@ WorkNIX

My squid.conf

January 14, 2011 — by NeoTech0

Some of my friends asked how my squid.conf looks like. Here’s how it looks like. Feel free to comment so that i can improve on the configuration

[root@squid ~]# cat /usr/local/etc/squid/squid.conf

# Recommended minimum configuration:
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3306 # MySQL
acl skype url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+ # Skype

acl business_hours1 time M T W H F 9:00-13:00
acl business_hours2 time M T W H F 14:00-18:00

# Custom Configurations
acl raffcomm_all src "/usr/local/etc/squid/raffcomm-all.txt"
acl raffcomm_tech src "/usr/local/etc/squid/raffcomm-tech.txt"
acl erama_all src "/usr/local/etc/squid/erama-all.txt"
acl erama_FB src "/usr/local/etc/squid/erama-fb.txt"

acl BadSites url_regex "/usr/local/etc/squid/bad-sites.txt"
acl BadSitesFB url_regex "/usr/local/etc/squid/bad-sitesFB.txt"
acl BadIP dst "/usr/local/etc/squid/bad-ip.txt"
acl BadFiles urlpath_regex "/usr/local/etc/squid/bad-files.txt"

# Site Update
acl SiteUpdate dstdom_regex -i "/usr/local/etc/squid/rules-SiteUpdate.txt"
no_cache deny SiteUpdate

http_access deny BadSites
http_access deny BadIP
http_access deny BadFiles
http_access allow biarlahrahsiajugak_FB

#pagi 9am-1pm
#http_access deny BadSitesFB business_hours1
#petang 2pm-6pm
#http_access deny BadSitesFB business_hours2

# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost

# Deny requests to certain unsafe ports
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports

# And finally deny all other access to this proxy
http_access allow localhost
http_access allow raffcomm_all
http_access allow erama_all
http_access allow connect skype all
http_access allow SiteUpdate
http_access deny all

# Squid normally listens to port 3128
http_port 8888

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /home/squiduser/cache 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_mgr ""
logfile_rotate 20 # The value in this tag defines number of rotated log files to be generated.
request_body_max_size 500 MB
read_ahead_gap 500 MB
cache_effective_user squid
cache_effective_group squid

Leave a Reply

Your email address will not be published. Required fields are marked *