squid.conf

1. acl all src
2. acl SSL_ports port 443
3. acl Safe_ports port 80
4. acl Safe_ports port 21
5. acl Safe_ports port 443
6. acl Safe_ports port 70
7. acl Safe_ports port 210
8. acl Safe_ports port 1025-65535
9. acl Safe_ports port 280
10. acl Safe_ports port 488
11. acl Safe_ports port 591
12. acl Safe_ports port 777
13. acl CONNECT method CONNECT
14. acl getmethod method GET
15.  
16.  
17. # Rules to block few Advertising sites
18. acl ads url_regex -i .youtube\.com\/ad_frame?
19. acl ads url_regex -i .(s|s[0-90-9])\.youtube\.com
20. acl ads url_regex -i .googlesyndication\.com
21. acl ads url_regex -i .doubleclick\.net
22. acl ads url_regex -i ^http:\/\/googleads\.*
23. acl ads url_regex -i ^http:\/\/(ad|ads|ads[0-90-9]|ads\d|kad|a[b|d]|ad\d|adserver|adsbox)\.[a-z0-9]*\.[a-z][a-z]*
24. acl ads url_regex -i ^http:\/\/openx\.[a-z0-9]*\.[a-z][a-z]*
25. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.openx\.net\/
26. acl ads url_regex -i ^http:\/\/[a-z0-9]*\.u-ad\.info\/
27. acl ads url_regex -i ^http:\/\/adserver\.bs\/
28. acl ads url_regex -i !^http:\/\/adf\.ly
29. http_access deny ads
30. http_reply_access deny ads
31. #deny_info http://yoursite/yourad,htm ads
32. #==== End Rules: Advertising ====
33.  
34.  
35. acl reverbnation url_regex -i reverbnation.*(audio_player|ec_stream_song).*$
36. acl reverbnation url_regex -i \.c\.(reverbnation|c2lo)\.com\/(get_audio|audioplayback|audioplay).*$
37. acl youtube url_regex -i youtube.*(ptracking|stream_204|player_204|gen_204).*$
38. acl youtube url_regex -i (youtube|google).*\/videoplayback\?.*
39. acl speedtest url_regex -i ^https?:\/\/(.*?)\/speedtest\/(.*\.(jpg|txt))\??.*$
40. acl deny_domain dstdomain .windowsupdate.com
41. http_access deny deny_domain
42.  
43. acl deny_url url_regex -i ^https?:\/\/.*cdn\.mozilla\.(net|org)\/pub\/firefox\/(releases|candidates)\/.*\/update\/win32\/.*
44. acl deny_url url_regex -i ^https?:\/\/.*\.pack.google.com\/edgedl\/chrome\/win\/.*
45. acl deny_url url_regex -i ^https?:\/\/cache.pack.google.com\/edgedl\/.*
46. acl deny_url url_regex -i ^https?:\/\/www.google.com\/dl\/chrome\/win\/.*
47. http_access deny deny_url
48.  
49. cache_mgr Internet-Kaltersia
50. visible_hostname albspirit@info.al
51.  
52. cache_mem 5000 MB
53. cache_swap_low 98
54. cache_swap_high 99
55. ipcache_size 2048
56. ipcache_low 98
57. ipcache_high 99
58.  
59. ################################
60.  
61.  
62. maximum_object_size 1024 MB
63. maximum_object_size_in_memory 512 KB
64. minimum_object_size 1 KB
65.  
66. cache_replacement_policy heap LFUDA
67. memory_replacement_policy heap GDSF
68.  
69. cache_dir ufs /mnt/128gb/cache-1 112500 264 256
70. cache_dir ufs /mnt/128gb/cache-2 112500 264 256
71.  
72. cache_dir ufs /mnt/gb128/cache-1 112500 264 256
73. cache_dir ufs /mnt/gb128/cache-2 112500 264 256
74.  
75.  
76. access_log stdio:/var/log/squid/access.log
77. #cache_log /var/log/squid/cache.log
78. cache_store_log none
79. logfile_rotate 1
80.  
81.  
82. always_direct allow all
83. ssl_bump server-first all
84. http_access deny !Safe_ports
85. http_access deny CONNECT !SSL_ports
86. http_access allow all
87. http_reply_access allow all
88. icp_access allow all
89.  
90.  
91.  
92. http_port 3128
93. http_port 3129 tproxy
94. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
95.  
96. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
97.  
98. sslcrtd_children 20
99. always_direct allow all
100. ssl_bump client-first all
101. sslproxy_cert_error allow all
102. sslproxy_flags DONT_VERIFY_PEER
103. sslproxy_cert_error deny all
104.  
105. ssl_unclean_shutdown on
106. sslproxy_version 1
107. always_direct allow all
108. ssl_bump none localhost
109. ssl_bump server-first all
110. sslproxy_cert_error allow all
111. sslproxy_flags DONT_VERIFY_PEER
112.  
113. acl QUERY urlpath_regex -i (begin|start)\=
114. acl QUERY urlpath_regex -i cgi-bin \? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
115. acl dontrewrite url_regex -i c\.youtube\.com\/.*(begin|start)\=.*
116. acl dontrewrite url_regex redbot\.org
117. acl getmethod method GET
118. acl redir urlpath_regex -i &redirect_counter=1&cms_redirect=yes
119. acl redir urlpath_regex -i &ir=1&rr=12
120. acl yutube url_regex -i youtube\.com\/(generate_204|ptracking|stream_204|player_204|s|(.*(playback|watchtime|delayplay)))\?.*$
121. acl yutube url_regex -i gstatic\.com\/csi\?.*$
122.  
123. acl rewritedoms url_regex -i dl\.sourceforge\.net.*
124. acl rewritedoms url_regex -i i[0-9]*\.ytimg\.com.*
125. acl rewritedoms url_regex -i ak\.fbcdn\.net.*
126. acl rewritedoms url_regex -i (youtube|google).*\/videoplayback\?.*
127.  
128. store_id_program /etc/squid/store-id.pl
129. store_id_children 20 startup=10 idle=5 concurrency=30
130. store_id_access deny !getmethod
131. store_id_access deny redir
132. store_id_access deny dontrewrite
133. store_id_access allow rewritedoms
134. store_id_access allow youtube
135. store_id_access allow speedtest
136. store_id_access allow reverbnation
137. store_id_access deny all
138.  
139. strip_query_terms off
140. max_stale 1 year
141.  
142.  
143. refresh_pattern -i akamaihd.net.* 43830 99% 43830 override-expire override-lastmod ignore-reload
144. refresh_pattern -i https:\/\/.*\.xx\.fbcdn\.net\/.* 43830 99% 43830 override-expire override-lastmod ignore-reload
145. refresh_pattern ^.*safebrowsing.*google 43830 99% 43830 override-expire ignore-reload ignore-no-store ignore-private ignore-auth ignore-must-revalidate store-stale
146. refresh_pattern -i \.wikimapia\.org\/? 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-private
147.  
148. refresh_pattern -i \.(gif|png|pnp|img|jpg|jpeg|jpe?g|jpeg2|ico|mod|bmp|eps|tif|tiff?|pcx|pic|tga|iff|sct|pxr|raw|dcs|rle|lzw|ccit|f3d|woff)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
149. refresh_pattern -i \.(pps|ppsx|ps|rtx|wpl|doc|docx|pdf|xls|xlsx|latex|ppt|pptx|mbd|conf|txt|asm|pl|log|dll|bat|psd)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
150. refresh_pattern -i \.(mp4|3ivx|asf|avi|m2ts|divx|mjpeg|ogv|webm|mpg|mpeg|ogg|wmv|mkv|3gp|swf|flv|x-flv|3g2|vob|swf|swz|mov)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
151. refresh_pattern -i \.(ogg|mp2|ac3|mpc|m4a|flac|aiff|aif|aifc|raw|au|mid|wav|wv|mp3|gsm|dct|aac|mmf|wma|atrac|ra|ram|dss|msv|dvf|m4p|amr|awb|ape|apl)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
152. refresh_pattern -i \.(exe|dfg|crx|7z|mds|mod|mdl|arj|bz2|ms-dos|ccd|sub|deb|cab|pak|bin|cue|nrg|isz|mdf|qt|zip|tar|jar|jxr|jad|tar.gz|tar|msi|inc|lha|ms(i|p|u)|rpm|tgz|rtp|rpz|nui|kom|stg|pak|sup|nzp|npz|tgz|reg|vpx|idx|gz|avc|ref|msp|iso|info.gz|vdf.gz|rar|mar|dat|rp)$ 110080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
153. refresh_pattern -i \.(css|js)$ 10080 99% 10080 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
154. refresh_pattern -i (hackshield|nprotect|webnProtect) 0 0% 0
155. refresh_pattern -i \.(php|html|xml|aspx)$\? 0 0% 0
156. ################################
157. refresh_pattern ^http.*(youtube|googlevideo)\.* 43200 99% 242020 ignore-reload override-expire override-lastmod ignore-must-revalidate ignore-private ignore-no-store ignore-auth store-stale
158. #FB
159. refresh_pattern \.facebook\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
160. refresh_pattern \.facebook\.com.* 240 50% 480
161. refresh_pattern \.fbcdn\.net.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private store-stale
162. refresh_pattern \.gstatic\.com/images\? 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private ignore-must-revalidate
163. refresh_pattern \.(akamaihd|edgecastcdn|spilcdn|zgncdn|(tw|y|yt)img)\.com.*\.(jp(e?g|e|2)|gif|png|swf|mp(3|4)) 1440 99% 14400 override-expire override-lastmod ignore-reload ignore-private
164. refresh_pattern (gstatic|diggstatic)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
165. refresh_pattern (photobucket|pbsrc|flickr|yimg|ytimg|twimg|gravatar)\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private
166. refresh_pattern (zynga|ninjasaga|mafiawars|cityville|farmville|crowdstar|spilcdn|agame|popcap)\.com/.* 1440 99% 14400 override-expire ignore-reload ignore-private
167. refresh_pattern ^http:\/\/images|image|img|pics|openx|thumbs[0-9]\. 1440 99% 14400 override-expire ignore-reload ignore-private
168. refresh_pattern ^.*safebrowsing.*google 1440 99% 14400 override-expire ignore-reload ignore-private ignore-auth ignore-must-revalidate
169. refresh_pattern ^http://.*\.squid\.internal\/.* 10080 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth max-stale=10000 store-stale
170. refresh_pattern -i reverbnation.com 1440 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private ignore-must-revalidate ignore-reload store-stale
171. refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv\?|\.fid\?) 43200 99% 43200 override-expire ignore-reload ignore-must-revalidate ignore-private
172.  
173. #
174. #PATTERN REFRESH
175. refresh_pattern -i \.(html|htm|css|js|png|jsp|asx|asp|aspx)$ 240 100% 420
176. refresh_pattern -i \/speedtest\/.*\.(txt|jpg|png|swf) 0 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
177. refresh_pattern .pixieimage\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
178. refresh_pattern .blogspot\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
179. refresh_pattern .multiply\.com.*\.(jp(e?g|e|2)|gif|png|tiff?|bmp|swf|mp(4|3)) 1440 99% 14400 override-expire ignore-reload ignore-private ignore-reload override-lastmod reload-into-ims
180. refresh_pattern .((pikawarnet\.com)|(blogspot\.com)|(pixieimage\.com)|(multiply\.com)).* 60 30% 240
181. # Add any of your own refresh_pattern entries above these.
182. #
183. refresh_pattern ^ftp: 1440 20% 10080
184. refresh_pattern ^gopher: 1440 0% 1440
185. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
186. refresh_pattern . 0 20% 4320
187.  
188. ########################################################
189.  
190. range_offset_limit 1 KB
191. quick_abort_min 0 KB
192. quick_abort_max 0 KB
193. quick_abort_pct 100
194.  
195. ##############################################
196.  
197. forwarded_for off
198. request_header_access X-Forwarded-For deny all
199. request_header_access From deny all
200. request_header_access Server deny all
201. request_header_access Link deny all
202. request_header_access Via deny all
203. request_header_access WWW-Authenticate deny all
204. request_header_access Cache-Control deny all
205. request_header_access Proxy-Connection deny all
206. request_header_access X-Cache deny all
207. request_header_access X-Cache-Lookup deny all
208. request_header_access Forwarded-For deny all
209. request_header_access Pragma deny all
210. request_header_access Keep-Alive deny all
211.  
212. dns_nameservers 8.8.8.8 8.8.4.4
213. offline_mode off
214. memory_pools off
215. client_db off
216. cache_effective_user proxy
217. cache_effective_group proxy
218. reload_into_ims on
219. vary_ignore_expire on
220. qos_flows local-hit=0x30