Wklej tekst - Debian Users Gang

[root@centos ~]# cat /etc/squid/squid.conf
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#  TAG: acl
 
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
# acl allow local network
 
acl lan src 10.4.4.0/24
 
# acl safe ports
 
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
 
#  TAG: http_access
#       Allowing or Denying access based on defined access lists
 
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
 
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 
# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports
 
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
http_access deny to_localhost
 
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow lan
#http_access allow wlan
#http_access allow vpn
 
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
 
# And finally deny all other access to this proxy
#http_access deny all
 
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
#  TAG: http_port
# Squid normally listens to port 3128
http_port 3128 transparent
 
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: cache_mem       (bytes)
#       NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.
#       IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL
#       USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER
#       THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.
#Default:
cache_mem 512 MB
 
#  TAG: maximum_object_size_in_memory   (bytes)
#       Objects greater than this size will not be attempted to kept in
#       the memory cache. This should be set high enough to keep objects
#       accessed frequently in memory to improve performance whilst low
#       enough to keep larger objects from hoarding cache_mem.
#Default:
# maximum_object_size_in_memory 512 KB
maximum_object_size_in_memory 2048 KB
 
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: cache_dir
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid3 2048 16 256
cache_dir ufs /var/spool/squid 5120 16 256
 
#  TAG: maximum_object_size_in_memory   (bytes)
#       Objects greater than this size will not be attempted to kept in
#       the memory cache. This should be set high enough to keep objects
#       accessed frequently in memory to improve performance whilst low
#       enough to keep larger objects from hoarding cache_mem.
maximum_object_size 512 MB
 
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: access_log
#Default:
# std log with ervey request
access_log /var/log/squid/access.log squid
 
#  TAG: cache_log
cache_log /var/log/squid/cache.log
#cache_log /dev/null
 
cache_store_log /var/log/squid/store.log
 
logfile_rotate 5
log_icp_queries off
 
# OPTIONS FOR TROUBLESHOOTING
# -----------------------------------------------------------------------------
#  TAG: coredump_dir
#       By default Squid leaves core files in the directory from where
#       it was started. If you set 'coredump_dir' to a directory
#       that exists, Squid will chdir() to that directory at startup
#       and coredump files will be left there.
#
#Default:
# coredump_dir none
#
 
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
 
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
#  TAG: cache
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
# example lin deb packages
 
#refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
refresh_pattern .               0       20%     4320
 
# HTTP OPTIONS
# -----------------------------------------------------------------------------
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-control allow all
 
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
#  TAG: visible_hostname
#Default:
visible_hostname labolatory
 
# ICAP OPTIONS
# -----------------------------------------------------------------------------
 
#icap_enable on
#icap_preview_enable  on
#icap_preview_size    128
#icap_send_client_ip  on
#icap_client_username_header X-Authenticated-User
 
#icap_service service_req  reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
#icap_service service_resp respmod_precache bypass=0  icap://127.0.0.1:1344/squidclamav
 
adaptation_access service_req deny CONNECT
adaptation_access service_req allow all
adaptation_access service_resp deny CONNECT
adaptation_access service_resp allow all
 
# MISCELLANEOUS
 
 
# -----------------------------------------------------------------------------
 
#icap_enable on
#icap_preview_enable  on
#icap_preview_size    128
#icap_send_client_ip  on
#icap_client_username_header X-Authenticated-User
 
#icap_service service_req  reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
#icap_service service_resp respmod_precache bypass=0  icap://127.0.0.1:1344/squidclamav
 
#adaptation_access service_req deny CONNECT
#adaptation_access service_req allow all
#adaptation_access service_resp deny CONNECT
#adaptation_access service_resp allow all
 
# MISCELLANEOUS
# -----------------------------------------------------------------------------
 
#  TAG: forwarded_for   on|off|transparent|truncate|delete
#       If set to "on", Squid will append your client's IP address
#       in the HTTP requests it forwards.
#forwarded_for transparent
forwarded_for on
 
#url_rewrite_program /usr/bin/adzapper.wrapper
#  TAG: redirect_program
#       Redirect squidguard configuration directory
#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#url_rewrite_children 5
#url_rewrite_concurrency 0
#url_rewrite_program
#url_rewrite_program /usr/bin/adzapper.wrapper "/usr/bin/squidGuard -c /etc/squid/squidGuard.conf" "/usr/bin/python /usr/share/videocac
#he/videocache.py"
#url_rewrite_children 10
 

Źródło:

[root@centos ~]# cat /etc/squid/squid.conf
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
#  TAG: acl

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# acl allow local network

acl lan src 10.4.4.0/24

# acl safe ports

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#  TAG: http_access
#       Allowing or Denying access based on defined access lists

# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow lan
#http_access allow wlan
#http_access allow vpn

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
#  TAG: http_port
# Squid normally listens to port 3128
http_port 3128 transparent

# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: cache_mem       (bytes)
#       NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.
#       IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL
#       USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER
#       THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.
#Default:
cache_mem 512 MB

#  TAG: maximum_object_size_in_memory   (bytes)
#       Objects greater than this size will not be attempted to kept in
#       the memory cache. This should be set high enough to keep objects
#       accessed frequently in memory to improve performance whilst low
#       enough to keep larger objects from hoarding cache_mem.
#Default:
# maximum_object_size_in_memory 512 KB
maximum_object_size_in_memory 2048 KB

# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: cache_dir
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid3 2048 16 256
cache_dir ufs /var/spool/squid 5120 16 256

# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
#  TAG: access_log
#Default:
# std log with ervey request
access_log /var/log/squid/access.log squid

#  TAG: cache_log
cache_log /var/log/squid/cache.log
#cache_log /dev/null

cache_store_log /var/log/squid/store.log

logfile_rotate 5
log_icp_queries off

# OPTIONS FOR TROUBLESHOOTING
# -----------------------------------------------------------------------------
#  TAG: coredump_dir
#       By default Squid leaves core files in the directory from where
#       it was started. If you set 'coredump_dir' to a directory
#       that exists, Squid will chdir() to that directory at startup
#       and coredump files will be left there.
#
#Default:
# coredump_dir none
#

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
#  TAG: cache
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
# example lin deb packages

#refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
refresh_pattern .               0       20%     4320

# HTTP OPTIONS
# -----------------------------------------------------------------------------
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-control allow all

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
#  TAG: visible_hostname
#Default:
visible_hostname labolatory

# ICAP OPTIONS
# -----------------------------------------------------------------------------

#icap_enable on
#icap_preview_enable  on
#icap_preview_size    128
#icap_send_client_ip  on
#icap_client_username_header X-Authenticated-User

#icap_service service_req  reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
#icap_service service_resp respmod_precache bypass=0  icap://127.0.0.1:1344/squidclamav

adaptation_access service_req deny CONNECT
adaptation_access service_req allow all
adaptation_access service_resp deny CONNECT
adaptation_access service_resp allow all

# MISCELLANEOUS

# -----------------------------------------------------------------------------

#icap_enable on
#icap_preview_enable  on
#icap_preview_size    128
#icap_send_client_ip  on
#icap_client_username_header X-Authenticated-User

#icap_service service_req  reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
#icap_service service_resp respmod_precache bypass=0  icap://127.0.0.1:1344/squidclamav

#adaptation_access service_req deny CONNECT
#adaptation_access service_req allow all
#adaptation_access service_resp deny CONNECT
#adaptation_access service_resp allow all

# MISCELLANEOUS
# -----------------------------------------------------------------------------

#  TAG: forwarded_for   on|off|transparent|truncate|delete
#       If set to "on", Squid will append your client's IP address
#       in the HTTP requests it forwards.
#forwarded_for transparent
forwarded_for on

#url_rewrite_program /usr/bin/adzapper.wrapper
#  TAG: redirect_program
#       Redirect squidguard configuration directory
#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#url_rewrite_children 5
#url_rewrite_concurrency 0
#url_rewrite_program
#url_rewrite_program /usr/bin/adzapper.wrapper "/usr/bin/squidGuard -c /etc/squid/squidGuard.conf" "/usr/bin/python /usr/share/videocac
#he/videocache.py"
#url_rewrite_children 10

Dodany przez: Torrentow, 14:49 02-07-2013

Źródło:

Ostatnie wpisy

Linki

Funkcje