Guest User

Squid Cache Minimum Configuration

a guest
Apr 19th, 2013
600
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # squid port - transparent
  2. http_port 3128 transparent
  3.  
  4. # recommended minimum configuration:
  5. acl all src all
  6. acl manager proto cache_object
  7. acl localhost src 127.0.0.1/32
  8. acl to_localhost dst 127.0.0.0/8
  9.  
  10. # internal network based on RFC1918
  11. acl localnet src 10.0.0.0/8
  12. acl localnet src 172.16.0.0/12
  13. acl localnet src 192.168.0.0/16
  14.  
  15. # safe ports
  16. acl SSL_ports port 443
  17. acl Safe_ports port 80 # http
  18. acl Safe_ports port 21 # ftp
  19. acl Safe_ports port 443 # https
  20. acl Safe_ports port 70 # gopher
  21. acl Safe_ports port 210 # wais
  22. acl Safe_ports port 1025-65535 # unregistered ports
  23. acl Safe_ports port 280 # http-mgmt
  24. acl Safe_ports port 488 # gss-http
  25. acl Safe_ports port 591 # filemaker
  26. acl Safe_ports port 777 # multiling http
  27.  
  28. acl CONNECT method CONNECT
  29.  
  30. # recommended minimum configuration
  31. # only allow cachemgr access from localhost
  32. http_access allow manager localhost
  33. http_access deny manager
  34.  
  35. # deny requests to unknown ports
  36. http_access deny !Safe_ports
  37.  
  38. # deny CONNECT to other than SSL ports
  39. http_access deny CONNECT !SSL_ports
  40. http_access allow localnet
  41.  
  42. # deny all other access to this proxy
  43. http_access deny all
  44.  
  45. # logging
  46. access_log /var/log/cache/logs/access.log squid
  47.  
  48. # refresh patterns
  49. refresh_pattern ^ftp: 1440 20% 10080
  50. refresh_pattern ^gopher: 1440 0% 1440
  51. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  52. refresh_pattern . 0 20% 4320
  53.  
  54. # do not upgrade ShoutCast responses to HTTP
  55. acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
  56. upgrade_http0.9 deny shoutcast
  57.  
  58. # apache mod_gzip and mod_deflate known to be broken so don't trust
  59. # apache to signal ETag correctly on such responses
  60. acl apache rep_header Server ^Apache
  61. broken_vary_encoding allow apache
  62.  
  63. # leave coredumps in the first cache dir
  64. coredump_dir /var/log/cache/cache
RAW Paste Data