API tools faq
paste
Advertisement
albspirit86

squid3.conf

albspirit86
Jun 2nd, 2014
713
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.50 KB | None | 0 0
raw download clone embed print report
  1. ## SQUID.CONF ##
  2. cache_mgr proxy
  3. visible_hostname proxy
  4.  
  5. #ads block"
  6. acl asd dstdom_regex -i "/etc/squid/ad_block.txt"
  7. http_access deny asd
  8.  
  9.  
  10. cache_mem 1024 MB
  11. cache_swap_low 98
  12. cache_swap_high 99
  13.  
  14. maximum_object_size 1024 MB
  15. maximum_object_size_in_memory 256 KB
  16. minimum_object_size 10 bytes
  17.  
  18. ipcache_size 2048
  19. ipcache_low 98
  20. ipcache_high 99
  21.  
  22. memory_pools off
  23. reload_into_ims on
  24. vary_ignore_expire on
  25.  
  26. cache_replacement_policy heap LFUDA
  27. memory_replacement_policy heap GDSF
  28. # Uncomment and adjust the following to add a disk cache directory.
  29. cache_dir aufs /cache 54444 64 256
  30.  
  31. # Leave coredumps in the first cache dir
  32. coredump_dir /cache
  33.  
  34. access_log stdio:/var/log/squid/access.log
  35. cache_log /var/log/squid/cache.log
  36.  
  37.  
  38. #acl B_url url_regex "/etc/squid3/Bsites1"
  39. #http_access deny B_url
  40.  
  41.  
  42. acl localnet src 192.168.100.0/24
  43. acl SSL_ports port 443
  44. acl Safe_ports port 80
  45. acl Safe_ports port 21
  46. acl Safe_ports port 443
  47. acl Safe_ports port 70
  48. acl Safe_ports port 210
  49. acl Safe_ports port 1025-65535
  50. acl Safe_ports port 280
  51. acl Safe_ports port 488
  52. acl Safe_ports port 591
  53. acl Safe_ports port 777
  54. acl CONNECT method CONNECT
  55.  
  56. acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
  57. acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$
  58.  
  59. acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
  60. acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
  61.  
  62. acl dontrewrite url_regex redbot\.org
  63. acl getmethod method GET
  64.  
  65. always_direct allow all
  66. ssl_bump server-first all
  67. http_access deny !Safe_ports
  68. http_access deny CONNECT !SSL_ports
  69. http_access allow all
  70. http_reply_access allow all
  71. http_access allow localnet
  72. icp_access allow all
  73.  
  74. http_port localhost:3128
  75. http_port 3128 intercept
  76. https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
  77.  
  78. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
  79. sslcrtd_children 5
  80. sslproxy_cert_error allow all
  81. sslproxy_flags DONT_VERIFY_PEER
  82.  
  83. acl QUERY urlpath_regex -i (begin|start)\=
  84. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  85. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  86. acl dontrewrite url_regex redbot\.org
  87. acl getmethod method GET
  88. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  89. acl redir urlpath_regex -i &ir=1&rr=12
  90. acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  91. acl yutub url_regex -i gstatic\.com\/csi\?.*$
  92.  
  93. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  94. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  95. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  96. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  97.  
  98. cache allow rewritedoms
  99. cache deny QUERY
  100. cache deny redir
  101.  
  102. store_id_program /etc/squid/storeid.pl
  103. store_id_children 20 startup=10 idle=5 concurrency=30
  104. store_id_access deny !getmethod
  105. store_id_access deny redir
  106. store_id_access deny dontrewrite
  107. store_id_access allow rewritedoms
  108. store_id_access allow youtube
  109. store_id_access allow reverbnation
  110. store_id_access deny all
  111.  
  112.  
  113.  
  114. max_stale 1 week
  115.  
  116. acl ads url_regex -i .youtube\.com\/ad_frame?
  117. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
  118. acl ads url_regex -i .googlesyndication\.com
  119. acl ads url_regex -i .doubleclick\.net
  120. acl ads url_regex -i ^http:\/\/googleads\.*
  121. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
  122. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
  123. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
  124. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
  125. http_access deny ads
  126. http_reply_access deny ads
  127.  
  128. refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
  129. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  130. refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
  131. refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
  132. refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
  133. #refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  134. #refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  135. #refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  136. #refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  137. #refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  138. #refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  139.  
  140. #PATTERN REFRESH
  141. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  142. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  143. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  144. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  145. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  146. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
  147.  
  148. #sensitive site
  149. refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
  150. refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
  151. refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
  152. #refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
  153. #refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
  154. refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
  155. refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
  156. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  157.  
  158. refresh_pattern ^http.*(youtube|googlevideo)\.* 43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  159. #FB
  160. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  161. refresh_pattern \.facebook\.com.* 240 50% 480
  162. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
  163. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
  164. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  165. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  166. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  167. #refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  168. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
  169. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
  170. refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
  171. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
  172. #refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  173.  
  174. # facebook games
  175. refresh_pattern ^http:\/\/apps.facebook.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  176. refresh_pattern -i \.zynga.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  177. refresh_pattern -i \.farmville.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  178. refresh_pattern -i \.ninjasaga.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  179. refresh_pattern -i \.mafiawars.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  180. refresh_pattern -i \.crowdstar.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  181. refresh_pattern -i \.popcap.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  182.  
  183. ####### UPDATE, PATCH #############
  184. # Avira, MBAM update
  185. refresh_pattern avgate.net/.*.gz 720 100% 10080 reload-into-ims
  186. refresh_pattern -i windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  187. refresh_pattern -i download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  188. refresh_pattern -i uk.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  189. refresh_pattern -i au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  190. refresh_pattern mbam-cdn.malwarebytes.org/.*\.exe 720 100% 10080 reload-into-ims
  191. refresh_pattern data-cdn.mbamupdates.com/.*\.ref 720 100% 10080 reload-into-ims
  192. refresh_pattern mbamupdates.com.*\.ref 720 100% 10080 reload-into-ims
  193. refresh_pattern personal.avira-update.com/.*\.* 720 100% 10080 reload-into-ims
  194. refresh_pattern dl.antivir.de/.*\.zip 720 100% 10080 reload-into-ims
  195.  
  196. #ads
  197. refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
  198. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  199. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  200. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  201. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  202. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  203.  
  204. #general
  205. refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  206. refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  207. refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  208. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  209. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  210. refresh_pattern ^ftp: 1440 20% 10080
  211. refresh_pattern ^gopher: 1440 0% 1440
  212. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  213. refresh_pattern . 60 50% 14400 store-stale
  214.  
  215. memory_pools off
  216. client_db off
  217. #reload_into_ims on
  218. pipeline_prefetch on
  219. offline_mode off
  220. cache_effective_user proxy
  221. cache_effective_group proxy
  222.  
  223. request_header_access From deny all
  224. request_header_access Server deny all
  225. request_header_access WWW-Authenticate deny all
  226. request_header_access Link deny all
  227. request_header_access Cache-Control deny all
  228. request_header_access Proxy-Connection deny all
  229. request_header_access X-Cache deny all
  230. request_header_access X-Cache-Lookup deny all
  231. request_header_access Via deny all
  232. request_header_access Forwarded-For deny all
  233. request_header_access X-Forwarded-For deny all
  234. request_header_access Pragma deny all
  235. request_header_access Keep-Alive deny all
  236. vary_ignore_expire on
  237.  
  238. # local
  239. qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!