# squid.conf.pre.local - advanced ipfire web proxy configuration file https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/certs/squid.key cert=/etc/squid/certs/squid.pem # cache swap cache_swap_high 99 cache_swap_low 98 # fqdn and ipcache fqdncache_size 4096 ipcache_size 4096 # qos for local cache - match dscp 12 qos_flows local-hit=0x30 # ssl bump always_direct allow all ssl_bump server-first all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/ipfire/ssl_db -M 4MB sslcrtd_children 32 startup=5 idle=1 # addition @ PC Mikrotik acl all-url url_regex -i .* acl text-html rep_mime_type text/html acl http302 http_status 302 store_miss deny all-url text-html send_hit deny all-url text-html store_miss deny all-url http302 send_hit deny all-url http302 # storeid *test* acl urlrewrite dstdomain .fbcdn.net .akamaihd.net acl speedtest url_regex -i speedtest\/.*\.(jpg|txt)\?.* acl reverbnation url_regex -i reverbnation.*audio_player.*ec_stream_song.*$ acl utmgif url_regex -i utm.gif.* acl playstoreandroid url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary.* acl idyoutube url_regex -i youtube.*(ptracking|stream_204|player_204).*(v\=|docid\=|video_id\=).*$ acl videoyoutube url_regex -i (youtube|googlevideo).*videoplayback\? acl videoyoutube url_regex -i (youtube|googlevideo).*videoplayback\? acl loop_302 http_status 302 acl getmethod method GET store_id_program /usr/bin/perl /etc/squid/storeid store_id_children 20 startup=0 idle=1 concurrency=5 store_id_access deny !getmethod store_id_access allow urlrewrite store_id_access allow speedtest store_id_access allow reverbnation store_id_access allow utmgif store_id_access allow playstoreandroid store_id_access allow idyoutube store_id_access allow videoyoutube store_id_access deny all store_miss deny videoyoutube loop_302 send_hit deny videoyoutube loop_302 refresh_pattern (akamaihd|fbcdn)\.net 14400 99% 518400 ignore-no-store ignore-private ignore-must-revalidate store-stale refresh_pattern -i squid\.internal 14400 99% 518400 ignore-no-store ignore-private ignore-must-revalidate store-stale refresh_pattern \.(jpg|png|gif|css|ico)($|\?) 14400 99% 518400 ignore-no-store ignore-private reload-into-ims ignore-must-revalidate store-stale refresh_pattern . 0 99% 518400 ignore-no-store ignore-private reload-into-ims store-stale