Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # ACCESS CONTROLS
- # -----------------------------------------------------------------------------
- acl QUERY urlpath_regex -i cgi-bin \? localhost
- acl all src all
- acl manager proto cache_object
- acl localhost src 127.0.0.1/32
- acl mikrotik src 192.168.100.0/24
- acl to_localhost dst 127.0.0.0/8
- acl ICONNET src 192.168.100.0/27
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl PURGE method PURGE
- http_access allow PURGE localhost
- http_access deny PURGE
- http_access allow manager localhost
- http_access deny manager
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow ICONNET
- http_access allow mikrotik
- http_access deny all
- # NETWORK OPTIONS
- # -----------------------------------------------------------------------------
- http_port 3128 transparent
- zph_mode tos
- zph_local 0x30
- zph_parent 0
- zph_option 136
- # PARENT/SIBLING CACHE OPTIONS
- # -----------------------------------------------------------------------------
- hierarchy_stoplist cgi-bin localhost
- # OPTIONS WHICH AFFECT THE CACHE SIZE
- # -----------------------------------------------------------------------------
- cache_mem 8 MB
- maximum_object_size_in_memory 64 KB
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LFUDA
- cache_dir aufs /cache1 14000 32 256
- cache_dir aufs /cache2 14000 32 256
- store_dir_select_algorithm least-load
- maximum_object_size 97 MB
- cache_swap_low 95
- cache_swap_high 98
- update_headers off
- # LOGFILE PATHNAMES AND CACHE DIRECTORIES
- # -----------------------------------------------------------------------------
- access_log none
- access_log /var/log/squid/access.log
- cache_store_log none
- logfile_rotate 5
- log_ip_on_direct on
- log_icp_queries on
- buffered_logs on
- netdb_filename none
- pid_filename /var/run/squid.pid
- # OPTIONS FOR TUNING THE CACHE
- # -----------------------------------------------------------------------------
- cache deny QUERY
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(rp|zip|tmp|part|data|cab|exe|ipa|sis|xt|dll)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(rpm|deb|msi|psd|msu|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|xpi|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
- refresh_pattern -i \.(html|htm|css|txt|js)$ 1440 75% 40320
- refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 1440 90% 10080
- quick_abort_min 0 KB
- quick_abort_max 0 KB
- quick_abort_pct 98
- store_avg_object_size 32 KB
- # HTTP OPTIONS
- # -----------------------------------------------------------------------------
- server_http11 on
- collapsed_forwarding on
- vary_ignore_expire on
- header_access From deny all
- header_access Server deny all
- header_access Link deny all
- header_access Via deny all
- header_access X-Forwarded-For deny all
- # TIMEOUTS
- # -----------------------------------------------------------------------------
- forward_timeout 240 seconds
- connect_timeout 60 seconds
- peer_connect_timeout 5 seconds
- read_timeout 600 seconds
- request_timeout 60 seconds
- persistent_request_timeout 60 seconds
- client_lifetime 86400 seconds
- half_closed_clients off
- pconn_timeout 60 seconds
- shutdown_lifetime 15 seconds
- # ADMINISTRATIVE PARAMETERS
- # -----------------------------------------------------------------------------
- cache_mgr ICONNET
- cache_effective_user squid
- cache_effective_group squid
- httpd_suppress_version_string on
- visible_hostname root@iconn.net
- # ADVANCED NETWORKING OPTIONS
- # -----------------------------------------------------------------------------
- max_filedescriptors 65536
- # DNS OPTIONS
- # -----------------------------------------------------------------------------
- check_hostnames off
- dns_timeout 30 seconds
- dns_nameservers 127.0.0.1 192.168.2.2 192.168.2.1 122.144.1.93 119.110.64.222 8.8.8.8 8.8.4.4 202.134.0.155 202.134.2.5
- hosts_file /etc/hosts
- ipcache_size 8192
- ipcache_low 90
- ipcache_high 95
- fqdncache_size 4096
- # MISCELLANEOUS
- memory_pools off
- forwarded_for off
- reload_into_ims on
- coredump_dir /var/squiddump
- pipeline_prefetch on
- # -=EoF=-
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement