API tools faq
paste
Advertisement
sopyanx

squid.conf

sopyanx
Mar 22nd, 2014
1,383
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.87 KB | None | 0 0
raw download clone embed print report
  1. ###########################################
  2. ##      SQUID 3.X/HEAD Configuration     ##
  3. ##=======================================##
  4. ##                                       ##
  5. ###########################################
  6.  
  7. acl localnet src 192.168.1.0/24         #==========> ip warnet
  8. acl localnet src 192.168.5.0/24         #==========> ip hotspot
  9. acl localnet src 10.5.90.0/24           #==========> ip hotspot
  10. acl SSL_ports port 443
  11. acl Safe_ports port 80
  12. acl Safe_ports port 21
  13. acl Safe_ports port 443
  14. acl Safe_ports port 70
  15. acl Safe_ports port 210
  16. acl Safe_ports port 1025-65535
  17. acl Safe_ports port 280
  18. acl Safe_ports port 488
  19. acl Safe_ports port 591
  20. acl Safe_ports port 777
  21. acl CONNECT method CONNECT
  22.  
  23. acl QUERY urlpath_regex -i (begin|start)\=
  24. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  25. cache deny QUERY
  26. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  27. acl redir urlpath_regex -i &ir=1&rr=12
  28. cache deny redir
  29. acl yutub url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  30. acl yutub url_regex -i gstatic\.com\/csi\?.*$
  31. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  32. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  33. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  34. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  35. cache allow rewritedoms
  36. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  37. acl dontrewrite url_regex redbot\.org
  38. acl getmethod method GET
  39.  
  40. http_access deny !Safe_ports
  41. http_access deny CONNECT !SSL_ports
  42. http_access allow localhost manager
  43. http_access deny manager
  44. http_access allow localnet
  45. http_access allow localhost
  46. http_access deny all
  47.  
  48. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/myCA.pem
  49. http_port 3128
  50. http_port 3129 tproxy
  51.  
  52. always_direct allow all
  53. ssl_bump server-first all
  54. sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/squid/ssl_db/certs -M 4MB
  55. sslcrtd_children 5
  56. sslproxy_cert_error deny all
  57.  
  58. hierarchy_stoplist cgi-bin ?
  59.  
  60. memory_replacement_policy heap GDSF
  61. cache_replacement_policy heap LFUDA
  62. cache_mem 8 MB
  63. maximum_object_size_in_memory 128 KB
  64. minimum_object_size 0 bytes
  65. maximum_object_size 1024 MB
  66. cache_swap_low 98
  67. cache_swap_high 99
  68.  
  69. cache_dir aufs /cache1 12800 30 256
  70.  
  71. access_log /var/log/squid3/access.log
  72. cache_log /var/log/squid3/cache.log
  73. cache_store_log none
  74. logfile_rotate 5
  75. log_icp_queries off
  76.  
  77. store_id_program /usr/lib/squid3/storeid_file_rewrite /etc/squid3/store-id.pl
  78. store_id_children 20 startup=10 idle=5 concurrency=30
  79. store_id_access deny !getmethod
  80. store_id_access deny dontrewrite
  81. store_id_access deny redir
  82. store_id_access allow rewritedoms
  83. store_id_access deny all
  84.  
  85. strip_query_terms off
  86.  
  87. max_stale 1 week
  88.  
  89. refresh_pattern .*(begin|start)\=[1-9][0-9].* 0 0% 0
  90. refresh_pattern -i (cgi-bin|mrtg|graph) 0 0% 0
  91. refresh_pattern -i \.(php|lst|ui|ini|list)$ 0 0% 0
  92. refresh_pattern (update.ini|Update.ini|version.list|Version.list|update.1st|update.exe|autoup.exe) 0 0% 0
  93. refresh_pattern (hackshield|nprotect) 240 100% 420 override-expire override-lastmod reload-into-ims
  94.  
  95. #Refresh Pattern
  96. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  97. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf)  0  99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  98. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  99. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  100. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  101. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).*  60  30% 240
  102.  
  103. #Sensitive Site
  104. refresh_pattern -i \.(sc-|dl-|ex-|mh-|dll|da-) 0 2% 50 reload-into-ims
  105. refresh_pattern -i \.(mst|Xtp|iop)$ 0 50% 1440 reload-into-ims
  106. refresh_pattern -i (index.php|autoup.exe|main.exe|xtrap.xt|autoupgrade.exe|update.exe|grandchase.exe|FSLauncher.exe|FreeStyle_Setup.exe|grandchase.exe|filelist.zip)$ 0 50% 1440
  107. refresh_pattern -i (wks_avira-win32-en-pecl.info.gz|wks_avira10-win32-en-pecl.info.gz|servers.def.vpx)$ 0 50% 1440
  108. refresh_pattern -i (setup.exe.gz|avscan.exe.gz|avguard.exe.gz|filelist.zip|AvaClient.exe) 0 50% 1440
  109. refresh_pattern -i (livescore.com|goal.com|bobet) 0 50% 60
  110.  
  111. #Fb
  112. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  113. refresh_pattern \.facebook\.com.* 240 50% 480
  114. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3))  1440 99% 14400 override-expire ignore-reload ignore-private store-stale
  115. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
  116. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  117. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  118. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  119. refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  120. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
  121. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
  122. refresh_pattern ^http://.*\.squid\.internal\/.*  10080 100%  79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
  123. refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  124.  
  125. #Ads
  126. refresh_pattern \.(ico|video-stats) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth override-lastmod ignore-must-revalidate
  127. refresh_pattern ^http://((cbk|mt|khm|mlt|tbn)[0-9]?)\.google\.co(m|\.uk|\.id) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-auth ignore-must-revalidate
  128. refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 1440 99% 14400 override-expire override-lastmod
  129. refresh_pattern galleries\.video(\?|sz) 1440 99% 14400 override-expire ignore-reload ignore-must-revalidate ignore-private
  130. refresh_pattern \.wikimapia\.org\/? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  131.  
  132. #General
  133. refresh_pattern -i \.(7z|arj|bin|bz2|cab|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|rar|rpm|tar|tgz|zip|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|iop)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  134. refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtx|txt|wpl|xls|xlsx)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  135. refresh_pattern -i \.(3gp|ac4|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|divx|flv|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 1440 99% 14400 override-expire override-lastmod ignore-private reload-into-ims ignore-must-revalidate ignore-reload store-stale
  136. refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
  137. refresh_pattern -i .index.(html|htm)$ 0 75% 10080
  138. refresh_pattern ^ftp: 1440 20% 10080
  139. refresh_pattern ^gopher: 1440 0% 1440
  140. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  141. refresh_pattern . 60 50% 14400 store-stale
  142.  
  143. memory_pools off
  144. client_db off
  145. pipeline_prefetch on
  146. offline_mode off
  147. cache_effective_user proxy
  148. cache_effective_group proxy
  149.  
  150. request_header_access From deny all
  151. request_header_access Server deny all
  152. request_header_access WWW-Authenticate deny all
  153. request_header_access Link deny all
  154. request_header_access Cache-Control deny all
  155. request_header_access Proxy-Connection deny all
  156. request_header_access X-Cache deny all
  157. request_header_access X-Cache-Lookup deny all
  158. request_header_access Via deny all
  159. request_header_access Forwarded-For deny all
  160. request_header_access X-Forwarded-For deny all
  161. request_header_access Pragma deny all
  162. request_header_access Keep-Alive deny all
  163. vary_ignore_expire on
  164.  
  165. #Local
  166. qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!