[Share] Squid Configuration
By nayirpro
@nayirpro (6)
Indonesia
October 12, 2009 6:20pm CST
Hello,
Below is my squid.conf, this has been working fine. But if you find any incorrect line, please tell me and don't forget to share yours..
Thanks in advance. :)
==================================
start
==================================
http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ? js .jsp .g .do .php .asp .cgi localhost
acl QUERY urlpath_regex cgi-bin \? .js .jsp .g .do .php .asp .cgi localhost
no_cache deny QUERY
cache_mem 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_swap_low 98
cache_swap_high 99
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
#acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
cache_dir aufs /cache01 14000 28 256
cache_dir aufs /cache02 14000 28 256
cache_dir aufs /cache03 14000 28 256
cache_dir aufs /cache04 14000 28 256
access_log /usr/local/squid/access.log squid
cache_log /usr/local/squid/cache.log
cache_log none
cache_store_log none
emulate_httpd_log off
mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid
cache_store_log /dev/null
log_icp_queries off
log_fqdn off
buffered_logs off
emulate_httpd_log off
ftp_passive on
ftp_sanitycheck on
request_header_max_size 524288 KB
request_body_max_size 0 KB
hosts_file /etc/hosts
refresh_pattern -i \.tar.gz$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.mp3$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.zip$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.png$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.gif$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpg$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.jpeg$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(3gp|wmv|wma|mpg|mpeg|mpga|rm|rv|vgp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload
refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern -i \.(inc|cab|ad|txt|)$ 100000 500% 99000000 ignore-reload override-expire
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://*.friendster.*/.* 720 100% 4320
refresh_pattern ^http://www.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.facebook.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern ^gopher: 1440 0% 1440 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
pipeline_prefetch on
vary_ignore_expire on
negative_ttl 2 minutes
client_lifetime 2 hours
pconn_timeout 60 seconds
request_timeout 1 minutes
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
buffered_logs on
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl localnet src 192.168.1.0/24
acl userAgent browser -i (Firefox)|(Java)|(Konqueror)|(Lynx)|(^Mozilla\/4.[7|8])|(Netscape)|(Opera)|(Wget)|(APT\-HTTP)
header_access Accept-Encoding deny all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@squid
cache_effective_user squid
cache_effective_group squid
visible_hostname skynet
always_direct allow all
coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
icp_hit_stale on
query_icmp on
store_dir_select_algorithm round-robin
nonhierarchical_direct off
prefer_direct off
memory_pools off
shutdown_lifetime 10 seconds
ie_refresh on
logfile_rotate 7
forwarded_for on
log_icp_queries off
buffered_logs off
strip_query_terms off
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/English
==================================
end
==================================
No responses
