src_regex.conf"
  226.  
  227. acl bck3_dst_ip dst "/etc/squid/cfg/acl/bck3_dst_ip.conf"
  228. acl bck3_dst_dominio dstdomain "/etc/squid/cfg/acl/bck3_dst_dominio.conf"
  229. acl bck3_dst_regex url_regex -i "/etc/squid/cfg/acl/bck3_dst_regex.conf"
  230. acl bck3_src_ip src "/etc/squid/cfg/acl/bck3_src_ip.conf"
  231. acl bck3_src_dominio srcdomain "/etc/squid/cfg/acl/bck3_src_dominio.conf"
  232. acl bck3_src_regex url_regex -i "/etc/squid/cfg/acl/bck3_src_regex.conf"
  233.  
  234. acl bck4_dst_ip dst "/etc/squid/cfg/acl/bck4_dst_ip.conf"
  235. acl bck4_dst_dominio dstdomain "/etc/squid/cfg/acl/bck4_dst_dominio.conf"
  236. acl bck4_dst_regex url_regex -i "/etc/squid/cfg/acl/bck4_dst_regex.conf"
  237. acl bck4_src_ip src "/etc/squid/cfg/acl/bck4_src_ip.conf"
  238. acl bck4_src_dominio srcdomain "/etc/squid/cfg/acl/bck4_src_dominio.conf"
  239. acl bck4_src_regex url_regex -i "/etc/squid/cfg/acl/bck4_src_regex.conf"
  240.  
  241. acl bck5_dst_ip dst "/etc/squid/cfg/acl/bck5_dst_ip.conf"
  242. acl bck5_dst_dominio dstdomain "/etc/squid/cfg/acl/bck5_dst_dominio.conf"
  243. acl bck5_dst_regex url_regex -i "/etc/squid/cfg/acl/bck5_dst_regex.conf"
  244. acl bck5_src_ip src "/etc/squid/cfg/acl/bck5_src_ip.conf"
  245. acl bck5_src_dominio srcdomain "/etc/squid/cfg/acl/bck5_src_dominio.conf"
  246. acl bck5_src_regex url_regex -i "/etc/squid/cfg/acl/bck5_src_regex.conf"
  247.  
  248. #====================================================#
  249. # Controles -> Sistema | Clientes
  250. #====================================================#
  251. http_access deny !Safe_ports
  252. http_access deny CONNECT !SSL_ports
  253. http_access allow manager localhost
  254. http_access deny manager
  255. http_access allow purge localhost
  256. http_access deny purge
  257. http_access deny to_localhost
  258.  
  259. # Redes Clientes
  260. http_access deny bck1_dst_ip bgu1_net
  261. http_access deny bck1_dst_dominio bgu1_net
  262. http_access deny bck1_dst_regex bgu1_net
  263. http_access deny bck1_src_ip bgu1_net
  264. http_access deny bck1_src_dominio bgu1_net
  265. http_access deny bck1_src_regex bgu1_net
  266.  
  267. http_access deny bck2_dst_ip bgu2_net
  268. http_access deny bck2_dst_dominio bgu2_net
  269. http_access deny bck2_dst_regex bgu2_net
  270. http_access deny bck2_src_ip bgu2_net
  271. http_access deny bck2_src_dominio bgu2_net
  272. http_access deny bck2_src_regex bgu2_net
  273.  
  274. http_access deny bck3_dst_ip bgu3_net
  275. http_access deny bck3_dst_dominio bgu3_net
  276. http_access deny bck3_dst_regex bgu3_net
  277. http_access deny bck3_src_ip bgu3_net
  278. http_access deny bck3_src_dominio bgu3_net
  279. http_access deny bck3_src_regex bgu3_net
  280.  
  281. http_access deny bck4_dst_ip bgu4_net
  282. http_access deny bck4_dst_dominio bgu4_net
  283. http_access deny bck4_dst_regex bgu4_net
  284. http_access deny bck4_src_ip bgu4_net
  285. http_access deny bck4_src_dominio bgu4_net
  286. http_access deny bck4_src_regex bgu4_net
  287.  
  288. http_access deny bck5_dst_ip bgu5_net
  289. http_access deny bck5_dst_dominio bgu5_net
  290. http_access deny bck5_dst_regex bgu5_net
  291. http_access deny bck5_src_ip bgu5_net
  292. http_access deny bck5_src_dominio bgu5_net
  293. http_access deny bck5_src_regex bgu5_net
  294.  
  295. #------------ Teste Youtube --------#
  296. strip_query_terms off
  297. acl yutub dstdomain .youtube.com .youtu.be .google.com .google.com.br .googlevideo.com
  298. logformat squid1 %{Referer}>h %ru
  299. access_log /var/log/squid/yt.log squid1 yutub
  300. acl redirec urlpath_regex -i &redirect_counter=1&cms_redirect=yes &ir=1&rr=12
  301. cache deny redirec
  302. storeurl_access deny redirec
  303. storeurl_access allow yutub
  304. #storeurl_access deny all
  305. storeurl_rewrite_program /etc/squid/storeurl.pl
  306. storeurl_rewrite_children 70
  307. #storeurl_rewrite_concurrency 0
  308. refresh_pattern ^http://2[0]{0,2}\.195\.190\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(get_video|videoplayback|videoplay|youtube-videoplay)\?|[^/]*\.(youtube|googlevideo)\.com/(get_video|videoplayback|videoplay|youtube-videoplay|liveplay)\? 5259487 99999% 5259487 override-expire reload-into-ims stale-while-revalidate=2592000 ignore-private ignore-no-cache
  309. #------------ Teste Youtube --------#
  310.  
  311. http_access allow allowed_net
  312. http_access allow localhost
  313. http_access deny all
  314. icp_access allow all
  315.  
  316. #============================================================#
  317. # Generic
  318. #============================================================#
  319. #mime_table /etc/squid/mime.conf
  320. pid_filename /var/run/squid.pid
  321. #Resolve Nome Dominio no log
  322. log_fqdn off
  323. log_mime_hdrs off
  324. log_ip_on_direct off
  325. logfile_rotate 7
  326. debug_options ALL,1
  327. buffered_logs off
  328. emulate_httpd_log off
  329.  
  330. #============================================================#
  331. # ACCELERATOR
  332. #============================================================#
  333. memory_pools off
  334. forwarded_for on
  335. log_icp_queries off
  336. icp_hit_stale on
  337. minimum_direct_hops 4
  338. minimum_direct_rtt 400
  339. store_avg_object_size 13 KB
  340. store_objects_per_bucket 20
  341. client_db on
  342. netdb_low 9900
  343. netdb_high 10000
  344. netdb_ping_period 30 seconds
  345. query_icmp on
  346. pipeline_prefetch on
  347. detect_broken_pconn on
  348. reload_into_ims on
  349. vary_ignore_expire on
  350. max_open_disk_fds 65535
  351. nonhierarchical_direct on
  352. prefer_direct off
  353. update_headers on
  354. httpd_suppress_version_string on
  355. client_persistent_connections on
  356. server_persistent_connections on
  357. httpd_accel_no_pmtu_disc on
  358.  
  359. #============================================================#
  360. # OPTIONS WHICH AFFECT THE CACHE SIZE
  361. #============================================================#
  362. #cache_mem 356 MB
  363. cache_mem 1024 MB
  364. minimum_object_size 1 KB
  365. #minimum_object_size 64 KB
  366. #maximum_object_size 5 GB
  367. maximum_object_size 5242880 KB
  368. #maximum_object_size_in_memory 32 KB
  369. maximum_object_size_in_memory 1024 KB
  370. cache_swap_low 90%
  371. cache_swap_high 94%
  372. store_dir_select_algorithm round-robin
  373. #store_dir_select_algorithm least-load
  374. ipcache_size 51200
  375. ipcache_low 90
  376. ipcache_high 95
  377. fqdncache_size 51200
  378. #Mantendo objetos recentes e pequenos na memoria
  379. memory_replacement_policy heap GDSF
  380. cache_replacement_policy heap LFUDA
  381.  
  382. #============================================================#
  383. # SNMP
  384. #============================================================#
  385. snmp_port 3401
  386. acl snmp snmp_community public
  387. snmp_access allow snmp localhost
  388. snmp_access deny all
  389.  
  390. #============================================================#
  391. #ZPH
  392. #============================================================#
  393. ###Permite marcar TOS/Diffserv para conexoes de saida
  394. ##baseado em usernames e source address que faz o pedido.
  395. ##Exemplo para normal_service_net usuarios com TOS = 0x00
  396. ##e good_service_net usuarios TOS = 0x20
  397. ## acl normal_service_net src 10.0.0.0/255.255.255.0
  398. ## acl good_service_net src 10.0.1.0/255.255.255.0
  399. ## tcp_outgoing_tos 0x00 normal_service_net
  400. ## tcp_outgoing_tos 0x20 good_service_net
  401. #tcp_outgoing_tos
  402. #tcp_outgoing_tos 0x08 mikrotik
  403.  
  404. ###Geralmente permite mapear pedidos de diferentes IP.
  405. ##tcp_outgoing_address ipaddr [[!]aclname] ...
  406. ##Exemplo de onde as requisicoes serao encaminhadas
  407. ##10.0.0.0/24 com fonte 10.1.0.1.
  408. ##acl normal_service_net src 10.0.0.0/24
  409. ##acl good_service_net src 10.0.1.0/24 10.0.2.0/24
  410. ##tcp_outgoing_address 10.1.0.1 normal_service_net
  411. ##tcp_outgoing_address 10.1.0.2 good_service_net
  412. ##tcp_outgoing_address 10.1.0.3
  413. ##Processando em ordem especifica e parando a primeira
  414. ##linha de congruencia.
  415. ##Nota: O uso desta directiva usando ACLs dependente de
  416. ##cliente e incompativel com o uso de conexoes persistentes.
  417. ##Para garantir um melhor resultado deve-se usar server_persistent_connections.
  418. #tcp_outgoing_address
  419. #tcp_outgoing_address 192.168.10.2
  420.  
  421. ###Permite a marcacao de pacotes de resposta HIT / MISS,
  422. ##usando IP/TOS/Sockets.
  423. ##off Disable
  424. ##tos Seleciona IP/TOS/Diffserv
  425. ##priority Seleciona Sockets de Prioridade (chega mapeado
  426. ## por TOS por OS,otherwise only usable in local rulesets)
  427. ##
  428. ##option Incopora a marcacao no campo IP. Veja tambem zph_option.
  429. ## Veja tambem para tcp_outgoing_tos detalhes de como usar TOS.
  430. #zph_mode
  431. zph_mode tos
  432.  
  433. ###Geralmente seleciona TOS/Diffserv/Prioryty
  434. ##para marcar o HIT local. Default: 0 (disable)
  435. #zph_local
  436. #zph_local 0x08
  437. zph_local 0x30
  438.  
  439. ###Geralmente seleciona TOS/Diffserv/Priority
  440. ##para marcasibling. Default: 0 (disable)
  441. #zph_sibling
  442.  
  443. ###Geralmente seleciona TOS/Diffserv/Priority
  444. ##para marcar HIT. Default: 0 (disabled).
  445. #zph_parent
  446. zph_parent 0x38
  447.  
  448. ###Geralmente usada para STREAM
  449. ##Padrao 136
  450. #zph_option
  451. zph_option 136
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!