centos 6.5 - squid 3

1. install squid:
2. yum install squid
3.  
4. edit config:
5. nano /etc/squid/squid.conf
6. --------------------------------------------------
7. acl manager proto cache_object
8. acl localhost src 127.0.0.1/32 ::1
9. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
10.  
11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
12. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
14. acl localnet src fc00::/7 # RFC 4193 local private network range
15. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
16.  
17. acl SSL_ports port 443
18. acl Safe_ports port 80 # http
19. acl Safe_ports port 21 # ftp
20. acl Safe_ports port 443 # https
21. acl Safe_ports port 70 # gopher
22. acl Safe_ports port 210 # wais
23. acl Safe_ports port 1025-65535 # unregistered ports
24. acl Safe_ports port 280 # http-mgmt
25. acl Safe_ports port 488 # gss-http
26. acl Safe_ports port 591 # filemaker
27. acl Safe_ports port 777 # multiling http
28. acl CONNECT method CONNECT
29.  
30. #allow client ip
31. #acl allowip src "/etc/squid/allowip.squid"
32.  
33. #block sites by domain
34. #acl blocksites dstdomain "/etc/squid/blockedsites.squid"
35.  
36. #block sites by keyword
37. #acl blockkeywords url_regex -i "/etc/squid/blockkeywords.squid"
38.  
39. #block client by ip
40. #acl blockip src "/etc/squid/blockip.squid"
41.  
42. http_access allow manager localhost
43.  
44. #deny blockip ACL
45. #http_access deny blockip
46.  
47. #deny blockedsites ACL
48. #http_access deny blocksites
49.  
50. #deny blockedsites ACL if not allowip
51. #http_access deny blocksites !allowip
52.  
53. #deny blockkeywords ACL
54. #http_access deny blockkeywords
55.  
56. #deny blockkeywords ACL if not allowip
57. #http_access deny blockkeywords !allowip
58.  
59. http_access deny manager
60.  
61. http_access deny !Safe_ports
62.  
63. http_access deny CONNECT !SSL_ports
64.  
65. http_access allow localnet
66. http_access allow localhost
67.  
68. http_access deny all
69.  
70. http_port 3128
71.  
72. #alternate port number
73. #http_port 8080
74.  
75. #transparent proxy
76. #http_port 3128 intercept
77.  
78. #Restrict download size
79. #reply_body_max_size 10 MB all
80.  
81. #Restrict download size if not allowip
82. #reply_body_max_size 10 MB !allowip
83.  
84. hierarchy_stoplist cgi-bin ?
85.  
86. coredump_dir /var/spool/squid
87.  
88. refresh_pattern ^ftp: 1440 20% 10080
89. refresh_pattern ^gopher: 1440 0% 1440
90. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
91. refresh_pattern . 0 20% 4320
92.  
93. --------------------------------------------------
94.  
95. start squid on boot:
96. chkconfig squid on
97.  
98. start squid:
99. service squid start
100.  
101.  
102. ==================================================================
103. to block sites:
104. nano /etc/squid/blockedsites.squid
105. ---------------------------------------------------
106. yahoo.com
107. ithelpblog.com
108. ---------------------------------------------------
109.  
110. to block by keywords:
111. nano /etc/squid/blockkeywords.squid
112. ---------------------------------------------------
113. sex
114. porn
115. ---------------------------------------------------
116.  
117. to block client by ip address
118. nano /etc/squid/blockip.squid
119. ---------------------------------------------------
120. 192.168.0.120
121. 192.168.0.130
122. ---------------------------------------------------
123.  
124. to fullaccess client by ip address
125. nano /etc/squid/allowip.squid
126. ---------------------------------------------------
127. 192.168.0.100
128. ---------------------------------------------------