################################################## ############################
# Squid 2.6.STABLE6 Configuration
################################################## ############################
# NETWORK OPTIONS
# ----------------------------------------------------------------------------
http_port Yourip:Your port
transparent Example http_port 192.168.1.1:7878 transparent
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
nonhierarchical_direct on
cache_vary on
# -----------------------------------------------------------------------------
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB
ipcache_size 10240
ipcache_low 90
ipcache_high 95
fqdncache_size 10240
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
# -----------------------------------------------------------------------------
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
cache_dir diskd /cache 10240 24 256 Q1=80 Q2=90
access_log /var/log/squid/access.log
cache_log none
cache_store_log none
emulate_httpd_log off
log_ip_on_direct off
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.0
# -----------------------------------------------------------------------------
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
ftp_user
Squid@squid-cache.org
ftp_list_width 32
ftp_passive on
ftp_sanitycheck off
ftp_telnet_protocol on
check_hostnames off
allow_underscore on
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
dns_defnames off
dns_nameservers 197.7.7.4 4.2.2.4 192.9.9.3
hosts_file /etc/hosts
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
# -----------------------------------------------------------------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
request_header_max_size 20 KB
request_body_max_size 0 KB
refresh_pattern ^ftp: 2880 25% 10080
refresh_pattern ^gopher: 2880 0% 2880
refresh_pattern -i \.(htmx|xhtml|sxml|shtml|java|aspx|perl)$ 5760 60% 10080 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(asp|css|php|xml|ocx|html|chtml|phtml)$ 5760 60% 10080 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(jpg|jpe|aac|jpeg|gif|png|bmp|pic)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(mpg|mpeg|mov|avi|midi|wmv|asx|thm)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(mid|wav|mp[234]|rm|ra|ram|wma|au)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(css|js|jar|class|pdf|doc|swf|txt)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(exe|tgz|tbz|tar|gz|bz2|zip|rar|cab)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(xbm|thb|dcr|art|spl|viv|z|vrm|vrml)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(jpg|jpe|aac|jpeg|gif|png|bmp|pic)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(aif|aifc|aiff|arj|c|cpt|dir|dxr|hqx)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(lha|lzh|movie|mpe|mpga|pl|ppt|ps|qt)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(qtm|ras|sea|sit|tif|tiff|js|jsp|fla)$ 20160 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern
http://*.windowsupdate.microsoft.com/ 300 60% 20160
refresh_pattern
http://windowsupdate.microsoft.com/ 300 60% 20160
refresh_pattern
http://download.macromedia.com/ 300 60% 20160
refresh_pattern
http://download.microsoft.com/ 300 60% 20160
refresh_pattern
http://office.microsoft.com/ 300 60% 20160
refresh_pattern
http://wxpsp2.microsoft.com/ 300 60% 20160
refresh_pattern
http://ftp.software.ibm.com/ 300 60% 20160
refresh_pattern
http://w2ksp4.microsoft.com/ 300 60% 20160
refresh_pattern
http://xpsp1.microsoft.com/ 300 60% 20160
refresh_pattern
ftp://ftp.nai.com/ 300 60% 20160
refresh_pattern . 300 50% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 24 hours
negative_dns_ttl 1 minute
range_offset_limit 0 KB
collapsed_forwarding on
# -----------------------------------------------------------------------------
# TIMEOUTS
# -----------------------------------------------------------------------------
forward_timeout 4 minutes
connect_timeout 1 minute
read_timeout 15 minutes
request_timeout 5 minutes
client_lifetime 12 hours
half_closed_clients on
pconn_timeout 120 seconds
shutdown_lifetime 5 seconds
# -----------------------------------------------------------------------------
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Dorsaa src Your Ip Rang Address
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 53 # dns
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl Safe_ports port 161 # SNMP
acl CONNECT method CONNECT
acl purge method PURGE
acl nimda1 urlpath_regex -i \.elm$
acl nimda2 urlpath_regex -i root.exe
acl nimda3 urlpath_regex -i cmd.exe
acl nimda4 urlpath_regex -i ^
http://.*www
acl nimda5 urlpath_regex -i readme.exe
acl nimda6 urlpath_regex -i default.id
acl nimda7 urlpath_regex -i :25
acl snmppublic snmp_community XXXX
http_access allow manager localhost
http_access allow purge localhost
http_access allow Dorsaa
http_access allow localhost
http_reply_access allow all
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
http_access deny nimda5
http_access deny nimda6
http_access deny nimda7
http_access deny purge
http_access deny all
icp_access deny all
ident_lookup_access deny all
reply_header_max_size 20 KB
reply_body_max_size 0 allow all
follow_x_forwarded_for deny all
snmp_port 161
snmp_access allow snmppublic localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
# -----------------------------------------------------------------------------
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr
XXX@XXX.net
mail_program mail
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string off
visible_hostname Cache.Dorsaa.Net
unique_hostname 2nd.Cache.Dorsaa.Net
# -----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
httpd_accel_no_pmtu_disc off
# -----------------------------------------------------------------------------
# MISCELLANEOUS
# -----------------------------------------------------------------------------
logfile_rotate 2
tcp_recv_bufsize 0 bytes
memory_pools on
memory_pools_limit 16 MB
via on
forwarded_for off
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
buffered_logs off
reload_into_ims off
icon_directory /usr/share/squid/icons
global_internal_static off
error_directory /usr/share/squid/errors/English
retry_on_error off
# -----------------------------------------------------------------------------
# DELAY POOL PARAMETER
# -----------------------------------------------------------------------------
max_open_disk_fds 0
offline_mode off
uri_whitespace allow
prefer_direct on
strip_query_terms off
coredump_dir /var/spool/squid
ignore_unknown_nameservers off
client_persistent_connections on
server_persistent_connections on
persistent_connection_after_error off
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
store_dir_select_algorithm round-robin
ie_refresh off
vary_ignore_expire on
sleep_after_fork 64
minimum_expiry_time 600 seconds
relaxed_header_parser on
max_filedesc 1024
# -----------------------------------------------------------------------------