API tools faq
paste
Guest User

Untitled

a guest
Nov 2nd, 2012
325
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.89 KB | None | 0 0
raw download clone embed print report
  1. /etc/squid/squid.conf
  2. #Хост и порт
  3. http_port 8080
  4. visible_hostname di
  5.  
  6. #Отключаем Internet Cache Protocol
  7. icp_port 0
  8.  
  9. #Отключаем кэширование негодных страниц
  10. acl donocache urlpath_regex cgi-bin user submit
  11. no_cache deny donocache
  12.  
  13. #Объем быстрого кэша
  14. cache_mem 32 MB
  15. cache_dir ufs /var/spool/squid 1000 16 256
  16.  
  17. #Логи
  18. cache_access_log /var/log/squid/access.log
  19. cache_log /var/log/squid/cache.log
  20. cache_store_log /var/log/squid/store.log
  21.  
  22. #FTP
  23. ftp_user anonymous@
  24. ftp_list_width 32
  25. ftp_passive on
  26. ftp_sanitycheck on
  27.  
  28. #Служебные ACL
  29. acl all src 0/0
  30. acl SMTP port 25
  31.  
  32. #Кому доступен прокси
  33. acl doallow src 127.0.0.1/32 192.128.0.51/32 192.168.0.74/32 192.168.0.58/32 192.168.0.44/32 192.168.0.61/32 192.168.0.95/32 192.168.0.14/32 192.168.0.54/32 192.168.0.53/32 192.168.0.49/32 192.168.0.72/32 192.168.0.207/32
  34.  
  35.  
  36. #Cоздаем группы
  37. acl adm_group src 192.168.0.74/32
  38. acl nachalniki src 192.168.0.58/32 192.168.0.61/32 192.168.0.49/32
  39. acl technokad src 192.168.0.95/32 192.168.0.206/32
  40. acl workers src 192.168.0.72/32 192.168.0.53/32 192.168.0.44/32
  41. acl other src 192.168.0.85/32 192.168.0.43/32 192.168.0.41/32 192.168.0.11/32 192.168.0.14/32 192.168.0.54/32 192.168.0.207/32
  42.  
  43. #Разрешенные порты
  44. acl Safe_ports port 80 8000 8080
  45. acl Safe_ports port 21 22 1701
  46. acl Safe_ports port 443 563 5190 5552 5222 5938
  47. acl Safe_ports port 777
  48. acl Safe_ports port 9080 9443
  49. acl CONNECT method CONNECT
  50.  
  51. #Правила доступа
  52.  
  53. http_access allow Safe_ports
  54. http_access deny SMTP
  55. http_access allow doallow
  56. http_access allow CONNECT adm_group
  57. http_access allow nachalniki
  58. http_access allow technokad
  59. http_access allow workers
  60. http_access allow other
  61. http_access deny all
  62.  
  63. #Запретим ICP
  64. icp_access deny all
  65.  
  66. #Попытка оптимизации
  67. reload_into_ims on
  68. refresh_pattern \.bz2$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  69. refresh_pattern \.exe$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  70. refresh_pattern \.gif$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  71. refresh_pattern \.gz$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  72. refresh_pattern \.ico$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  73. refresh_pattern \.jpg$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  74. refresh_pattern \.mid$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  75. refresh_pattern \.mp3$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  76. refresh_pattern \.pdf$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  77. refresh_pattern \.swf$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  78. refresh_pattern \.tar$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  79. refresh_pattern \.tgz$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  80. refresh_pattern \.zip$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  81.  
  82. refresh_pattern http://ad\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  83. refresh_pattern http://ads\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  84. refresh_pattern http://adv\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  85. refresh_pattern http://click\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  86. refresh_pattern http://count\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  87. refresh_pattern http://counter\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  88. refresh_pattern http://engine\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  89. refresh_pattern http://img\.readme\.ru 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  90. refresh_pattern http://userpic\.livejournal\.com 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  91. refresh_pattern \.ru/bf-analyze 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  92. refresh_pattern \.ru/bf-si 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  93. refresh_pattern /advs/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  94. refresh_pattern /banners/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  95. refresh_pattern /cgi-bin/iframe/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
  96.  
  97. refresh_pattern ^ftp: 1440 20% 10080
  98. refresh_pattern ^gopher: 1440 0% 1440
  99. refresh_pattern . 0 80% 14400
  100.  
  101. #Ограничения скорости (в байтах), канал на момент написания 1000000 байт\с (10 мбит)
  102. delay_pools 5
  103.  
  104. delay_class 1 1
  105. delay_parameters 1 -1/-1
  106. delay_access 1 allow adm_group
  107. delay_access 1 deny all
  108.  
  109. delay_class 2 2
  110. delay_parameters 2 150000/150000 50000/50000
  111. delay_access 2 allow nachalniki
  112. delay_access 2 deny all
  113.  
  114. delay_class 3 2
  115. delay_parameters 3 150000/150000 75000/75000
  116. delay_access 3 allow technokad
  117. delay_access 3 deny all
  118.  
  119. delay_class 4 2
  120. delay_parameters 4 180000/180000 60000/60000
  121. delay_access 4 allow workers
  122. delay_access 4 deny all
  123.  
  124. delay_class 5 2
  125. delay_parameters 5 210000/210000 30000/30000
  126. delay_access 5 allow other
  127. delay_access 5 deny all
  128.  
  129. iptables-save
  130. # Generated by iptables-save v1.4.8 on Fri Nov 2 15:37:30 2012
  131. *nat
  132. :PREROUTING ACCEPT [108289:5890293]
  133. :POSTROUTING ACCEPT [55278:4091321]
  134. :OUTPUT ACCEPT [55278:4091321]
  135. -A POSTROUTING -s 192.168.0.74/32 -o ppp0 -j SNAT --to-source 95.31.254.227
  136. COMMIT
  137. # Completed on Fri Nov 2 15:37:30 2012
  138. # Generated by iptables-save v1.4.8 on Fri Nov 2 15:37:30 2012
  139. *mangle
  140. :PREROUTING ACCEPT [2800076:1552978208]
  141. :INPUT ACCEPT [2794330:1551104229]
  142. :FORWARD ACCEPT [5130:1822215]
  143. :OUTPUT ACCEPT [3023730:1468386542]
  144. :POSTROUTING ACCEPT [3029098:1470243295]
  145. -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
  146. COMMIT
  147. # Completed on Fri Nov 2 15:37:30 2012
  148. # Generated by iptables-save v1.4.8 on Fri Nov 2 15:37:30 2012
  149. *filter
  150. :INPUT ACCEPT [2705:550747]
  151. :FORWARD ACCEPT [0:0]
  152. :OUTPUT ACCEPT [1738:327639]
  153. -A INPUT -s 23.60.69.151/32 -j DROP
  154. -A INPUT -s 23.60.69.183/32 -j DROP
  155. -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable
  156. -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
  157. -A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
  158. COMMIT
  159. # Completed on Fri Nov 2 15:37:30 2012
  160.  
  161. ifconfig
  162. ifconfig
  163. eth0 Link encap:Ethernet HWaddr 5c:d9:98:f5:96:c1
  164. inet addr:192.168.0.51 Bcast:192.168.0.255 Mask:255.255.255.0
  165. inet6 addr: fe80::5ed9:98ff:fef5:96c1/64 Scope:Link
  166. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  167. RX packets:182097 errors:0 dropped:0 overruns:0 frame:0
  168. TX packets:212232 errors:0 dropped:0 overruns:0 carrier:0
  169. collisions:0 txqueuelen:1000
  170. RX bytes:38120092 (36.3 MiB) TX bytes:205061769 (195.5 MiB)
  171. Interrupt:17 Base address:0xa000
  172.  
  173. eth1 Link encap:Ethernet HWaddr 5c:d9:98:f5:a1:3e
  174. inet addr:10.97.15.232 Bcast:10.97.15.255 Mask:255.255.248.0
  175. inet6 addr: fe80::5ed9:98ff:fef5:a13e/64 Scope:Link
  176. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  177. RX packets:5342712 errors:0 dropped:0 overruns:0 frame:0
  178. TX packets:6525265 errors:0 dropped:0 overruns:0 carrier:0
  179. collisions:0 txqueuelen:1000
  180. RX bytes:3275009358 (3.0 GiB) TX bytes:3038030563 (2.8 GiB)
  181. Interrupt:18 Base address:0x4000
  182.  
  183. lo Link encap:Local Loopback
  184. inet addr:127.0.0.1 Mask:255.0.0.0
  185. inet6 addr: ::1/128 Scope:Host
  186. UP LOOPBACK RUNNING MTU:16436 Metric:1
  187. RX packets:15166 errors:0 dropped:0 overruns:0 frame:0
  188. TX packets:15166 errors:0 dropped:0 overruns:0 carrier:0
  189. collisions:0 txqueuelen:0
  190. RX bytes:1809266 (1.7 MiB) TX bytes:1809266 (1.7 MiB)
  191.  
  192. ppp0 Link encap:Point-to-Point Protocol
  193. inet addr:95.31.254.227 P-t-P:85.21.230.41 Mask:255.255.255.255
  194. UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1
  195. RX packets:5284762 errors:0 dropped:0 overruns:0 frame:0
  196. TX packets:4695107 errors:0 dropped:0 overruns:0 carrier:0
  197. collisions:0 txqueuelen:3
  198. RX bytes:2984729799 (2.7 GiB) TX bytes:2715287222 (2.5 GiB)
  199.  
  200. route -n
  201.  
  202. Destination Gateway Genmask Flags Metric Ref Use Iface
  203. 85.21.230.41 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  204. 85.21.230.41 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
  205. 85.21.192.3 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  206. 85.21.72.83 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  207. 85.21.52.254 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  208. 85.21.79.12 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  209. 195.14.50.26 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  210. 89.179.135.67 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  211. 213.234.192.8 10.97.8.1 255.255.255.255 UGH 0 0 0 eth1
  212. 85.21.34.0 10.97.8.1 255.255.255.240 UG 0 0 0 eth1
  213. 233.32.240.0 10.97.15.232 255.255.255.0 UG 0 0 0 eth1
  214. 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
  215. 85.21.90.0 10.97.8.1 255.255.255.0 UG 0 0 0 eth1
  216. 85.21.79.0 10.97.8.1 255.255.255.0 UG 0 0 0 eth1
  217. 10.97.8.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1
  218. 85.21.0.0 10.97.8.1 255.255.0.0 UG 0 0 0 eth1
  219. 10.0.0.0 10.97.8.1 255.0.0.0 UG 0 0 0 eth1
  220. 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!