squid.conf squid4

1. # SQUID CONFIGURATION SQUID VERSION-4
2. # HTTP | HTTPS SQUID PROXY SERVER
3.  
4. acl localnet src 192.168.1.0/24  # for your local network
5. # acl all src
6. acl SSL_ports port 443
7. acl SSL_ports port 182
8. acl SSL_ports port 5353
9. acl Safe_ports port 21
10. acl Safe_ports port 22
11. acl Safe_ports port 53
12. acl Safe_ports port 70
13. acl Safe_ports port 80
14. acl Safe_ports port 210
15. acl Safe_ports port 280
16. acl Safe_ports port 1025-65535
17. acl Safe_ports port 443
18. acl Safe_ports port 488
19. acl Safe_ports port 591
20. acl Safe_ports port 777
21. acl Safe_ports port 5353
22. acl Safe_ports port 18901-18909
23. acl Safe_ports port 1818
24. acl Safe_ports port 39190
25. acl Safe_ports port 40000-40010
26. acl Safe_ports port 7777
27. acl Safe_ports port 19101
28. acl Safe_ports port 27780
29. acl Safe_ports port 29000
30. acl Safe_ports port 22100
31. acl Safe_ports port 5121
32. acl Safe_ports port 6000-6152
33. acl Safe_ports port 2001
34. acl Safe_ports port 9601-9602
35. acl Safe_ports port 8085
36. acl Safe_ports port 11011-11041
37. acl Safe_ports port 13413
38. acl Safe_ports port 19000
39. acl Safe_ports port 5105
40. acl Safe_ports port 10009
41. acl Safe_ports port 12060-12070
42. acl Safe_ports port 6000-6001
43. acl Safe_ports port 29200
44. acl Safe_ports port 10402
45. acl Safe_ports port 9600
46. acl Safe_ports port 15002
47. acl Safe_ports port 16402-16502
48. acl Safe_ports port 5126
49. acl Safe_ports port 3010
50. acl Safe_ports port 11031  
51. acl Safe_ports port 11440-11460
52. acl Safe_ports port 11100-11125
53. acl Safe_ports port 4300
54. acl Safe_ports port 12011
55. acl Safe_ports port 12110
56. acl Safe_ports port 15001
57. acl Safe_ports port 15002
58. acl Safe_ports port 7341
59. acl Safe_ports port 7451
60. acl Safe_ports port 7808
61. acl Safe_ports port 30000
62. acl Safe_ports port 9001
63. acl Safe_ports port 9030
64. acl Safe_ports port 953
65. acl Safe_ports port 42051-42052
66. acl Safe_ports port 36567
67. acl Safe_ports port 8001
68. acl Safe_ports port 14000-14050
69. acl Safe_ports port 27019
70. acl Safe_ports port 28901-28920
71. acl Safe_ports port 7201-7208
72. acl Safe_ports port 17001-17002
73. acl Safe_ports port 14300-14440
74. acl Safe_ports port 15100-15150
75. acl Safe_ports port 7770-7790
76. acl Safe_ports port 16320-16340
77. acl Safe_ports port 9000-9160
78. acl Safe_ports port 7200
79. acl Safe_ports port 7400
80. acl Safe_ports port 7106
81. acl Safe_ports port 7999
82. acl Safe_ports port 47611
83. acl Safe_ports port 36567
84. acl Safe_ports port 10087  
85. acl Safe_ports port 27000-27050
86. acl Safe_ports port 27014-27050
87. acl Safe_ports port 4380
88. acl Safe_ports port 3478
89. acl Safe_ports port 4379
90. acl Safe_ports port 8890
91. acl Safe_ports port 9339
92. acl Safe_ports port 8890
93. acl Safe_ports port 7200-7210
94. acl Safe_ports port 7450-7460
95. acl Safe_ports port 8000
96. acl Safe_ports port 64990-65010
97. acl CONNECT method CONNECT
98. # ========================================================================================================
99. #Deny Access
100. acl deny_domain dstdomain .windowsupdate.com .dl.ws.microsoft.com
101. acl deny_domain dstdomain .googlesyndication.com dstdomain .doubleclick.net .beritavideo.info .g.doubleclick.net
102. http_access deny deny_domain
103. # ========================================================================================================
104. # deny ads_web
105. acl deny_url url_regex -i ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?)
106. ==========================================================================================================
107. acl deny_url url_regex -i ^https?:\/\/cache\.pack\.google\.com\/edgedl\/.*\.(exe|crx|msi)$
108. acl deny_url url_regex -i ^https?:\/\/.*\.c\.pack\.google\.com\/edgedl\/.*\.(exe|crx|msi)\?
109. http_access deny deny_url
110. http_reply_access deny deny_url
111. # ========================================================================================================
112. # acl deny_cache url_regex -i ^https?.*(mdn.net\/instream|googleapis.com|doubleclick.net)\/.*\/adsapi.*\.swf$
113. acl deny_cache url_regex -i (.*)\.*\/\/.*airdownload.adobe.com(.*)\/s?.*
114. acl deny_cache url_regex -i ^https?:\/\/download\.mozilla\.(org|net)\/\?product
115. cache deny deny_cache
116. # ========================================================================================================
117. # ACCESS RULES
118. http_access deny !Safe_ports
119. http_access deny CONNECT !SSL_ports
120. http_access allow bonbinnet
121. http_access allow localhost
122. http_access deny all
123.  
124. # LISTENING PORT SQUID
125. http_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/myCA.pem
126. http_port 3128
127. http_port 3129 tproxy
128.  
129. # CONNECTION HANDLING
130. qos_flows local-hit=0x30
131. collapsed_forwarding on
132. balance_on_multiple_ip on
133. detect_broken_pconn on
134. client_persistent_connections off
135. server_persistent_connections on
136.  
137. # DNS OPTIONS
138. #dns_packet_max 4096
139. dns_defnames on
140. dns_v4_first on
141. dns_nameservers 192.168.1.254 8.8.8.8 8.8.4.4
142. connect_retries 2
143. negative_dns_ttl 1 second
144. range_offset_limit 0
145. quick_abort_min 0 KB
146. quick_abort_max 0
147. quick_abort_pct 100
148. ipcache_low 98
149. ipcache_high 99
150. ipcache_size 1024
151. fqdncache_size 1024
152. pipeline_prefetch 0
153.  
154. # MISCELEANOUS
155. memory_pools off
156. # refresh_all_ims on
157. reload_into_ims on
158. max_filedescriptors 65536
159.  
160. # CACHE MANAGEMENT
161. cache_mem 256 MB
162. maximum_object_size_in_memory 128 KB
163. memory_replacement_policy heap GDSF
164. cache_effective_group proxy
165. cache_effective_user proxy
166. cache_dir aufs /cache/cache 5000 1 256
167. coredump_dir /cache/cache
168. cache_mgr kangmus
169. visible_hostname kangmus
170. minimum_object_size 512 bytes
171. maximum_object_size 512 MB
172. read_ahead_gap 64 KB   
173. cache_replacement_policy heap LFUDA
174. store_dir_select_algorithm least-load
175. # strip_query_terms off
176. cache_swap_high 90
177. cache_swap_low 95
178.  
179. # LOG FILE OPTIONS
180. acl log method CONNECT
181. logfile_daemon /usr/lib/squid/log_file_daemon
182. access_log daemon:/var/log/squid/access.log !CONNECT
183. cache_log /var/log/squid/cache.log
184. cache_store_log /var/log/squid/store.log
185. # debug_options ALL,1 22,3
186. cache_store_log none
187. logfile_rotate 5
188. pid_filename /var/run/squid.pid
189.  
190. # FILTERING HTTPS
191. acl 1 dstdomain .fbcdn.net .akamaihd.net .fbsbx.com
192. acl 2 url_regex -i ^https?:\/\/attachment\.fbsbx\.com\/.*\?(id=[0-9]*).*
193. acl 2 url_regex -i \.fbsbx\.com\/.*\/(.*\.(unity3d|pak|zip|exe|dll|jpg|png|gif|swf)/)$
194. acl 2 url_regex -i ^https?:\/\/.*\.ytimg\.com(.*\.(webp|jpg|gif))
195. acl 2 url_regex -i ^https?:\/\/([^\.]*)\.yimg\.com\/(.*)
196. acl 2 url_regex -i ^https?:\/\/.*\.gstatic\.com\/images\?q=tbn\:(.*)
197. acl 2 url_regex -i ^https?:\/\/.*\.reverbnation\.com\/.*\/(ec_stream_song|download_song_direct|stream_song)\/([0-9]*).*
198. acl 2 url_regex -i ^https?:\/\/([a-z0-9.]*)(\.doubleclick\.net|\.quantserve\.com|.exoclick\.com|interclick.\com|\.googlesyndication\.com|\.auditude\.com|.visiblemeasures\.com|yieldmanager|cpxinteractive)(.*)
199. acl 2 url_regex -i ^https?:\/\/(.*?)\/(ads)\?(.*?)
200. acl 2 url_regex -i ^https?:\/\/.*steampowered\.com\/.*\/([0-9]+\/(.*))
201. acl 3 url_regex -i ^https?:\/\/(.*?)\/speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
202. acl 3 url_regex -i speedtest\/.*\.(jpg|txt|png|gif|swf)\?.*
203. acl 4 url_regex -i reverbnation.*audio_player.*ec_stream_song.*$
204. acl 5 url_regex -i utm.gif.*
205. acl 6 url_regex -i c.android.clients.google.com.market.GetBinary.GetBinary.*
206. acl 7 url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
207. acl 7 url_regex -i \.c\.(youtube|google)\.com\/(get_video|videoplayback|videoplay).*$
208. acl 7 url_regex -i (youtube|google).*\/videoplayback\?.*
209. acl 8 http_status 302
210.  
211. acl store_url url_regex -i (youtube|googlevideo|docs.google|video.google).*videoplayback\?.*
212. acl loop_302 http_status 302
213. acl loop_mime rep_mime_type text/html
214. acl loop_mime rep_mime_type text/plain
215. acl getmethod method GET
216.  
217. store_miss deny store_url loop_302
218. store_miss deny store_url loop_mime
219. send_hit deny store_url loop_302
220. send_hit deny store_url loop_mime
221.  
222. ssl_bump splice ipbypass
223. ssl_bump splice spliceserver
224. ssl_bump splice localhost
225. acl 9 at_step SslBump1
226. acl 10 at_step SslBump2
227. acl 11 at_step SslBump3
228. ssl_bump peek 9 all
229. ssl_bump stare 10 all
230. ssl_bump splice 11 all
231.  
232. sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB
233. sslcrtd_children 16 startup=1 idle=1
234. sslproxy_cert_error allow all
235. always_direct allow all
236. ssl_unclean_shutdown on
237.  
238. # STORE ID
239. store_id_program /usr/bin/perl /etc/squid/store-id.pl
240. store_id_children 10 startup=5 idle=2 concurrency=10
241. store_id_access allow store_rewrite_list
242. store_id_access allow partial_garena
243. store_id_access allow lytogame
244. store_id_access allow 1
245. store_id_access allow 2
246. store_id_access allow 3
247. store_id_access allow 4
248. store_id_access allow 5
249. store_id_access allow 6
250. store_id_access allow 7
251. store_miss deny 7 8
252. send_hit deny 7 8
253. store_id_access deny all
254.  
255. # TUNNING CACHE
256. max_stale 6 days
257. vary_ignore_expire on
258. shutdown_lifetime 10 seconds
259. include /etc/squid/refresh.conf