Advertisement
albspirit86

squid.conf

Nov 24th, 2014
412
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.05 KB | None | 0 0
  1. acl all src
  2. acl SSL_ports port 443
  3. acl Safe_ports port 80
  4. acl Safe_ports port 21
  5. acl Safe_ports port 443
  6. acl Safe_ports port 70
  7. acl Safe_ports port 210
  8. acl Safe_ports port 1025-65535
  9. acl Safe_ports port 280
  10. acl Safe_ports port 488
  11. acl Safe_ports port 591
  12. acl Safe_ports port 777
  13. acl CONNECT method CONNECT
  14. acl getmethod method GET
  15.  
  16.  
  17. # Rules to block few Advertising sites
  18. acl ads url_regex -i .youtube\.com\/ad_frame?
  19. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
  20. acl ads url_regex -i .googlesyndication\.com
  21. acl ads url_regex -i .doubleclick\.net
  22. acl ads url_regex -i ^http:\/\/googleads\.*
  23. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
  24. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
  25. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
  26. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
  27. acl ads url_regex -i ^http:\/\/adserver\.bs\/
  28. acl ads url_regex -i !^http:\/\/adf\.ly
  29. http_access deny ads
  30. http_reply_access deny ads
  31. #deny_info http://yoursite/yourad,htm ads
  32. #==== End Rules: Advertising ====
  33.  
  34.  
  35. acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
  36. acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$
  37. acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
  38. acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
  39. acl speedtest url_regex -i ^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$
  40. acl deny_domain dstdomain .windowsupdate.com
  41. http_access deny deny_domain
  42.  
  43. acl deny_url url_regex -i ^https?:\/\/.*cdn\.mozilla\.(net|org)\/pub\/firefox\/(releases|candidates)\/.*\/update\/win32\/.*
  44. acl deny_url url_regex -i ^https?:\/\/.*\.pack.google.com\/edgedl\/chrome\/win\/.*
  45. acl deny_url url_regex -i ^https?:\/\/cache.pack.google.com\/edgedl\/.*
  46. acl deny_url url_regex -i ^https?:\/\/www.google.com\/dl\/chrome\/win\/.*
  47. http_access deny deny_url
  48.  
  49. cache_mgr Internet-Kaltersia
  50. visible_hostname albspirit@info.al
  51.  
  52. cache_mem 5000 MB
  53. cache_swap_low 98
  54. cache_swap_high 99
  55. ipcache_size 2048
  56. ipcache_low 98
  57. ipcache_high 99
  58.  
  59. ################################
  60.  
  61.  
  62. maximum_object_size 1024 MB
  63. maximum_object_size_in_memory 512 KB
  64. minimum_object_size 1 KB
  65.  
  66. cache_replacement_policy heap LFUDA
  67. memory_replacement_policy heap GDSF
  68.  
  69. cache_dir ufs /mnt/128gb/cache-1 112500 264 256
  70. cache_dir ufs /mnt/128gb/cache-2 112500 264 256
  71.  
  72. cache_dir ufs /mnt/gb128/cache-1 112500 264 256
  73. cache_dir ufs /mnt/gb128/cache-2 112500 264 256
  74.  
  75.  
  76. access_log stdio:/var/log/squid/access.log
  77. #cache_log /var/log/squid/cache.log
  78. cache_store_log none
  79. logfile_rotate 1
  80.  
  81.  
  82. always_direct allow all
  83. ssl_bump server-first all
  84. http_access deny !Safe_ports
  85. http_access deny CONNECT !SSL_ports
  86. http_access allow all
  87. http_reply_access allow all
  88. icp_access allow all
  89.  
  90.  
  91.  
  92. http_port 3128
  93. http_port 3129 tproxy
  94. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
  95.  
  96. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
  97.  
  98. sslcrtd_children 20
  99. always_direct allow all
  100. ssl_bump client-first all
  101. sslproxy_cert_error allow all
  102. sslproxy_flags DONT_VERIFY_PEER
  103. sslproxy_cert_error deny all
  104.  
  105. ssl_unclean_shutdown on
  106. sslproxy_version 1
  107. always_direct allow all
  108. ssl_bump none localhost
  109. ssl_bump server-first all
  110. sslproxy_cert_error allow all
  111. sslproxy_flags DONT_VERIFY_PEER
  112.  
  113. acl QUERY urlpath_regex -i (begin|start)\=
  114. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
  115. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
  116. acl dontrewrite url_regex redbot\.org
  117. acl getmethod method GET
  118. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
  119. acl redir urlpath_regex -i &ir=1&rr=12
  120. acl yutube url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
  121. acl yutube url_regex -i gstatic\.com\/csi\?.*$
  122.  
  123. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
  124. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
  125. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
  126. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
  127.  
  128. store_id_program /etc/squid/store-id.pl
  129. store_id_children 20 startup=10 idle=5 concurrency=30
  130. store_id_access deny !getmethod
  131. store_id_access deny redir
  132. store_id_access deny dontrewrite
  133. store_id_access allow rewritedoms
  134. store_id_access allow youtube
  135. store_id_access allow speedtest
  136. store_id_access allow reverbnation
  137. store_id_access deny all
  138.  
  139. strip_query_terms off
  140. max_stale 1 year
  141.  
  142.  
  143. refresh_pattern -i akamaihd.net.* 43830 99% 43830 override-expire override-lastmod ignore-reload
  144. refresh_pattern -i https:\/\/.*\.xx\.fbcdn\.net\/.* 43830 99% 43830 override-expire override-lastmod ignore-reload
  145. refresh_pattern ^.*safebrowsing.*google 43830 99% 43830 override-expire ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
  146. refresh_pattern -i \.wikimapia\.org\/? 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-private
  147.  
  148. refresh_pattern -i \.(gif|png|pnp|img|jpg|jpeg|jpe?g|jpeg2|ico|mod|bmp|eps|tif|tiff?|pcx|pic|tga|iff|sct|pxr|raw|dcs|rle|lzw|ccit|f3d|woff)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  149. refresh_pattern -i \.(pps|ppsx|ps|rtx|wpl|doc|docx|pdf|xls|xlsx|latex|ppt|pptx|mbd|conf|txt|asm|pl|log|dll|bat|psd)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  150. refresh_pattern -i \.(mp4|3ivx|asf|avi|m2ts|divx|mjpeg|ogv|webm|mpg|mpeg|ogg|wmv|mkv|3gp|swf|flv|x-flv|3g2|vob|swf|swz|mov)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  151. refresh_pattern -i \.(ogg|mp2|ac3|mpc|m4a|flac|aiff|aif|aifc|raw|au|mid|wav|wv|mp3|gsm|dct|aac|mmf|wma|atrac|ra|ram|dss|msv|dvf|m4p|amr|awb|ape|apl)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  152. refresh_pattern -i \.(exe|dfg|crx|7z|mds|mod|mdl|arj|bz2|ms-dos|ccd|sub|deb|cab|pak|bin|cue|nrg|isz|mdf|qt|zip|tar|jar|jxr|jad|tar.gz|tar|msi|inc|lha|ms(i|p|u)|rpm|tgz|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|tgz|reg|vpx|idx|gz|avc|ref|msp|iso|info.gz|vdf.gz|rar|mar|dat|rp)$ 110080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  153. refresh_pattern -i \.(css|js)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  154. refresh_pattern -i (hackshield|nprotect|webnProtect) 0 0% 0
  155. refresh_pattern -i \.(php|html|xml|aspx)$\? 0 0% 0
  156. ################################
  157. refresh_pattern ^http.*(youtube|googlevideo)\.* 43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
  158. #FB
  159. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  160. refresh_pattern \.facebook\.com.* 240 50% 480
  161. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
  162. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
  163. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
  164. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  165. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
  166. refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
  167. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
  168. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
  169. refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
  170. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
  171. refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
  172.  
  173. #
  174. #PATTERN REFRESH
  175. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
  176. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  177. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  178. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  179. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
  180. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
  181. # Add any of your own refresh_pattern entries above these.
  182. #
  183. refresh_pattern ^ftp: 1440 20% 10080
  184. refresh_pattern ^gopher: 1440 0% 1440
  185. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  186. refresh_pattern . 0 20% 4320
  187.  
  188. ########################################################
  189.  
  190. range_offset_limit 1 KB
  191. quick_abort_min 0 KB
  192. quick_abort_max 0 KB
  193. quick_abort_pct 100
  194.  
  195. ##############################################
  196.  
  197. forwarded_for off
  198. request_header_access X-Forwarded-For deny all
  199. request_header_access From deny all
  200. request_header_access Server deny all
  201. request_header_access Link deny all
  202. request_header_access Via deny all
  203. request_header_access WWW-Authenticate deny all
  204. request_header_access Cache-Control deny all
  205. request_header_access Proxy-Connection deny all
  206. request_header_access X-Cache deny all
  207. request_header_access X-Cache-Lookup deny all
  208. request_header_access Forwarded-For deny all
  209. request_header_access Pragma deny all
  210. request_header_access Keep-Alive deny all
  211.  
  212. dns_nameservers 8.8.8.8 8.8.4.4
  213. offline_mode off
  214. memory_pools off
  215. client_db off
  216. cache_effective_user proxy
  217. cache_effective_group proxy
  218. reload_into_ims on
  219. vary_ignore_expire on
  220. qos_flows local-hit=0x30
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement