Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # PORT and Transparent Option [GK]
- http_port 4524
- http_port 4525 tproxy
- httpd_suppress_version_string on
- # PID File location, we can use it for various functions later, like for squid status (JZ)
- pid_filename /var/run/squid.pid
- # Using 10 GB in this example per drive
- store_dir_select_algorithm round-robin
- cache_dir aufs /squid/cache 10240 16 256
- # Cache Replacement Policies [GK]
- cache_replacement_policy heap GDSF
- memory_replacement_policy heap GDSF
- # If you want to enable DATE time n SQUID Logs,use following [GK]
- emulate_httpd_log on
- logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
- log_fqdn off
- # How much days to keep users access web logs [GK]
- # You need to rotate your log files with a cron job. For example:
- # 0 0 * * * /usr/local/squid/bin/squid -k rotate
- logfile_rotate 14
- debug_options ALL,9
- # Squid Logs Section
- # access_log none # To disable Squid access log, enable this option
- cache_access_log /var/log/squid/access.log
- cache_log /var/log/squid/cache.log
- cache_store_log /var/log/squid/store.log
- #referer_log /var/log/squid/referer.log
- #mime_table /etc/squid/mime.conf
- log_mime_hdrs off
- # I used DNSAMSQ service for fast dns resolving
- # so install by using "apt-get install dnsmasq" first / GK
- dns_nameservers 127.0.0.1
- ftp_user anonymous@
- ftp_list_width 32
- ftp_passive on
- ftp_sanitycheck on
- #ACL Section
- acl admin src 10.5.7.0/24 # Allow Admins
- acl client src 172.16.0.0/16 # Allow Clients
- acl localhost src 127.0.0.1/32
- acl to_localhost dst 127.0.0.0/8
- ###### cache manager section start, You can remote it if not required ####
- # install following
- # apt-get install squid-cgi
- # add following entry in /etc/squid/cachemgr.conf
- # localhost:8080
- # then you can access it via http://squid_ip/cgi-bin/cachemgr.cgi
- acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
- acl managerAdmin src 10.5.7.0/24 # Change it to your management pc ip
- cache_mgr xxxxx@oodoo.co.in
- cachemgr_passwd xxxx all
- http_access allow manager localhost
- http_access allow manager managerAdmin
- http_access deny manager
- #http_access allow localhost
- ####### CACHGEMGR END #########
- acl SSL_ports port 443 563 # https, snews
- acl SSL_ports port 873 # rsync
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 53 # dns
- acl Safe_ports port 443 563 # https, snews
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl Safe_ports port 631 # cups
- acl Safe_ports port 873 # rsync
- acl Safe_ports port 901 # SWAT
- acl purge method PURGE
- acl CONNECT method CONNECT
- http_access allow purge localhost
- http_access deny purge
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost
- #===============================
- # Allow HTTP Access to Admin
- #===============================
- http_access allow admin
- http_reply_access allow admin
- icp_access allow admin
- #===============================
- # Allow HTTP Access to Client
- #===============================
- http_access allow client
- http_reply_access allow client
- icp_access allow client
- #===============================
- # Administrative Parameters [GK]
- #===============================
- # User to run squid in Centos is squid, Group squid
- cache_effective_user squid
- cache_effective_group squid
- cache_mgr xxxxx
- visible_hostname xxxx@oodoo.co.in
- unique_hostname xxxx@oodoo.co.in
- #=================
- # ACCELERATOR [GK]
- #=================
- half_closed_clients off
- quick_abort_min 0 KB
- quick_abort_max 0 KB
- vary_ignore_expire on
- reload_into_ims on
- log_fqdn off
- memory_pools off
- cache_swap_low 90
- cache_swap_high 95
- max_filedescriptors 65536
- fqdncache_size 16384
- retry_on_error on
- offline_mode off
- pipeline_prefetch on
- check_hostnames off
- client_db on
- #range_offset_limit 128 KB
- #max_stale 1 week
- read_ahead_gap 1 KB
- forwarded_for off
- minimum_expiry_time 1960 seconds
- vary_ignore_expire on
- # If you want to hide your proxy machine from being detected at various site use following [GK]
- via off
- #==========================
- # Squid Memory Tunning [GK]
- #==========================
- # If you have 4GB memory in Squid box, we will use formula of 1/3
- # You can adjust it according to your need. IF squid is taking too much of RAM
- # Then decrease it to 512 MB or even less.
- cache_mem 512 MB
- minimum_object_size 0 bytes
- maximum_object_size 500 MB
- # Lower it down if your squid taking to much memory, e.g: 512 KB or even less
- maximum_object_size_in_memory 2 MB
- #============================================================$
- # SNMP , if you want to generate graphs for SQUID via MRTG [GK]
- #============================================================$
- #acl snmppublic snmp_community gl
- #snmp_port 3401
- #snmp_access allow snmppublic all
- #snmp_access allow all
- #===========================================================================
- To enable cache content to be delivered at full lan speed,
- # OR To bypass the queue at MT for cached contents / [GK]
- #===========================================================================
- tcp_outgoing_tos 0x30 admin
- tcp_outgoing_tos 0x30 client
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement