Script Server ( squid.conf )
http_port 0.0.0.0:3128
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
# Time Out
request_timeout 1 minute
forward_timeout 1 minutes
connect_timeout 1 minute
peer_connect_timeout 1 minutes
pconn_timeout 120 second
read_timeout 2 minute
persistent_request_timeout 2 minute
shutdown_lifetime 3 second
negative_ttl 2 minute
positive_dns_ttl 120 second
negative_dns_ttl 120 second
netdb_low 900
netdb_high 1000
client_db on
client_lifetime 1 day
# Transparent
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# mark for no cache
hierarchy_stoplist cgi-bin ? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ .exe .cfg ucg
acl QUERY urlpath_regex cgi-bin \? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1 .cfg .exe ucg
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
memory_pools on
# memory_pools_limit 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
# LOGFILE
# —————————————————————
cache_dir aufs /var/spool/squid 4096 16 256
cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log none
# mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid
log_fqdn off
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1
# OPTIONS FOR TUNING THE CACHE
# —————————————————————
# refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
# refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min -1 KB
quick_abort_max 0 KB
quick_abort_pct 100
half_closed_clients off
# ACL CONTROLS
# —————————————————————
acl Manager proto cache_object
acl all src 0.0.0.0/0
acl localhost src 127.0.0.0/8
acl All_Port port 1-65535
acl CONNECT method CONNECT
http_access allow Manager all
http_access deny manager
http_access allow All_Port
http_access allow CONNECT All_Port
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
# ADMINISTRATIVE PARAMETERS
# ——————————————————————-
cache_mgr squid@oxygencafe.net
visible_hostname oxygencafe.net
# MISCELLANEOUS
# ——————————————————————
logfile_rotate 3
log_icp_queries off
query_icmp off
buffered_logs off
reload_into_ims on
nonhierarchical_direct off
prefer_direct on
strip_query_terms off
pipeline_prefetch on
ie_refresh on
forwarded_for on
vary_ignore_expire on
store_dir_select_algorithm round-robin
ignore_unknown_nameservers on
header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All allow all
# cache_peer x.x.x.x parent xxxx 0 default no-query no-delay login=x:xxx
# never_direct allow all
error_directory /etc/squid/errors
follow_x_forwarded_for allow localhost
store_avg_object_size 50 MB
# reference_age 2 hour
# siteselect_timeout 2 hour
# ####DELAY POOLS###################################################
# This is the most important part for shaping incoming traffic with Squid
# For detailed description see squid.conf file or docs at http://www.squid-cache.org
# We don't want to limit downloads on our local network.
# acl magic_words1 url_regex -i 192.168
# We want to limit downloads of these type of files
# Put this all in one line
# .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip
# acl magic_words2 url_regex -i ftp http .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip
# We don't block .html, .gif, .jpg and similar files, because they
# generally don't consume much bandwidth
# We want to limit bandwidth during the day, and allow
# full bandwidth during the night
# Caution! with the acl below your downloads are likely to break
# at 23:59. Read the FAQ in this bandwidth if you want to avoid it.
# acl day time 00:00-23:59
# We have two different delay_pools
# View Squid documentation to get familiar
# with delay_pools and delay_class.
# delay_pools 2
# #####################################
# First delay pool
# We don't want to delay our local traffic.
# There are three pool classes; here we will deal only with the second.
# First delay class (1) of second type (2).
# delay_class 1 2
#-1/-1 mean that there are no limits.
# delay_parameters 1 -1/-1 -1/-1
# magic_words1: 192.168 we have set before
# delay_access 1 allow magic_words1
# #####################################
# #####################################
# Second delay pool.
# we want to delay downloading files mentioned in magic_words2.
# Second delay class (2) of second type (2).
# delay_class 2 2
# The numbers here are values in bytes;
# we must remember that Squid doesn't consider start/stop bits
# 5000/150000 are values for the whole network
# 5000/120000 are values for the single IP
# after downloaded files exceed about 150000 bytes,
# (or even twice or three times as much)
# they will continue to download at about 5000 bytes/s
# delay_parameters 2 5000/150000 5000/120000
# OLD_OK
# delay_parameters 2 640000/640000 256000/256000
# NEW_TEST
# Mbps = 1.0 1.5 2.0 2.5 3.0 3.5 4.0
# bps = 1024 1536 2048 2560 3072 3584 4096
# Byte = 128 192 256 320 384 448 512
# delay_parameters 2 384000/384000 192000/256000
# delay_parameters 2 384000/384000 192000/384000
# delay_parameters 2 512000/512000 320000/384000
# # delay_parameters 2 -1/-1 -1/-1
# # We have set day to 00:00-23:59 before.
# delay_access 2 allow day
# delay_access 2 deny !day
# delay_access 2 allow magic_words2
# #####################################
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
# Time Out
request_timeout 1 minute
forward_timeout 1 minutes
connect_timeout 1 minute
peer_connect_timeout 1 minutes
pconn_timeout 120 second
read_timeout 2 minute
persistent_request_timeout 2 minute
shutdown_lifetime 3 second
negative_ttl 2 minute
positive_dns_ttl 120 second
negative_dns_ttl 120 second
netdb_low 900
netdb_high 1000
client_db on
client_lifetime 1 day
# Transparent
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# mark for no cache
hierarchy_stoplist cgi-bin ? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ .exe .cfg ucg
acl QUERY urlpath_regex cgi-bin \? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1 .cfg .exe ucg
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————
cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
memory_pools on
# memory_pools_limit 6 MB
maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
# LOGFILE
# —————————————————————
cache_dir aufs /var/spool/squid 4096 16 256
cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log none
# mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid
log_fqdn off
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1
# OPTIONS FOR TUNING THE CACHE
# —————————————————————
# refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
# refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
quick_abort_min -1 KB
quick_abort_max 0 KB
quick_abort_pct 100
half_closed_clients off
# ACL CONTROLS
# —————————————————————
acl Manager proto cache_object
acl all src 0.0.0.0/0
acl localhost src 127.0.0.0/8
acl All_Port port 1-65535
acl CONNECT method CONNECT
http_access allow Manager all
http_access deny manager
http_access allow All_Port
http_access allow CONNECT All_Port
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
# ADMINISTRATIVE PARAMETERS
# ——————————————————————-
cache_mgr squid@oxygencafe.net
visible_hostname oxygencafe.net
# MISCELLANEOUS
# ——————————————————————
logfile_rotate 3
log_icp_queries off
query_icmp off
buffered_logs off
reload_into_ims on
nonhierarchical_direct off
prefer_direct on
strip_query_terms off
pipeline_prefetch on
ie_refresh on
forwarded_for on
vary_ignore_expire on
store_dir_select_algorithm round-robin
ignore_unknown_nameservers on
header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All allow all
# cache_peer x.x.x.x parent xxxx 0 default no-query no-delay login=x:xxx
# never_direct allow all
error_directory /etc/squid/errors
follow_x_forwarded_for allow localhost
store_avg_object_size 50 MB
# reference_age 2 hour
# siteselect_timeout 2 hour
# ####DELAY POOLS###################################################
# This is the most important part for shaping incoming traffic with Squid
# For detailed description see squid.conf file or docs at http://www.squid-cache.org
# We don't want to limit downloads on our local network.
# acl magic_words1 url_regex -i 192.168
# We want to limit downloads of these type of files
# Put this all in one line
# .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip
# acl magic_words2 url_regex -i ftp http .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip
# We don't block .html, .gif, .jpg and similar files, because they
# generally don't consume much bandwidth
# We want to limit bandwidth during the day, and allow
# full bandwidth during the night
# Caution! with the acl below your downloads are likely to break
# at 23:59. Read the FAQ in this bandwidth if you want to avoid it.
# acl day time 00:00-23:59
# We have two different delay_pools
# View Squid documentation to get familiar
# with delay_pools and delay_class.
# delay_pools 2
# #####################################
# First delay pool
# We don't want to delay our local traffic.
# There are three pool classes; here we will deal only with the second.
# First delay class (1) of second type (2).
# delay_class 1 2
#-1/-1 mean that there are no limits.
# delay_parameters 1 -1/-1 -1/-1
# magic_words1: 192.168 we have set before
# delay_access 1 allow magic_words1
# #####################################
# #####################################
# Second delay pool.
# we want to delay downloading files mentioned in magic_words2.
# Second delay class (2) of second type (2).
# delay_class 2 2
# The numbers here are values in bytes;
# we must remember that Squid doesn't consider start/stop bits
# 5000/150000 are values for the whole network
# 5000/120000 are values for the single IP
# after downloaded files exceed about 150000 bytes,
# (or even twice or three times as much)
# they will continue to download at about 5000 bytes/s
# delay_parameters 2 5000/150000 5000/120000
# OLD_OK
# delay_parameters 2 640000/640000 256000/256000
# NEW_TEST
# Mbps = 1.0 1.5 2.0 2.5 3.0 3.5 4.0
# bps = 1024 1536 2048 2560 3072 3584 4096
# Byte = 128 192 256 320 384 448 512
# delay_parameters 2 384000/384000 192000/256000
# delay_parameters 2 384000/384000 192000/384000
# delay_parameters 2 512000/512000 320000/384000
# # delay_parameters 2 -1/-1 -1/-1
# # We have set day to 00:00-23:59 before.
# delay_access 2 allow day
# delay_access 2 deny !day
# delay_access 2 allow magic_words2
# #####################################
ไม่มีความคิดเห็น:
แสดงความคิดเห็น