daily pastebin goal
38%
SHARE
TWEET

Squid Cache Minimum Configuration

a guest Apr 19th, 2013 552 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # squid port - transparent
  2. http_port 3128 transparent
  3.  
  4. # recommended minimum configuration:
  5. acl all src all
  6. acl manager proto cache_object
  7. acl localhost src 127.0.0.1/32
  8. acl to_localhost dst 127.0.0.0/8
  9.  
  10. # internal network based on RFC1918
  11. acl localnet src 10.0.0.0/8
  12. acl localnet src 172.16.0.0/12
  13. acl localnet src 192.168.0.0/16
  14.  
  15. # safe ports
  16. acl SSL_ports port 443
  17. acl Safe_ports port 80 # http
  18. acl Safe_ports port 21 # ftp
  19. acl Safe_ports port 443 # https
  20. acl Safe_ports port 70 # gopher
  21. acl Safe_ports port 210 # wais
  22. acl Safe_ports port 1025-65535 # unregistered ports
  23. acl Safe_ports port 280 # http-mgmt
  24. acl Safe_ports port 488 # gss-http
  25. acl Safe_ports port 591 # filemaker
  26. acl Safe_ports port 777 # multiling http
  27.  
  28. acl CONNECT method CONNECT
  29.  
  30. # recommended minimum configuration
  31. # only allow cachemgr access from localhost
  32. http_access allow manager localhost
  33. http_access deny manager
  34.  
  35. # deny requests to unknown ports
  36. http_access deny !Safe_ports
  37.  
  38. # deny CONNECT to other than SSL ports
  39. http_access deny CONNECT !SSL_ports
  40. http_access allow localnet
  41.  
  42. # deny all other access to this proxy
  43. http_access deny all
  44.  
  45. # logging
  46. access_log /var/log/cache/logs/access.log squid
  47.  
  48. # refresh patterns
  49. refresh_pattern ^ftp: 1440 20% 10080
  50. refresh_pattern ^gopher: 1440 0% 1440
  51. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  52. refresh_pattern . 0 20% 4320
  53.  
  54. # do not upgrade ShoutCast responses to HTTP
  55. acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
  56. upgrade_http0.9 deny shoutcast
  57.  
  58. # apache mod_gzip and mod_deflate known to be broken so don't trust
  59. # apache to signal ETag correctly on such responses
  60. acl apache rep_header Server ^Apache
  61. broken_vary_encoding allow apache
  62.  
  63. # leave coredumps in the first cache dir
  64. coredump_dir /var/log/cache/cache
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top