# Minimum ACL configuration
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl nomsn dstdomain .pnu.ac.ir
cache deny nomsn
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Protect innocent web applications running on the
# proxy server who think the only one who can access
# services on "localhost" is a local user
http_access deny to_localhost
# Clients access rules
#acl localnet src *.*.*.0/26
acl localnet src*.*.*.0/24
#acl localnet src *.*.*.0/24
http_access allow localnet
http_access allow localhost
# Finally deny all other access to this proxy
http_access deny all
# Deny all ICP requests to this proxy
icp_access deny all
# Deny all HTCP requests to this proxy
htcp_access deny all
# Squid normall listener
http_port 3128
#http_port 3128 tcpkeepalive=60,10,6
# TPROXY spoof listener
http_port 3129 tproxy
#http_port 3129 tproxy tcpkeepalive=60,10,6 disable-pmtu-discovery=transparent
# Override /etc/resolv.conf
#dns_nameservers 8.8.8.8
"squid.conf" 241L, 7369C
# Protect dynamic content
hierarchy_stoplist cgi-bin ? dll aspx
# Cache memory should be at most half of RAM size in MB
cache_mem 4096 MB
# These objects should be kept in memory
maximum_object_size_in_memory 40 KB
# Which objects are replaced when memory space is needed
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
# Disk swap directories
cache_dir aufs /cache/1 245760 512 2048
#cache_dir aufs /cache/2 122880 512 2048
#cache_dir aufs /cache/3 122880 512 2048
#cache_dir aufs /cache/4 122880 512 2048
# These objects should be kept on hard disk
maximum_object_size 65536 KB
# Water marks for cache object replacement
cache_swap_high 95
cache_swap_low 93
# Logfile format
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
# Access log address
access_log /usr/local/squid/var/logs/access.log squid
# Number of old logfiles
logfile_rotate 0
# Watchdog configs
#acl watchdog src 192.168.0.17
#log_access deny watchdog
# Leave coredumps in the first cache dir
coredump_dir /cache/1
# Continues downloading abort
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 98
# Time-to-Live for failed requests
negative_ttl 3 minutes
# How log shuold cache positive DNS responses
positive_dns_ttl 1 hours
# Maximum size for HTTP headers
request_header_max_size 100 KB
# Shutdown pending time
shutdown_lifetime 15 seconds
# Administrator
cache_mgr
abdooli1046@gmail.com
# Hostname
visible_hostname CacheServer
# Don't show version in error pages
httpd_suppress_version_string on
# Costume error pages
error_directory /usr/local/squid/share/errors/mine/
# SNMP settings for MRTG access
acl mrtg src 127.0.0.1 # 192.168.0.17
acl snmppublic snmp_community public
snmp_access allow snmppublic mrtg
snmp_access deny all
snmp_port 3401
# Inter Cache Communication Protocol
icp_port 0
# Hyper Text Caching Protocol discovery
htcp_port 0
# Water marks for the IP cache
ipcache_size 40960
ipcache_high 95
ipcache_low 90
# Parallel requests from a pipeline.
pipeline_prefetch on
# Close immediately half-closed connections
half_closed_clients off
# Transparent Headers
forwarded_for transparent
via off
# Mark HIT packets
qos_flows local-hit=0x30
# Purge: squidclient -m PURGE
Google
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
# Web Services workaround
ignore_expect_100 on
# Maximum connection limit of single client IP
#client_ip_max_connections -1
# eCAP Gzip (UNSTABLE)
#ecap_enable on
#ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip
#loadable_modules /usr/local/lib/ecap_adapter_gzip.so
#acl GZIP_HTTP_STATUS http_status 200
#adaptation_access gzip_service allow GZIP_HTTP_STATUS
#wccp2_router 172.16.106.233
#wccp2_forwarding_method gre
#wccp2_return_method gre
#wccp2_service dynamic 80
#wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
#wccp2_service dynamic 90
#wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80
# Refresh patterns (refresh-ims)
# Image files
refresh_pattern -i \.png$ 10080 90% 43200
refresh_pattern -i \.gif$ 10080 90% 43200
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.jpeg$ 10080 90% 43200
refresh_pattern -i \.bmp$ 10080 90% 43200
refresh_pattern -i \.tif$ 10080 90% 43200
refresh_pattern -i \.tiff$ 10080 90% 43200
# Compressed files
refresh_pattern -i \.zip$ 10080 90% 43200
refresh_pattern -i \.rar$ 10080 90% 43200
refresh_pattern -i \.tar$ 10080 90% 43200
refresh_pattern -i \.gz$ 10080 90% 43200
refresh_pattern -i \.tgz$ 10080 90% 43200
refresh_pattern -i \.z$ 10080 90% 43200
refresh_pattern -i \.arj$ 10080 90% 43200
refresh_pattern -i \.lha$ 10080 90% 43200
refresh_pattern -i \.lzh$ 10080 90% 43200
# Binary files
refresh_pattern -i \.exe$ 10080 90% 43200
refresh_pattern -i \.msi$ 10080 90% 43200
# Multimedia files
refresh_pattern -i \.mp3$ 10080 90% 43200
refresh_pattern -i \.wav$ 10080 90% 43200
refresh_pattern -i \.mid$ 10080 90% 43200
refresh_pattern -i \.midi$ 10080 90% 43200
refresh_pattern -i \.ram$ 10080 90% 43200
refresh_pattern -i \.ra$ 10080 90% 43200
refresh_pattern -i \.mov$ 10080 90% 43200
refresh_pattern -i \.avi$ 10080 90% 43200
refresh_pattern -i \.wmv$ 10080 90% 43200
refresh_pattern -i \.mpg$ 10080 90% 43200
refresh_pattern -i \.mpeg$ 10080 90% 43200
refresh_pattern -i \.swf$ 10080 90% 43200
# Document files
refresh_pattern -i \.pdf$ 10080 90% 43200
refresh_pattern -i \.ps$ 10080 90% 43200
refresh_pattern -i \.doc$ 10080 90% 43200
refresh_pattern -i \.ppt$ 10080 90% 43200
refresh_pattern -i \.pps$ 10080 90% 43200
# Default patterns
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320