Friday, October 2, 2009

My Squid Configuration

icp_port 0
udp_incoming_address 0.0.0.0
cache_peer_domain proxy.myisp.com.sg
cache_peer proxy.myisp.com.sg parent 8080 0 no-query default
#cache_peer proxy2.myisp.com.sg parent 8080 0 no-query default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? \.asp$ \.php$
cache_mem 512 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 2048 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir ufs /usr/squid/squid1 700 16 256
cache_dir ufs /usr/squid/squid2 700 16 256
cache_dir ufs /usr/squid/squid3 700 16 256
cache_dir ufs /usr/squid/squid4 700 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
shutdown_lifetime 1 seconds
acl all src 0.0.0.0/0.0.0.0
acl cachemgr proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 3130 # icp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl webserver url_regex -i myhost.localwebserver.com
acl webserver1 url_regex -i http://webchat.localchatserver.com/chat/
acl BlkURL url_regex -i www.sex.com www.plineworld.com www.playboy.com www.pmates.com www.virusbursters.com dl1.virusbursters.com www.sexkey.com www.adult-kingdom.com www.pmates.com
always_direct allow webserver
always_direct allow webserver1
acl special_client src 192.168.10.240-192.168.10.240
acl google_mail dstdomain .bankofamerica.com .bluehyppo.com .google.com .google.com.sg .hotmail.com .imrworldwide.com .live.com .livefilestore.com .msn.com .offshore-engineer.com .streamyx.com .tm.net.my .yahoo.com .yahoo.com.sg .yimg.com
http_access deny !Safe_ports
http_access allow CONNECT !SSL_ports
acl my_networks src 192.168.10.136-192.168.10.136 192.168.10.87-192.168.10.87
acl vip_users src 192.168.10.103-192.168.10.103 192.168.10.112-192.168.10.112 192.168.10.127-192.168.10.127
acl 1_day src 192.168.10.136-192.168.10.136
acl 1to15 src 192.168.10.15-192.168.10.15
acl until_morning src 192.168.10.15-192.168.10.15
acl everyday_1_2 src 192.168.10.15-192.168.10.15
acl Weekends_Users time SA 7:00-24:00
acl 1_day_user time MTWHF 17:30-23:00
acl 15min_user time W 11:00-13:00
acl 8am time M 5:00-8:00
acl every_12 time MTWHF 18:00-24:00
http_access allow localhost
http_access allow special_client google_mail
http_access allow vip_users !BlkURL
http_access allow localhost
http_access allow cachemgr
http_access allow my_networks Weekends_Users
http_access allow 1_day 1_day_user
http_access allow 1to15 15min_user
http_access allow everyday_1_2 every_12
http_access allow until_morning 8am
http_access deny my_networks
http_access deny all
http_reply_access allow all
cache_mgr admin@mydomain.com
cache_effective_user squid
cache_effective_group squid
http_port 192.168.10.88:8080
dns_testnames proxy.myisp.com.sg proxy2.myisp.com.sg microsoft.com
forwarded_for on
cachemgr_passwd xxxxxxxxx
always_direct deny all
never_direct allow all
no_cache deny QUERY
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
strip_query_terms on
coredump_dir /var/spool/squid
visible_hostname cache-1.mydomain.com

No comments:

Quote of the Day