Advertisement
albspirit86

squid3.conf

Jun 2nd, 2014
727
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.50 KB | None | 0 0
  1. ## SQUID.CONF ##
  2. cache_mgr proxy
  3. visible_hostname proxy
  4.  
  5. #ads block"
  6. acl asd dstdom_regex -i "/etc/squid/ad_block.txt"
  7. http_access deny asd
  8.  
  9.  
  10. cache_mem 1024 MB
  11. cache_swap_low 98
  12. cache_swap_high 99
  13.  
  14. maximum_object_size 1024 MB
  15. maximum_object_size_in_memory 256 KB
  16. minimum_object_size 10 bytes
  17.  
  18. ipcache_size 2048
  19. ipcache_low 98
  20. ipcache_high 99
  21.  
  22. memory_pools off
  23. reload_into_ims on
  24. vary_ignore_expire on
  25.  
  26. cache_replacement_policy heap LFUDA
  27. memory_replacement_policy heap GDSF
  28. # Uncomment and adjust the following to add a disk cache directory.
  29. cache_dir aufs /cache 54444 64 256
  30.  
  31. # Leave coredumps in the first cache dir
  32. coredump_dir /cache
  33.  
  34. access_log stdio:/var/log/squid/access.log
  35. cache_log /var/log/squid/cache.log
  36.  
  37.  
  38. #acl B_url url_regex "/etc/squid3/Bsites1"
  39. #http_access deny B_url
  40.  
  41.  
  42. acl localnet src 192.168.100.0/24
  43. acl SSL_ports port 443
  44. acl Safe_ports port 80
  45. acl Safe_ports port 21
  46. acl Safe_ports port 443
  47. acl Safe_ports port 70
  48. acl Safe_ports port 210
  49. acl Safe_ports port 1025-65535
  50. acl Safe_ports port 280
  51. acl Safe_ports port 488
  52. acl Safe_ports port 591
  53. acl Safe_ports port 777
  54. acl CONNECT method CONNECT
  55.  
  56. acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
  57. acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$
  58.  
  59. acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
  60. acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
  61.  
  62. acl dontrewrite url_regex redbot\.org
  63. acl getmethod method GET
  64.  
  65. always_direct allow all
  66. ssl_bump server-first all
  67. http_access deny !Safe_ports
  68. http_access deny CONNECT !SSL_ports
  69. http_access allow all
  70. http_reply_access allow all
  71. http_access allow localnet
  72. icp_access allow all
  73.  
  74. http_port localhost:3128
  75. http_port 3128 intercept
  76. https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
  77.  
  78. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
  79. sslcrtd_children 5
  80. sslproxy_cert_error allow all
  81. sslproxy_flags DONT_VERIFY_PEER
  82.  
  83. acl QUERY urlpath_regex -i (begin|start)\=
  84. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  85. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  86. acl dontrewrite url_regex redbot\.org
  87. acl getmethod method GET
  88. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  89. acl redir urlpath_regex -i &ir=1&rr=12
  90. acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  91. acl yutub url_regex -i gstatic\.com\/csi\?.*$
  92.  
  93. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  94. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  95. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  96. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  97.  
  98. cache allow rewritedoms
  99. cache deny QUERY
  100. cache deny redir
  101.  
  102. store_id_program /etc/squid/storeid.pl
  103. store_id_children 20 startup=10 idle=5 concurrency=30
  104. store_id_access deny !getmethod
  105. store_id_access deny redir
  106. store_id_access deny dontrewrite
  107. store_id_access allow rewritedoms
  108. store_id_access allow youtube
  109. store_id_access allow reverbnation
  110. store_id_access deny all
  111.  
  112.  
  113.  
  114. max_stale 1 week
  115.  
  116. acl ads url_regex -i .youtube\.com\/ad_frame?
  117. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
  118. acl ads url_regex -i .googlesyndication\.com
  119. acl ads url_regex -i .doubleclick\.net
  120. acl ads url_regex -i ^http:\/\/googleads\.*
  121. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
  122. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
  123. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
  124. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
  125. http_access deny ads
  126. http_reply_access deny ads
  127.  
  128. refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
  129. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  130. refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
  131. refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
  132. refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
  133. #refresh_pattern \.gemscool.com.*\.(exe|dll|cab|zip|iop|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  134. #refresh_pattern \.crossfire.web.id.*\.(cab|zip|exe|rar|dat|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  135. #refresh_pattern \.cabalonline.co.id.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  136. #refresh_pattern \.megaxus.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  137. #refresh_pattern \.lytogame.com.*\.(cab|zip|exe|rar|dat|swf) 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  138. #refresh_pattern ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2}).*\.(pak|exe|zip|kom|stg|npz|swf)$ 1440 100% 4320 override-expire override-lastmod reload-into-ims ignore-auth store-stale
  139.  
  140. #PATTERN REFRESH
  141. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  142. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  143. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  144. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  145. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  146. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
  147.  
  148. #sensitive site
  149. refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
  150. refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
  151. refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
  152. #refresh_pattern -i (UpdaterModifier.exe|FreeStyle.exe|PBLauncher.exe|update.exe|NewLauncher.exe|NewAvalon.exe|hon.exe.zip|cabal.exe)$ 0 50% 1440
  153. #refresh_pattern -i (PointBlank.exe.zip|HSUpdate.exe.zip|PBConfig.exe.zip) 0 50% 1440
  154. refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
  155. refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
  156. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  157.  
  158. refresh_pattern ^http.*(youtube|googlevideo)\.* 43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  159. #FB
  160. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  161. refresh_pattern \.facebook\.com.* 240 50% 480
  162. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
  163. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
  164. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  165. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  166. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  167. #refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  168. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
  169. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
  170. refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
  171. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
  172. #refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  173.  
  174. # facebook games
  175. refresh_pattern ^http:\/\/apps.facebook.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  176. refresh_pattern -i \.zynga.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  177. refresh_pattern -i \.farmville.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  178. refresh_pattern -i \.ninjasaga.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  179. refresh_pattern -i \.mafiawars.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  180. refresh_pattern -i \.crowdstar.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  181. refresh_pattern -i \.popcap.com.*\/ 1440 90% 10080 ignore-reload override-expire ignore-no-cache
  182.  
  183. ####### UPDATE, PATCH #############
  184. # Avira, MBAM update
  185. refresh_pattern avgate.net/.*.gz 720 100% 10080 reload-into-ims
  186. refresh_pattern -i windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  187. refresh_pattern -i download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  188. refresh_pattern -i uk.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  189. refresh_pattern -i au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
  190. refresh_pattern mbam-cdn.malwarebytes.org/.*\.exe 720 100% 10080 reload-into-ims
  191. refresh_pattern data-cdn.mbamupdates.com/.*\.ref 720 100% 10080 reload-into-ims
  192. refresh_pattern mbamupdates.com.*\.ref 720 100% 10080 reload-into-ims
  193. refresh_pattern personal.avira-update.com/.*\.* 720 100% 10080 reload-into-ims
  194. refresh_pattern dl.antivir.de/.*\.zip 720 100% 10080 reload-into-ims
  195.  
  196. #ads
  197. refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 1440 99% 14400 ignore-private override-expire ignore-reload ignore-auth max-stale=1440
  198. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  199. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  200. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  201. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  202. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  203.  
  204. #general
  205. refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  206. refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  207. refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  208. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  209. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  210. refresh_pattern ^ftp: 1440 20% 10080
  211. refresh_pattern ^gopher: 1440 0% 1440
  212. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  213. refresh_pattern . 60 50% 14400 store-stale
  214.  
  215. memory_pools off
  216. client_db off
  217. #reload_into_ims on
  218. pipeline_prefetch on
  219. offline_mode off
  220. cache_effective_user proxy
  221. cache_effective_group proxy
  222.  
  223. request_header_access From deny all
  224. request_header_access Server deny all
  225. request_header_access WWW-Authenticate deny all
  226. request_header_access Link deny all
  227. request_header_access Cache-Control deny all
  228. request_header_access Proxy-Connection deny all
  229. request_header_access X-Cache deny all
  230. request_header_access X-Cache-Lookup deny all
  231. request_header_access Via deny all
  232. request_header_access Forwarded-For deny all
  233. request_header_access X-Forwarded-For deny all
  234. request_header_access Pragma deny all
  235. request_header_access Keep-Alive deny all
  236. vary_ignore_expire on
  237.  
  238. # local
  239. qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement