Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # Recommended minimum configuration:
- #
- # Auth
- auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
- auth_param ntlm children 30
- auth_param ntlm keep_alive on
- #auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
- #auth_param basic children 10
- #auth_param basic realm Squid Proxy Server
- #auth_param basic credentialsttl 2 hours
- #auth_param basic casesensitive off
- authenticate_ttl 1 hour
- authenticate_cache_garbage_interval 10 minutes
- # Example rule allowing access from your local networks.
- # Adapt to list your (internal) IP networks from where browsing
- # should be allowed
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl FTP_ports port 21
- acl windowsupdate dstdomain windowsupdate.microsoft.com
- acl windowsupdate dstdomain .update.microsoft.com
- acl windowsupdate dstdomain download.windowsupdate.com
- acl windowsupdate dstdomain redir.metaservices.microsoft.com
- acl windowsupdate dstdomain images.metaservices.microsoft.com
- acl windowsupdate dstdomain c.microsoft.com
- acl windowsupdate dstdomain www.download.windowsupdate.com
- acl windowsupdate dstdomain wustat.windows.com
- acl windowsupdate dstdomain crl.microsoft.com
- acl CONNECT method CONNECT
- acl wuCONNECT dstdomain www.update.microsoft.com
- acl AuthorizedUsers proxy_auth REQUIRED
- #
- # Recommended minimum Access Permission configuration:
- #
- http_access allow manager localhost
- http_access deny manager
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow CONNECT wuCONNECT localnet
- http_access allow windowsupdate localnet
- http_access allow localnet
- http_access allow localhost
- http_access allow AuthorizedUsers
- http_access deny all
- # Squid normally listens to port 3128
- http_port 3128
- #http_port 80 transparent
- # Uncomment and adjust the following to add a disk cache directory.
- cache_dir ufs /usr/local/squid/var/cache/squid 51200 36 256
- # Leave coredumps in the first cache dir
- coredump_dir /usr/local/squid/var/cache/squid
- #
- # Add any of your own refresh_pattern entries above these.
- #
- refresh_pattern -i \.(html?\?.*)?$ 9440 90% 100000 override-expire reload-into-ims
- refresh_pattern -i \.(gif|bif|tiff|png|jpe?g|ico|bmp|webp)(\?.*)?$ 36000 90% 100000 override-expire reload-into-ims ignore-reload
- refresh_pattern \.(swf|swf\?|js|js\?|wav|css|css\?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-ims
- refresh_pattern -i \.(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll\?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reload
- refresh_pattern -i \.(xml)$ 0 90% 100000
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern ^ftp: 5440 90% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i . 0 90% 5760
- minimum_object_size 0 KB
- maximum_object_size 250 MB
- maximum_object_size_in_memory 1 MB
- client_db off
- cache_mem 768 MB
- memory_pools on
- access_log /usr/local/squid/var/logs/access.log
- cache_store_log /usr/local/squid/var/logs/store.log
- dns_nameservers 8.8.8.8
- dns_nameservers 127.0.0.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement