API tools faq
paste
Advertisement
albspirit86

squid3.4.6.conf

albspirit86
Jul 6th, 2014
525
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.24 KB | None | 0 0
raw download clone embed print report
  1. #=======================================#
  2. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  3. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  4. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  5. acl localnet src fc00::/7 # RFC 4193 local private network range
  6. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  7. acl SSL_ports port 443
  8. acl Safe_ports port 80 # http
  9. acl Safe_ports port 21 # ftp
  10. acl Safe_ports port 443 # https
  11. acl Safe_ports port 70 # gopher
  12. acl Safe_ports port 210 # wais
  13. acl Safe_ports port 1025-65535 # unregistered ports
  14. acl Safe_ports port 280 # http-mgmt
  15. acl Safe_ports port 488 # gss-http
  16. acl Safe_ports port 591 # filemaker
  17. acl Safe_ports port 777 # multiling http
  18. acl CONNECT method CONNECT
  19.  
  20. acl QUERY urlpath_regex -i (begin|start)\=
  21. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  22. acl QUERY urlpath_regex -i \.(ini|ui|lst|inf|mh-|sc-)
  23. acl QUERY urlpath_regex -i (afs.dat|captcha|reset.css|update.txt|version.list|gamenotice|vdf.info.gz|patchinfo.bin|latest-version.xml|start*.txt|server_patch.cfg.iop|patchinfo.xml|PatchTimeCheck.dat|PatchPath.dat)
  24. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  25. acl dontrewrite url_regex redbot\.org
  26. acl getmethod method GET
  27. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  28. acl redir urlpath_regex -i &ir=1&rr=12
  29. acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  30. acl yutub url_regex -i gstatic\.com\/csi\?.*$
  31.  
  32. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  33. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  34. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  35. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  36.  
  37. http_access deny !Safe_ports
  38. http_access deny CONNECT !SSL_ports
  39. http_access allow localhost manager
  40. http_access deny manager
  41. http_access allow localnet
  42. http_access allow localhost
  43. http_access deny all
  44.  
  45.  
  46. https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=8MB key=/etc/squid/ssl_cert/myCA.pem cert=/etc/squid/ssl_cert/myCA.pem connection-auth=off
  47. http_port 3128
  48. http_port 3129 intercept
  49.  
  50. always_direct allow all
  51. ssl_bump client-first all
  52. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs -M 8MB
  53. sslcrtd_children 5
  54. sslproxy_cert_error deny all
  55. sslproxy_flags DONT_VERIFY_PEER
  56.  
  57. hierarchy_stoplist cgi-bin ?
  58.  
  59. cache allow rewritedoms
  60. cache deny QUERY
  61. cache deny redir
  62.  
  63. memory_replacement_policy heap GDSF
  64. cache_replacement_policy heap LFUDA
  65. cache_mem 64 MB
  66. maximum_object_size_in_memory 32 KB
  67. minimum_object_size 0 KB
  68. maximum_object_size 102 MB
  69. cache_swap_low 98
  70. cache_swap_high 99
  71.  
  72. cache_dir aufs /cache-1 22000 16 256
  73. cache_dir aufs /cache-2 22000 16 256
  74.  
  75. coredump_dir /var/spool/squid
  76.  
  77.  
  78. #logformat squid1 %{Referer}>h %ru
  79. #access_log /var/log/squid/yt.log squid1 yutub
  80. access_log /var/log/squid/access.log
  81. cache_log /var/log/squid/cache.log
  82. cache_store_log none
  83. logfile_rotate 5
  84. mime_table /etc/squid/mime.conf
  85. log_icp_queries off
  86.  
  87. store_id_program /etc/squid/store-id.pl
  88. store_id_children 20 startup=10 idle=5 concurrency=30
  89. store_id_access deny !getmethod
  90. store_id_access deny redir
  91. store_id_access deny dontrewrite
  92. store_id_access allow rewritedoms
  93. store_id_access deny all
  94.  
  95. strip_query_terms off
  96.  
  97. max_stale 1 week
  98.  
  99. refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
  100. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  101. refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
  102. refresh_pattern -i \.(swf|png|jpg) 129600 99% 129600 override-expire override-lastmod ignore-reload
  103. refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
  104. refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
  105. refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  106. refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  107. refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  108. refresh_pattern \.filehippo.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  109. refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  110. refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  111.  
  112. #PATTERN REFRESH
  113. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  114. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  115. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  116. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  117. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  118. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
  119.  
  120. #sensitive site
  121. refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
  122. refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
  123. refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
  124. refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
  125. refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
  126. refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
  127. refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
  128. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  129.  
  130. #FB
  131. refresh_pattern -i \.akamaihd\.net\/.*\.(jpg|png) 129600 99% 129600 override-expire override-lastmod ignore-reload
  132. refresh_pattern -i .facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 99% 129600
  133. refresh_pattern -i .fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 99% 129690
  134. refresh_pattern -i .zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 99% 129609
  135. refresh_pattern -i .crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 99% 129609
  136. refresh_pattern -i https:\/\/.*\.xx\.fbcdn\.net\/.*\.jpg 129600 99% 129600 override-expire override-lastmod ignore-reload
  137. refresh_pattern ^https://static.ak.fbcdn.net*.(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 99% 129600
  138. refresh_pattern ^https://videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  139. refresh_pattern ^https://*.channel.facebook.com/(.*)(js|css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  140. refresh_pattern ^https://video.ak.facebook.com*.(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  141. refresh_pattern ^https://photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  142. refresh_pattern ^https://profile.ak.fbcdn.net*.(jpg|gif|png) 129600 99% 129600
  143. refresh_pattern ^https://platform.ak.fbcdn.net/.* 720 100% 4320
  144. refresh_pattern ^https://creative.ak.fbcdn.net/.* 720 100% 4320
  145. refresh_pattern ^https://apps.facebook.com/.* 720 100% 4320
  146. refresh_pattern ^https://static.ak.fbcdn.net*.(js|css|jpg|gif|png) 129600 99% 129600
  147. refresh_pattern ^https://statics.poker.static.zynga.com/(.*)(swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  148. refresh_pattern ^https://statics.poker.static.zynga.com/.* 720 100% 4320
  149. refresh_pattern ^https://*.zynga.com*.(swf|jpg|gif|png|wav|mp(e?g|a|e|1|2|3|4)) 129600 99% 129600
  150. #ads
  151. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  152. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  153. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  154. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  155. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  156. refresh_pattern ^https://*.google-analytics.*/.* 720 100% 4320
  157. refresh_pattern -i .kaskus.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 99% 129600
  158. refresh_pattern -i .kaskus.us.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) 12960 99% 129600
  159. refresh_pattern ^http://*.kaskus.us*.*(jpg|gif|png|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 129600 99% 129600
  160.  
  161. #general
  162. refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  163. refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  164. refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  165. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  166. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  167. refresh_pattern ^ftp: 1440 20% 10080
  168. refresh_pattern ^gopher: 1440 0% 1440
  169. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  170. refresh_pattern . 60 50% 14400 store-stale
  171.  
  172.  
  173.  
  174. ######################
  175. refresh_pattern -i ^http\:\/\/www\.mistreci\.com\/.*\.(gif|jpe?g|png|swf|js|css|bmp) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
  176. refresh_pattern -i (.*)?animeshippunden\.com\/.*\.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
  177. refresh_pattern -i (.*)?mangacanblog\.com\/.*\.(png|jpe?g|bmp|gif|txt|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
  178. refresh_pattern -i ^http\:\/\/i.*\.photobucket\.com\/.*\.(gif|bmp|jpe?g|png|swf|js|css) 43200 99% 43200 ignore-no-store ignore-private override-expire override-lastmod reload-into-ims store-stale
  179. refresh_pattern -i http\:\/\/i[1-9]\.ytimg\.com\/.*\.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
  180. refresh_pattern -i ^http\:\/\/\w{1}\.ytimg\.com\/.*\.(png|jpe?g|bmp|giff?|swf|js|css) 43200 99% 129600 ignore-private override-expire override-lastmod reload-into-ims store-stale
  181. refresh_pattern -i ^http\:\/\/klimg\.com\/.*\.(jpe?g|swf|png|bmp|ico|gif|txt|css|js) 64800 99% 64800 ignore-reload reload-into-ims store-stale
  182.  
  183. positive_dns_ttl 8 hours
  184. negative_dns_ttl 15 seconds
  185. memory_pools off
  186. client_db on
  187. buffered_logs on
  188. half_closed_clients off
  189. reload_into_ims on
  190. #pipeline_prefetch on
  191. offline_mode off
  192. cache_effective_user proxy
  193. cache_effective_group proxy
  194. icp_hit_stale on
  195. query_icmp on
  196. negative_ttl 30 seconds
  197.  
  198. quick_abort_min 0 KB
  199. quick_abort_max 0 KB
  200. quick_abort_pct 100
  201. store_avg_object_size 13 KB
  202.  
  203.  
  204. request_header_access From deny all
  205. request_header_access Server deny all
  206. request_header_access WWW-Authenticate deny all
  207. request_header_access Link deny all
  208. request_header_access Cache-Control deny all
  209. request_header_access Proxy-Connection deny all
  210. request_header_access X-Cache deny all
  211. request_header_access X-Cache-Lookup deny all
  212. request_header_access Via deny all
  213. request_header_access Forwarded-For deny all
  214. request_header_access X-Forwarded-For deny all
  215. request_header_access Pragma deny all
  216. request_header_access Keep-Alive deny all
  217. vary_ignore_expire on
  218.  
  219. shutdown_lifetime 10 second
  220. dns_nameservers 8.8.8.8
  221. ipcache_size 4096
  222. ipcache_low 98
  223. ipcache_high 99
  224. fqdncache_size 2048
  225. tcp_outgoing_tos 0x30 localnet
  226.  
  227. # local
  228. qos_flows local-hit=0x30
  229. qos_flows tos 0x30
  230. # sibling
  231. # qos_flows sibling-hit=0x31
  232. # parent
  233. # qos_flows parent-hit=0x32
  234. # preserve
  235. # qos_flows disable-preserve-miss
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!