Squid Conf

1. # PORT and Transparent Option [GK]
2. http_port 4524
3. http_port 4525 tproxy
4. httpd_suppress_version_string on
5.  
6. # PID File location, we can use it for various functions later, like for squid status (JZ)
7. pid_filename /var/run/squid.pid
8.  
9. # Using 10 GB in this example per drive
10. store_dir_select_algorithm round-robin
11.  
12. cache_dir aufs /squid/cache 10240 16 256
13.  
14. # Cache Replacement Policies [GK]
15. cache_replacement_policy heap GDSF
16. memory_replacement_policy heap GDSF
17.  
18. # If you want to enable DATE time n SQUID Logs,use following [GK]
19. emulate_httpd_log on
20. logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
21. log_fqdn off
22.  
23. # How much days to keep users access web logs [GK]
24. # You need to rotate your log files with a cron job. For example:
25. # 0 0 * * * /usr/local/squid/bin/squid -k rotate
26. logfile_rotate 14
27. debug_options ALL,9
28.  
29. # Squid Logs Section
30. # access_log none # To disable Squid access log, enable this option
31.  
32. cache_access_log /var/log/squid/access.log
33. cache_log /var/log/squid/cache.log
34. cache_store_log /var/log/squid/store.log
35. #referer_log /var/log/squid/referer.log
36. #mime_table /etc/squid/mime.conf
37. log_mime_hdrs off
38.  
39. # I used DNSAMSQ service for fast dns resolving
40. # so install by using "apt-get install dnsmasq" first / GK
41. dns_nameservers 127.0.0.1
42.  
43. ftp_user anonymous@
44. ftp_list_width 32
45. ftp_passive on
46. ftp_sanitycheck on
47.  
48. #ACL Section
49. acl admin src 10.5.7.0/24 # Allow Admins
50. acl client src 172.16.0.0/16 # Allow Clients
51. acl localhost src 127.0.0.1/32
52. acl to_localhost dst 127.0.0.0/8
53.  
54. ###### cache manager section start, You can remote it if not required ####
55. # install following
56. # apt-get install squid-cgi
57. # add following entry in /etc/squid/cachemgr.conf
58. # localhost:8080
59. # then you can access it via http://squid_ip/cgi-bin/cachemgr.cgi
60.  
61. acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
62. acl managerAdmin src 10.5.7.0/24 # Change it to your management pc ip
63. cache_mgr [email protected]
64. cachemgr_passwd xxxx all
65. http_access allow manager localhost
66. http_access allow manager managerAdmin
67. http_access deny manager
68. #http_access allow localhost
69. ####### CACHGEMGR END #########
70.  
71. acl SSL_ports port 443 563 # https, snews
72. acl SSL_ports port 873 # rsync
73. acl Safe_ports port 80 # http
74. acl Safe_ports port 21 # ftp
75. acl Safe_ports port 53 # dns
76. acl Safe_ports port 443 563 # https, snews
77. acl Safe_ports port 70 # gopher
78. acl Safe_ports port 210 # wais
79. acl Safe_ports port 1025-65535 # unregistered ports
80. acl Safe_ports port 280 # http-mgmt
81. acl Safe_ports port 488 # gss-http
82. acl Safe_ports port 591 # filemaker
83. acl Safe_ports port 777 # multiling http
84. acl Safe_ports port 631 # cups
85. acl Safe_ports port 873 # rsync
86. acl Safe_ports port 901 # SWAT
87. acl purge method PURGE
88. acl CONNECT method CONNECT
89. http_access allow purge localhost
90. http_access deny purge
91. http_access deny !Safe_ports
92. http_access deny CONNECT !SSL_ports
93. http_access allow localhost
94.  
95. #===============================
96. # Allow HTTP Access to Admin
97. #===============================
98.  
99. http_access allow admin
100. http_reply_access allow admin
101. icp_access allow admin
102.  
103. #===============================
104. # Allow HTTP Access to Client
105. #===============================
106.  
107. http_access allow client
108. http_reply_access allow client
109. icp_access allow client
110.  
111. #===============================
112. # Administrative Parameters [GK]
113. #===============================
114.  
115. # User to run squid in Centos is squid, Group squid
116.  
117. cache_effective_user squid
118. cache_effective_group squid
119. cache_mgr xxxxx
120. visible_hostname [email protected]
121. unique_hostname [email protected]
122.  
123. #=================
124. # ACCELERATOR [GK]
125. #=================
126. half_closed_clients off
127. quick_abort_min 0 KB
128. quick_abort_max 0 KB
129. vary_ignore_expire on
130. reload_into_ims on
131. log_fqdn off
132. memory_pools off
133. cache_swap_low 90
134. cache_swap_high 95
135. max_filedescriptors 65536
136. fqdncache_size 16384
137. retry_on_error on
138. offline_mode off
139. pipeline_prefetch on
140. check_hostnames off
141. client_db on
142. #range_offset_limit 128 KB
143. #max_stale 1 week
144. read_ahead_gap 1 KB
145. forwarded_for off
146. minimum_expiry_time 1960 seconds
147. vary_ignore_expire on
148.  
149. # If you want to hide your proxy machine from being detected at various site use following [GK]
150. via off
151.  
152. #==========================
153. # Squid Memory Tunning [GK]
154. #==========================
155. # If you have 4GB memory in Squid box, we will use formula of 1/3
156. # You can adjust it according to your need. IF squid is taking too much of RAM
157. # Then decrease it to 512 MB or even less.
158.  
159. cache_mem 512 MB
160. minimum_object_size 0 bytes
161. maximum_object_size 500 MB
162.  
163. # Lower it down if your squid taking to much memory, e.g: 512 KB or even less
164. maximum_object_size_in_memory 2 MB
165.  
166. #============================================================$
167. # SNMP , if you want to generate graphs for SQUID via MRTG [GK]
168. #============================================================$
169. #acl snmppublic snmp_community gl
170. #snmp_port 3401
171. #snmp_access allow snmppublic all
172. #snmp_access allow all
173.  
174. #===========================================================================
175. To enable cache content to be delivered at full lan speed,
176. # OR To bypass the queue at MT for cached contents / [GK]
177. #===========================================================================
178. tcp_outgoing_tos 0x30 admin
179. tcp_outgoing_tos 0x30 client