# ACCESS CONTROLS# -----------------------------------------------------------

1. # ACCESS CONTROLS
2. # -----------------------------------------------------------------------------
3. acl QUERY urlpath_regex -i cgi-bin \? localhost
4. acl all src all
5. acl manager proto cache_object
6. acl localhost src 127.0.0.1/32
7. acl mikrotik src 192.168.100.0/24
8. acl to_localhost dst 127.0.0.0/8
9. acl ICONNET src 192.168.100.0/27
10. acl SSL_ports port 443
11. acl Safe_ports port 80 # http
12. acl Safe_ports port 21 # ftp
13. acl Safe_ports port 443 # https
14. acl Safe_ports port 70 # gopher
15. acl Safe_ports port 210 # wais
16. acl Safe_ports port 1025-65535 # unregistered ports
17. acl Safe_ports port 280 # http-mgmt
18. acl Safe_ports port 488 # gss-http
19. acl Safe_ports port 591 # filemaker
20. acl Safe_ports port 777 # multiling http
21. acl CONNECT method CONNECT
22. acl PURGE method PURGE
23. http_access allow PURGE localhost
24. http_access deny PURGE
25. http_access allow manager localhost
26. http_access deny manager
27. http_access deny !Safe_ports
28. http_access deny CONNECT !SSL_ports
29. http_access allow ICONNET
30. http_access allow mikrotik
31. http_access deny all
32.  
33. # NETWORK OPTIONS
34. # -----------------------------------------------------------------------------
35. http_port 3128 transparent
36. zph_mode tos
37. zph_local 0x30
38. zph_parent 0
39. zph_option 136
40.  
41. # PARENT/SIBLING CACHE OPTIONS
42. # -----------------------------------------------------------------------------
43. hierarchy_stoplist cgi-bin localhost
44. # OPTIONS WHICH AFFECT THE CACHE SIZE
45. # -----------------------------------------------------------------------------
46. cache_mem 8 MB
47. maximum_object_size_in_memory 64 KB
48. memory_replacement_policy heap GDSF
49. cache_replacement_policy heap LFUDA
50. cache_dir aufs /cache1 14000 32 256
51. cache_dir aufs /cache2 14000 32 256
52. store_dir_select_algorithm least-load
53. maximum_object_size 97 MB
54. cache_swap_low 95
55. cache_swap_high 98
56. update_headers off
57.  
58. # LOGFILE PATHNAMES AND CACHE DIRECTORIES
59. # -----------------------------------------------------------------------------
60. access_log none
61. access_log /var/log/squid/access.log
62. cache_store_log none
63. logfile_rotate 5
64. log_ip_on_direct on
65. log_icp_queries on
66. buffered_logs on
67. netdb_filename none
68. pid_filename /var/run/squid.pid
69.  
70. # OPTIONS FOR TUNING THE CACHE
71. # -----------------------------------------------------------------------------
72.  
73. cache deny QUERY
74. refresh_pattern ^ftp: 1440 20% 10080
75. refresh_pattern ^gopher: 1440 0% 1440
76. refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
77. refresh_pattern -i \.(rp|zip|tmp|part|data|cab|exe|ipa|sis|xt|dll)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
78. refresh_pattern -i \.(rpm|deb|msi|psd|msu|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
79. refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|xpi|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
80. refresh_pattern -i \.(html|htm|css|txt|js)$ 1440 75% 40320
81. refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
82. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
83. refresh_pattern . 1440 90% 10080
84. quick_abort_min 0 KB
85. quick_abort_max 0 KB
86. quick_abort_pct 98
87. store_avg_object_size 32 KB
88.  
89. # HTTP OPTIONS
90. # -----------------------------------------------------------------------------
91. server_http11 on
92. collapsed_forwarding on
93. vary_ignore_expire on
94. header_access From deny all
95. header_access Server deny all
96. header_access Link deny all
97. header_access Via deny all
98. header_access X-Forwarded-For deny all
99.  
100. # TIMEOUTS
101. # -----------------------------------------------------------------------------
102. forward_timeout 240 seconds
103. connect_timeout 60 seconds
104. peer_connect_timeout 5 seconds
105. read_timeout 600 seconds
106. request_timeout 60 seconds
107. persistent_request_timeout 60 seconds
108. client_lifetime 86400 seconds
109. half_closed_clients off
110. pconn_timeout 60 seconds
111. shutdown_lifetime 15 seconds
112.  
113. # ADMINISTRATIVE PARAMETERS
114. # -----------------------------------------------------------------------------
115. cache_mgr ICONNET
116. cache_effective_user squid
117. cache_effective_group squid
118. httpd_suppress_version_string on
119. visible_hostname root@iconn.net
120.  
121. # ADVANCED NETWORKING OPTIONS
122. # -----------------------------------------------------------------------------
123. max_filedescriptors 65536
124.  
125. # DNS OPTIONS
126. # -----------------------------------------------------------------------------
127. check_hostnames off
128. dns_timeout 30 seconds
129. dns_nameservers 192.168.2.1 122.144.1.93 119.110.64.222 8.8.8.8 8.8.4.4 202.134.0.155 202.134.2.5
130. hosts_file /etc/hosts
131. ipcache_size 8192
132. ipcache_low 90
133. ipcache_high 95
134. fqdncache_size 4096
135. # MISCELLANEOUS
136. memory_pools off
137. forwarded_for off
138. reload_into_ims on
139. coredump_dir /var/squiddump
140. pipeline_prefetch on
141. # -=EoF=-