API tools faq
paste
wandibudiana

squid 3.2

wandibudiana
Feb 13th, 2013
423
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.12 KB | None | 0 0
raw download clone embed print report
  1. # ACCESS CONTROLS OPTIONS
  2. # ====================
  3. #
  4. acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  5. acl all src
  6. acl localnet src 10.0.0.0/8
  7. acl localnet src 192.168.2.0/24 # Your network here
  8. acl localhost src 127.0.0.1/32
  9. acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
  10. acl sslports port 443 563 81 2087 10000
  11. acl manager proto cache_object
  12. acl purge method PURGE
  13. acl connect method CONNECT
  14. http_access allow manager localhost
  15. http_access deny manager
  16. http_access allow purge localhost
  17. http_access deny purge
  18. http_access deny !safeports
  19. http_access deny CONNECT !sslports
  20. http_access allow localhost
  21. http_access allow localnet
  22. http_access deny all
  23.  
  24. # NETWORK OPTIONS
  25. http_port 3128 intercept
  26. https_port 3128 cert=/etc/squid3/ssl/squid.cert key=/etc/squid3/ssl/squid.key intercept
  27. always_direct allow all
  28. sslproxy_cert_error allow all
  29. sslproxy_flags DONT_VERIFY_PEER
  30. sslflags VERIFY_CRL_ALL
  31. sslproxy_options ALL
  32.  
  33. #
  34. # OPTIONS WHICH AFFECT THE CACHE SIZE
  35. # ==============================
  36. #
  37. cache_mem 64 MB
  38. maximum_object_size_in_memory 1024 KB
  39. memory_replacement_policy heap GDSF
  40. cache_replacement_policy heap LFUDA
  41. cache_dir aufs /home/precise/cache 10000 14 256
  42. maximum_object_size 128000 KB
  43. cache_swap_low 95
  44. cache_swap_high 99
  45.  
  46. # LOGFILE PATHNAMES AND CACHE DIRECTORIES
  47. # ==================================
  48.  
  49. access_log /var/log/squid3/access.log
  50. cache_log /var/log/squid3/cache.log
  51. #cache_log /dev/null
  52. cache_store_log none
  53. logfile_rotate 5
  54. log_icp_queries off
  55.  
  56. # OPTIONS FOR TUNING THE CACHE
  57. # ========================
  58.  
  59. cache deny QUERY
  60. refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
  61. refresh_pattern ^gopher: 1440 0% 1440
  62. refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
  63. refresh_pattern -i .(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
  64. refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
  65. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  66. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  67. refresh_pattern -i (/cgi-bin/|?) 0 0% 0
  68. refresh_pattern . 1440 90% 10080
  69. quick_abort_min 0 KB
  70. quick_abort_max 0 KB
  71. quick_abort_pct 100
  72. store_avg_object_size 13 KB
  73.  
  74. # HTTP OPTIONS
  75. # ===========
  76. vary_ignore_expire on
  77.  
  78. # ANONIMITY OPTIONS
  79. # ===============
  80.  
  81. request_header_access From deny all
  82. request_header_access Server deny all
  83. request_header_access Link deny all
  84. request_header_access Via deny all
  85. request_header_access X-Forwarded-For deny all
  86.  
  87. # TIMEOUTS
  88. # =======
  89.  
  90. forward_timeout 240 second
  91. connect_timeout 30 second
  92. peer_connect_timeout 5 second
  93. read_timeout 600 second
  94. request_timeout 60 second
  95. shutdown_lifetime 10 second
  96. half_closed_clients off
  97.  
  98. # ADMINISTRATIVE PARAMETERS
  99. # =====================
  100.  
  101. cache_mgr ninja
  102. cache_effective_user proxy
  103. cache_effective_group proxy
  104. httpd_suppress_version_string on
  105. visible_hostname ninja
  106.  
  107. ftp_list_width 32
  108. ftp_passive on
  109. ftp_sanitycheck on
  110.  
  111. # DNS OPTIONS
  112. # ==========
  113.  
  114. dns_timeout 10 seconds
  115. dns_nameservers 8.8.8.8 8.8.4.4 # DNS Server
  116.  
  117. # MISCELLANEOUS
  118. # ===========
  119.  
  120. memory_pools off
  121. client_db off
  122. reload_into_ims on
  123. coredump_dir /cache
  124. pipeline_prefetch on
  125. offline_mode off
  126.  
  127. #Marking ZPH
  128. #==========
  129. zph_mode tos
  130. zph_local 0x04
  131. zph_parent 0
  132. zph_option 136
  133. ### END CONFIGURATION ###
  134.  
  135. https_port 443 cert=/etc/squid3/ssl/squid.cert key=/etc/squid3/ssl/squid.key transparent
  136. This is most useful for situations where you are running squid in accelerator mode and you want to do the SSL work at the accelerator level.
  137.  
  138. ssl_unclean_shutdown
  139. Some browsers (especially MSIE) bugs out on SSL shutdown messages.
  140.  
  141. sslproxy_client_certificate
  142. Client SSL Certificate to use when proxying https:// URLs
  143.  
  144. sslproxy_client_key
  145. Client SSL Key to use when proxying https:// URLs
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!