Embed Size (px)
Citation preview
MODELOS SQUID
http_port 3128 transparenticp_port 3130 #3130
cache_mem 16 MBcache_replacement_policy heap GDSFmemory_replacement_policy heap GDSF
cache_swap_low 94 cache_swap_high 95fqdncache_size 10240
# TOS Squid 2.7 ST2zph_mode toszph_local 8zph_sibling 0zph_parent 0
cache_dir coss /cache1/coss ??? block-size=??? max-size=512000cache_dir coss /cache2/coss ??? block-size=??? max-size=512000cache_dir coss /cache3/coss ??? block-size=??? max-size=512000cache_dir coss /cache4/coss ??? block-size=??? max-size=512000
#store_dir_select_algorithm least-load store_dir_select_algorithm round-robin
#cache_access_log /data/log/squid/access.logcache_access_log nonecache_log /data/log/squid/cache.logcache_store_log nonecache_swap_log /data/log/squid/swap.log
nonhierarchical_direct off prefer_direct off
pid_filename /var/run/squid.pid
#hierarchy_stoplist cgi-bin#hierarchy_stoplist ?hierarchy_stoplist cgi-bin ?
storeurl_rewrite_program /etc/squid/youtube
acl all5 src allacl store_rewrite_list url_regex ^http://(.*?)/get_video\?acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?cache allow store_rewrite_list
storeurl_access allow store_rewrite_liststoreurl_access deny all5
acl QUERY1 urlpath_regex cgi-bin \?cache deny QUERY1
acl QUERY urlpath_regex cgi-bin \.asp$ \.php$ \.pl$ \.js$ cgi \?acl avi urlpath_regex -i \.avi$acl mpeg urlpath_regex -i \.m1v$ \.mpeg$ \.mpg$acl mpeg_2 urlpath_regex -i \.m2v$ \.vob$acl mpeg_audio urlpath_regex -i \.mpa$ \.mp2$ \.mp3$ \.aac$acl dat urlpath_regex -i \.dat$ \.bin$
acl asf urlpath_regex -i \.asf$ \.wma$ \.asx$ \.wmv$acl real urlpath_regex -i \.ram$ \.ra$ \.rm$ \.rnx$acl vivo urlpath_regex -i \.viv$ \.vivo$acl localserver dst 202.65.112.29 202.65.112.30 202.65.112.20acl yahoo_networks dstdomain .yahoo.comacl forcecache url_regex -i kh.google keyhole.comacl mrtg_citranet dstdomain .e-jogja.net
no_cache deny yahoo_networksno_cache allow forcecacheno_cache deny QUERYno_cache deny avino_cache deny mpegno_cache deny mpeg_audiono_cache deny datno_cache deny mrtg_citranet#no_cache deny asf#no_cache deny realno_cache deny localserverno_cache deny vivo
# quick abort:# always finish if less than 10k# finish if more than 50%# always abort if more tan 1024k#quick_abort_min 20 kb#quick_abort_pct 50%#quick_abort_max 1024 kb
#quick_abort_min 128 kb#quick_abort_pct 75%#quick_abort_max 4096 kb
#squid will consume less bandwidth than the other settingquick_abort_min 0 kbquick_abort_max 0 kbquick_abort_pct 0 %
range_offset_limit 0half_closed_clients offrequest_header_max_size 50 KB
emulate_httpd_log off
reload_into_ims onpipeline_prefetch on
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-privaterefresh_pattern ^http://(.*?)/videodownload\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
# New Refresh Patternrefresh_pattern -i \.search\.vip\.scd\.yahoo\.com/image/ 10080 100% 43200 ignore-reload override-lastmod override-expirerefresh_pattern -i \.(au|mpg|mpeg|mp3|avi|mid|wav)$ 10080 100% 43200 ignore-reload override-lastmod override-expirerefresh_pattern -i \.(tif|tiff|bmp|png|gif|jpg|jpeg)$ 10080 100% 43200 ignore-reload override-lastmod override-expirerefresh_pattern -i \.(jpe|swf|pdf|mov|sit|tar)$ 10080 100% 43200 ignore-reload override-lastmod override-expire
refresh_pattern -i \.(exe|arj|gz|Z|zip|bz2|tgz|rar)$ 10080 100% 43200 ignore-reload override-lastmod override-expirerefresh_pattern . 240 100% 4320 reload-into-ims override-expire
# Old Refresh Pattern#refresh_pattern -i \.(exe|zip|tar|tar.gz|tgz|rpm)$ 28800 19000% 999999 override-expire override-lastmod ignore-reload#refresh_pattern -i \.(pdf|bin|dat|cab|yim|ctf)$ 28800 19000% 999999 override-expire override-lastmod ignore-reload ignore-no-cache#refresh_pattern -i \.(swf|fla|xfs|gpf|rgz)$ 21600 500% 999999 override-expire ignore-reload override-lastmod reload-into-ims#refresh_pattern -i \.(gif|jpeg|jpg|png|jpe|tif|jpe|flv)$ 2880 19000% 999999 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth ignore-reload#refresh_pattern -i \.(xbm|xpm|xwd|pict|ief)$ 0 500% 999999##refresh_pattern http://photos.friendster.com/.*\.(jpg|jpeg|gif) 21600 999% 999999 ignore-reload override-lastmod override-expire ##refresh_pattern http://images.friendster.com/.*\.(jpg|jpeg|gif) 21600 999% 999999 ignore-reload override-lastmod override-expire##refresh_pattern http://*.friendster.com/.* 4320 999% 43200 ##refresh_pattern http://*.yimg.com/.*\.(jpg|gif|jpeg|swf|js) 21600 999% 999999 override-expire override-lastmod ignore-reload #refresh_pattern http://*.dlservice.microsoft.com/.*\.(cab|exe) 21600 999% 999999 override-expire override-lastmod ignore-reload#refresh_pattern http://*.download.windowsupdate.com/.*\.(cab|exe) 21600 999% 999999 override-expire override-lastmod ignore-reload#refresh_pattern http://*.fotografer.net/.*\.(jpg|jpeg|gif|swf|tif) 21600 999% 999999 override-expire override-lastmod ignore-reload#refresh_pattern -i kh.google 1440 20% 10080 override-expire override-lastmod reload-into-ims ignore-reload#refresh_pattern -i keyhole.com 1440 20% 10080 override-expire override-lastmod reload-into-ims ignore-reload#refresh_pattern cgi-bin 1 20% 2#refresh_pattern \.html$ 1 20% 2#refresh_pattern \.htm$ 1 20% 2#refresh_pattern \.asp$ 1 20% 2#refresh_pattern \.aspx$ 1 20% 2#refresh_pattern \.acgi$ 1 20% 2#refresh_pattern \.cgi$ 1 20% 2#refresh_pattern \.pl$ 1 20% 2#refresh_pattern \.shtml$ 1 20% 2#refresh_pattern \.php3$ 1 20% 2#refresh_pattern \.php$ 1 20% 2#refresh_pattern \.jsp$ 1 20% 2#refresh_pattern \? 1 20% 2#refresh_pattern . 960 90% 43200 ##refresh_pattern . 480 50% 22160##refresh_pattern . 0 20% 4320
maximum_object_size_in_memory 24 KBmaximum_object_size 128 MB
#reference_age 1 monthread_timeout 30 minutesclient_lifetime 2 hourspconn_timeout 15 secondsrequest_timeout 1 minuteshutdown_lifetime 10 secondsnegative_ttl 2 minutespositive_dns_ttl 53 secondsnegative_dns_ttl 29 seconds
persistent_request_timeout 2 minutes peer_connect_timeout 60 secondsdead_peer_timeout 25 secondsicp_query_timeout 2000#detect_broken_pconn on
ipcache_size 10240ipcache_low 98ipcache_high 99
#dns_children 32
#dns_nameservers 202.65.112.21 202.65.112.22 202.65.112.30ignore_unknown_nameservers off
cache_mgr [email protected]_effective_user squidcache_effective_group squid
visible_hostname localhostminimum_direct_hops 5
log_fqdn offmemory_pools offforwarded_for officp_hit_stale onlogfile_rotate 0
store_objects_per_bucket 10store_avg_object_size 13 kb
netdb_high 10000netdb_low 9900netdb_ping_period 30 seconds
log_icp_queries offtest_reachability off#query_icmp onquery_icmp offclient_db offdebug_options ALL,1
#max_open_disk_fds 0ie_refresh on#vary_ignore_expire on
extension_methods REGISTER SEARCH PROFIND PROPPATCH MKCOL MOVE BMOVE DELETE BDELETE REPORT MERGE MKACTIVITY CHECKOUT
#high_memory_warning 2048 mb#high_response_time_warning 5500#high_page_fault_warning 2
strip_query_terms off
acl peers src 127.0.0.1acl snmppublic snmp_community publicacl mgr src 127.0.0.1 202.95.38.0/24 192.168.1.0/24 202.65.112.0/22acl Manager proto cache_objectacl post method POST
acl ssl method CONNECTacl purge method PURGEacl BADPORTS port 7 9 11 19 22 23 25 53 110 119 513 514
acl all src 0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src 127.0.0.1/255.255.255.255acl IRC_ports port 6000-7000acl SSL_ports port 443 563acl Safe_ports port 80acl Safe_ports port 21acl Safe_ports port 443 563acl Safe_ports port 70acl Safe_ports port 210#acl Safe_ports port 1025-65535acl Safe_ports port 280acl Safe_ports port 488acl Safe_ports port 591acl Safe_ports port 777acl CONNECT method CONNECTacl ftp_connected proto FTPacl kazaa dstdomain .kazaa.comacl VIRUS urlpath_regex winnt/system32/cmd.exe? /SETUP9x.EXEacl VIRUS urlpath_regex ^/osa..gifacl VIRUS urlpath_regex ^/./fils.phpacl VIRUS urlpath_regex ^/./999.jpgacl VIRUS urlpath_regex ^/w.phpacl microsoft dstdomain .microsoft.comacl INADDR_ANY dst 0.0.0.0/32acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$acl msnmessenger req_mime_type ^application/x-msn-messenger$acl YAHOOATTACK urlpath_regex akamai.*yahoo.*config/login
acl localnetwork src 192.168.0.0/24#acl reguest_deny src 192.168.1.50/32#acl operator_deny arp 00:E0:4D:55:E4:12#acl localdest dst 202.65.112.0/25
icp_access deny posticp_access deny all
acl cvsweb url_regex cvswebcachemgr_passwd secret allhttp_access allow purge mgrhttp_access deny purgehttp_access allow Manager mgrhttp_access deny Managerhttp_access deny !Safe_portshttp_access deny CONNECT !Safe_ports#http_access deny kazaahttp_access deny VIRUShttp_access deny IpAddrProbeUA IpAddrProbeURLhttp_access deny INADDR_ANY#http_access deny msnmessengerhttp_access deny YAHOOATTACKhttp_access deny IRC_portshttp_access allow sslhttp_access allow peershttp_access allow localnetwork
#http_access deny reguest_deny#http_access deny operator_deny
http_access deny all
# Redirector Access#redirector_access allow redir_warnet#redirector_access allow redir_kantor#redirector_access deny all
#acl all2 src 0/0#reply_body_max_size 500000000 allow all2
acl mrtg src 202.65.112.20snmp_access allow snmppublic mrtgsnmp_access deny all
#always_direct allow localdestalways_direct allow ftp_connected
miss_access allow localnetwork#never_direct allow all
acl msn_networks dstdomain .hotmail.com .msn.comacl ie6 browser MSIE[[:space:]]6header_access Accept-Encoding deny msn_networks ie6
check_hostnames offallow_underscore on
#acl local1 src 192.168.1.8/30#acl local2 src 192.168.1.12/30#acl local3 src 192.168.1.16/30#acl local4 src 192.168.1.20/30#acl local5 src 192.168.1.24/30
#tcp_outgoing_address 202.65.116.181 local1#tcp_outgoing_address 202.65.116.182 local2#tcp_outgoing_address 202.65.116.183 local3#tcp_outgoing_address 202.65.116.184 local4#tcp_outgoing_address 202.65.116.185 local5
server_http11 on
#download controller#acl download urlpath_regex -i ftp .exe .cab .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .asx .asf .wma .wmv .vivo .rnx .arj .tgz .bz2 .yim#acl unlimit src 202.65.116.160/28 202.65.115.0/29 202.65.115.8/29 #acl daytime time 06:00-22:00#acl ms_download req_mime_type ^application/x-msdownload$#acl avg_file dstdomain .grisoft.com .grisoft.cz
#delay_pools 2
#delay_class 1 2#delay_access 1 allow localnetwork#delay_parameters 1 -1/-1 -1/-1
#delay_class 2 2
#delay_access 2 allow download#delay_parameters 2 48000/48000 2000/16000
# End of configuration
