Vim/etc/squid. conf

[[Email protected] ~] # Vi/etc/squid. conf

#
# Recommended minimum Configuration:
#
ACL manager proto cache_object
ACL localhost SRC 127.0.0.1/32: 1
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32: 1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# Shoshould be allowed
ACL localnet SRC 10.0.0.0/8 # rfc1918 possible internal network
ACL localnet SRC 172.16.0.0/12 # rfc1918 possible internal network
ACL localnet SRC 192.168.0.0/16 # rfc1918 possible internal network
ACL localnet SRC fc00:/7 # RFC 4193 local private network range
ACL localnet SRC fe80:/10 # RFC 4291 link-local (directly plugged) Machines

ACL ssl_ports port 443
ACL safe_ports port 80 # HTTP
ACL safe_ports port 21 # ftp
ACL safe_ports port 443 # https
ACL safe_ports port 70 # Gopher
ACL safe_ports port 210 # wais
ACL safe_ports port 1025-65535 # unregistered ports
ACL safe_ports port 280 # http-Mgmt
ACL safe_ports port 488 # GSS-HTTP
ACL safe_ports port 591 # FileMaker
ACL safe_ports port 777 # multiling HTTP
ACL connect method connect

#
# Recommended minimum access permission Configuration:
#
# Only allow cachemgr access from localhost
Http_access allow manager localhost
Http_access deny Manager

# Deny requests to certain unsafe ports
Http_access deny! Safe_ports

# Deny connect to other than secure SSL ports
Http_access deny connect! Ssl_ports

# We stronugly recommend the following be uncommented to protect innocent
# Web applications running on the proxy server who think the only
"/Etc/squid. conf" 77l, 2510c

The above is the initial value of squid. conf.

 

:#

# Recommended minimum Configuration:
#
ACL manager proto cache_object
ACL localhost SRC 127.0.0.1/32: 1 // define the source address as the ACL of the local loopback address
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32: 1 // define the ACL of the destination address

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# Shoshould be allowed
ACL localnet SRC 10.0.0.0/8 # rfc1918 possible internal network // define the ACL of the ingress network segment
ACL localnet SRC 172.16.0.0/12 # rfc1918 possible internal network
ACL localnet SRC 192.168.0.0/16 # rfc1918 possible internal network
ACL localnet SRC fc00:/7 # RFC 4193 local private network range
ACL localnet SRC fe80:/10 # RFC 4291 link-local (directly plugged) Machines

ACL ssl_ports port 443 // The ACL that defines the security port as 443
ACL safe_ports port 80 # http // ACL that defines the security port as 80
ACL safe_ports port 21 # ftp // defines the ACL with the security port 21
ACL safe_ports port 443 # https
ACL safe_ports port 70 # Gopher
ACL safe_ports port 210 # wais
ACL safe_ports port 1025-65535 # unregistered ports
ACL safe_ports port 280 # http-Mgmt
ACL safe_ports port 488 # GSS-HTTP
ACL safe_ports port 591 # FileMaker
ACL safe_ports port 777 # multiling HTTP
ACL connect method connect // define the ACL for connect
#
# Auth
Auth_param BASIC Program/usr/lib64/squid/squid_db_auth -- User cache -- password bmv7rfsa -- plaintext -- persist
Auth_param basic children 5
Auth_param basic realm web-proxy
Auth_param basic credentialsttl 1 minute
Auth_param basic casesensitive off
Acl db-auth proxy_auth required
Http_access allow DB-auth
Http_access allow localhost
#
# Recommended minimum access permission Configuration:
#
# Only allow cachemgr access from localhost
Http_access allow manager localhost // only the local host is allowed for Cache Management
Http_access deny manager // reject all Cache Management for other hosts

# Deny requests to certain unsafe ports
Http_access deny! Safe_ports // reject all non-safe_ports connections. safe_ports are the ports defined in the configuration file.

# Deny connect to other than secure SSL ports
Http_access deny connect! Ssl_ports

# We stronugly recommend the following be uncommented to protect innocent
# Web applications running on the proxy server who think the only
# One who can access services on "localhost" is a local user
# Http_access deny to_localhost

#
# Insert your own rule (s) here to allow access from your clients
#

# Example rule allowing access from your local networks.
# Adapt localnet In the ACL section to list your (internal) IP Networks
# From where browsing shoshould be allowed
Http_access allow localnet // allow the region network segment to use
Http_access allow localhost

# And finally deny all other access to this proxy
# Http_access deny all // reject all

Http_access allow all // allow all

# Squid normally listens to port 3128
Http_port 8089 // set the IP address and port number of the listener
Cache_mem 128 MB // total memory cache capacity, which is provided to squid in addition. The total memory usage of squid is x * 10 + 15 + "cache_mem ", the size of the Squid cache (in GB ),
// For example, if the cache size below is 100 MB, that is, 0.1 GB, the total memory usage is 0.1*10 + 15 + 64 = 80 m, the recommended size is 1/3-1/2 of the physical memory or more.
Maximum_object_size 4 MB // sets the maximum size of files cached on the squid disk. Files larger than 4 MB are not saved to the hard disk.
Maximum_object_size_in_memory 4 MB // you can set the maximum cache capacity of a single file to 4 MB.
Https_port 443 Cert =/usr/local/squid/etc/bpoj. CRT key =/usr/local/squid/etc/bpoj. Key
Cache_log/var/log/squid/cache. Log // set cache logs

Access_log/var/log/squid/access. Log // log // file storage path and log format

# Access_log syslog squid
Cache_dir ufs/var/log/squid/cache 200 16 512 read-only // defines the cache storage path and cache directory capacity of squid (unit: m) number of level-1 cache directories and level-2 Cache Directories

# Uncomment and adjust the following to add a disk cache directory.
# Cache_dir ufs/usr/local/squid/var/Cache/squid 100 16 256

# Leave coredumps In the first cache dir
Coredump_dir/var/log/squid/core_dump

// Percent is the percentage. If squid last modifies the coefficient algorithm below the percentage, the data will expire.
# Add any of your own refresh_pattern entries above these.
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern. 0 20% 4320
# We recommend you to use at least the following line.
Hierarchy_stoplist cgi-bin? // Disable CGI script caching

# Uncomment and adjust the following to add a disk cache directory.
# Cache_dir ufs/var/spool/squid 100 16 256

# Leave coredumps In the first cache dir
Coredump_dir/var/spool/squid

# Add any of your own refresh_pattern entries above these.
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern. 0 20% 4320

# Custom error
Error_directory/etc/squid/pages/

Vim/etc/squid. conf