#=== service squid start =====#
#==================START CONFIGURATION====================#
cache_mgr triman@anonymos.com
### 2019/ December ##
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#acl ncsa_user proxy_auth REQUIRED
#http_access allow ncsa_user
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
#==============================================
# TAG: http_port
#==============================================
http_port 2020 transparent
icp_port 0
#server_http11 on
# ++++++++++++++++++++++++++++++++++++++++++++ #
offline_mode on
#-------------------------------------------------------#
#/etc/init.d/squid restart
# Cache Directory , modify it according to your system.
# rm -r /mnt/cache/*
# mkdir /mnt/cache
# mkdir /mnt/logs
# touch /mnt/logs/access.log
# chmod 777 /mnt/cache
# chmod -R 777 /mnt/cache/*
# chmod -R 777 /mnt/logs/*
# chmod 777 /etc/squid/storeurl.pl
# chmod 777 /etc/squid/rewriter.pl
# chmod 777 /mnt/logs/access.log
# chown proxy:proxy /mnt/cache
# chown proxy:proxy /etc/squid/storeurl.pl
# chown proxy:proxy /etc/squid/rewriter.pl
#chown proxy:proxy /mnt/logs/access.log
#chown proxy:proxy /mnt/logs/store.log
#chown proxy:proxy /mnt/logs/cache.log
#chown proxy.proxy /etc/squid/ad_block.txt adslist.txt
#chmod a+rx /etc/squid/squid_redirect
# [for ubuntu user is proxy, in Fedora user is SQUID]
# I have set 100 GB for caching, Adjust it according to your need.
# My recommendation is to have one cache_dir per drive. zzz
#==============================================
# TAG: hierarchy_stoplist
#==============================================
#hierarchy_stoplist cgi-bin ? localhost
acl QUERY urlpath_regex cgi-bin \? localhost
no_cache deny QUERY
#==============================================
# OPTIONS WHICH AFFECT THE CACHE SIZE
#==============================================
cache_mem 8 MB
maximum_object_size 80 MB
maximum_object_size_in_memory 128 KB
cache_swap_low 96%
cache_swap_high 99%
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
ipcache_size 16384
fqdncache_size 16384
ipcache_low 98
ipcache_high 99
#==============================================
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#==============================================
touch /var/www/html/squid/logs/access.log squid
touch /var/www/html/squid/logs/cache.log
touch /var/www/html/squid/logs/store.log
cache_access_log /var/www/html/squid/logs/access.log squid
cache_log /var/www/html/squid/logs/cache.log
cache_store_log /var/www/html/squid/logs/store.log
@cache_log none
cache_store_log none
hosts_file /etc/host
mime_table /etc/squid/mime.conf
# PID squid.
pid_filename /var/run/squid.pid
coredump_dir /var/www/html/squid
coredump_dir /var/www/html/squid/cache
cache_dir aufs /var/www/html/squid/cache 200 6 126
#cache_dir diskd /cache/squid 1000 8 256 #
#log_fqdn off
log_icp_queries off
buffered_logs off
#emulate_httpd_log off
icp_hit_stale on
query_icmp on
#==============================================
# FTP section
#==============================================
#ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#==============================================
# DNS resolution section
#==============================================
dns_nameservers 127.0.0.1 8.8.8.8 8.8.4.4
#==============================================
# Refresh Rate
#==============================================
#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth
# refresh_pattern REGEX MIN_MINUTES VALIDITY(%) MAX_MINUTES
refresh_pattern -i \.(class|css|js|gif|jpg|ps)$ 1440 50% 43200
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 1440 50% 43200
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg|flv|ra|rm|wmv|divx)$ 1440 50% 43200
refresh_pattern -i \.(mpg|mpe|wav|au|mid|mp3|mp4|ac4|swf)$ 1440 50% 43200
refresh_pattern -i \.(zip|gz|arj|lha|lzh|7z)$ 1440 50% 43200
refresh_pattern -i \.(rar|tgz|tar|exe|bin|rpm|iso)$ 1440 50% 43200
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf|xls|ppt|pdf|docx|xlsx)$ 1440 50% 43200
refresh_pattern -i \.(inc|cab|ad|txt|dll|dat)$ 1440 50% 43200
refresh_pattern ^ftp: 1440 95% 12960 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98%
#
acl dontstore url_regex ^http:\/\/(([\d\w-]*(\.[^\.\-]*?\..*?))(\/\mosalsal\/[\d]{4}\/.*\/)(.*\.flv))\?start.*
acl dontstore url_regex redbot\.org \.php
acl dontstore url_regex -i ^http:\/\/.*gemscool\.com\/.*
acl dontstore url_regex \.(aspx|php)\?
acl dontstore url_regex goldprice\.org\/NewCharts\/gold\/images\/.*\.png
acl dontstore url_regex google\.co(m|\.[a-z]{2})\/complete\/search\?
acl dontstore url_regex redirector\.([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id|get_video_info\?|ptracking\?|player_204\?|stream_204\?).*
acl store_yt_id url_regex -i youtube.*(ptracking|stream_204|playback|player_204|watchtime|set_awesome|s\?|ads).*(video_id|docid|\&v|content_v)\=([^\&\s]*).*$
acl store_id_list_yt url_regex -i (youtube|googlevideo).*videoplayback.*$
acl store_id_list_yt url_regex ^https?\:\/\/([0-9.]{4}|.*\.youtube\.com|.*\.googlevideo\.com|.*\.video\.google\.com)\/(get_video\?|videodownload\?|videoplayback.*id).*
acl store-id_list urlpath_regex -i dl\.sourceforge\.net
acl store-id_list urlpath_regex -i \.ytimg\.com
acl store-id_list urlpath_regex -i \.(akamaihd|fbcdn)\.net
acl store_id_list urlpath_regex -i [a-zA-Z]{2}[0-9]*\.4shared\.com\/download\/
acl store_id_list_url url_regex ^http:\/\/[0-9]\.bp\.blogspot\.com.*\.(jpeg|jpg|png|gif|ico)
acl store_id_list_url url_regex ^http[s]?:\/\/.*\.twimg\.com\/(.*)\.(gif|jpeg|jpg|png|js|css)
acl store_id_list_url url_regex ^http[s]?:\/\/(media|static)\.licdn\.com\/.*\.(png|jpg|gif|woff)
acl store_id_list_url url_regex ^https:\/\/fb(static|cdn)\-.*\-a.akamaihd.net\/(.*)\.(gif|jpeg|jpg|png|js|css|mp4)
acl store_id_list_url url_regex ^http:\/\/.*\.ak\.fbcdn\.net\/.*\.(gif|jpg|png|js|mp4)
#request_header_access Range deny store_id_list_yt
range_offset_limit 10 KB store_id_list_yt
acl getmethod method GET
#https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
#cert=/etc/squid/ssl_cert/myCA.pem
#key=/etc/squid/ssl_cert/myCA.pem
#always_direct allow all
#ssl_bump server-first all
#sslproxy_cert_error deny all
#sslproxy_flags DONT_VERIFY_PEER
#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 8 startup=1 idle=1
#openssl req -new -newkey rsa:1024 -days 1365 -nodes -x509 -keyout myca.pem -out myCA.pem
coredump_dir /var/spool/squid
###############################################################################
#==============================================
# ACL section
#==============================================
acl all src 0.0.0.0/0
acl manager proto cache_object
acl localhost src 192.168.10.0/24
#acl localhost src 127.0.0.1/8
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.88.0/24
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1025-65535 # unregistered ports
acl purge method PURGE
acl CONNECT method CONNECT
always_direct allow localnet
always_direct deny all
# -------------------------------------
http_access allow PURGE all
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access allow localnet
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny PURGE
http_access deny all
http_port 3128 ssl-bump \
cert=/etc/squid/certs/squid-ca-cert-key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
https_port 3129 intercept ssl-bump \
cert=/etc/squid/certs/squid-ca-cert-key.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 16MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
ssl_bump splice all
#---------------------------------------------------
#http_reply_access allow all
icp_access allow all
miss_access allow localnet
miss_access deny all
visible_hostname podorono.blogspot.com
header_access Accept-Encoding deny all
###############################################################################
# squid ssl_bump option
###############################################################################
always_direct allow all
#ssl_bump allow all
#https_port 192.168.10.10:2018 transparent
#ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
#key=/etc/squid/ssl_cert/myCA.pem
###############################################################################
#==============================================
# MISCELLANEOUS
#==============================================
logfile_rotate 7
negative_ttl 2 minute
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
vary_ignore_expire on
reload_into_ims on
nonhierarchical_direct off
prefer_direct off
memory_pools off
ie_refresh on
cache_effective_user proxy
cache_effective_group proxy
#=============================================
#Tag ZPH
#=============================================
#zph_mode tos
#zph_local 0x30
#zph_parent 0
#zph_option 136
#==========END OF CONFIGURATION=========
acl download url_regex -i .mp3
acl download url_regex -i .3gp
acl download url_regex -i .avi
acl download url_regex -i .mpg
acl download url_regex -i .mpeg
acl download url_regex -i .wav
acl download url_regex -i .flv
acl download url_regex -i .swf
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# —————————————————————————–
delay_pools 2
delay_class 1 3
delay_parameters 1 -1/-1 -1/-1 8000/8000
delay_access 1 allow localnet download
delay_access 1 deny all
delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 2 allow localnet
delay_access 2 deny all
# ADMINISTRATIVE PARAMETERS
store_dir_select_algorithm round-robin
acl ads_ucub url_regex -i http:\/\/s\.ytimg.com\/yts\/swfbin\/player-vflq5p9Y6\/ad3\.swf
acl ads_ucub url_regex -i http:\/\/pagead[0-9]+\.googlesyndication\.com\/pagead\/show_companion_ad\.js
acl ads_ucub url_regex -i http:\/\/pagead[0-9]+\.googlesyndication\.com\/pagead\/show_ads\.js
deny_info http://192.168.77.7/av.png ads_ucub
http_access deny ads_ucub
http_reply_access deny ads_ucub
#==========================END CONFIGURATION==========================#
acl ads dstdom_regex "/etc/squid/ads.block"
deny_info http://192.168.12.35 ads
http_access deny ads
acl ads1 dstdom_regex -i "/etc/squid/ads1.txt"
deny_info http://192.168.12.35 ads1
http_access deny ads1
|
|
No comments:
Post a Comment