Optimized squid proxy configuration for version 3.5.5

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com avstats.avira.com premium.avira-update.com # RFC 4291 link-local (directly plugged) machines

acl video urlpath_regex -i \.(mpa|m2a|mpe|avi|mov|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmvm3u8|flv|ts)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
#pipeline_prefetch 4
read_ahead_gap 100 MB
client_request_buffer_max_size 2048 KB
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2
connect_retries 5
client_persistent_connections on
server_persistent_connections on
detect_broken_pconn on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir diskd /ssd/0 100000 256 1024
cache_dir diskd /ssd/1 100000 256 1024
cache_dir diskd /ssd/2 100000 256 1024
cache_dir diskd /ssd/3 100000 256 1024

cache_dir diskd /ssd2/0 100000 256 1024
cache_dir diskd /ssd2/1 100000 256 1024
cache_dir diskd /ssd2/2 100000 256 1024
cache_dir diskd /ssd2/3 100000 256 1024

#cache_dir ufs /ssd/0 100000 256 1024
#cache_dir ufs /ssd/1 100000 256 1024
#cache_dir ufs /ssd/2 100000 256 1024
#cache_dir ufs /ssd/3 100000 256 1024

#cache_dir ufs /ssd2/0 100000 256 1024
#cache_dir ufs /ssd2/1 100000 256 1024
#cache_dir ufs /ssd2/2 100000 256 1024
#cache_dir ufs /ssd2/3 100000 256 1024

store_dir_select_algorithm round-robin
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
refresh_pattern -i \.(gif|png|jpg|jpeg|jp2|jpx|j2k|j2c|fpx|ico|bmp|tif|tiff|webp|bif|ver|pcd|pict|rif|exifi|hdr|bpg|img) 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(swf|js|wav|css|class|dat|zsci|ver|advcs|woff|eps|ttf|svg|svgz|ps|pl|acsm) 220000 90% 300000 override-expire reload-into-ims ignore-reload ignore-no-store ignore-private
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmvm3u8|flv|ts|f4v|f4m) 220000 90% 300000 override-expire reload-into-ims ignore-private
refresh_pattern -i \.(html|htm|crl) 9440 90% 300000 override-expire reload-into-ims refresh-ims ignore-private
refresh_pattern -i \.(xml|flow|aspx|asp) 0 90% 300000
refresh_pattern -i \.(json) 0 90% 300000
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 0 0% 0
#refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
#refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|msi|dll|hz|cab|psf|vidt|apk|wtex|hz) 220000 90% 300000 override-expire refresh-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(ppt|pptx|doc|docx|docm|docb|dot|pdf|pub|xls|xlsx|xlt|xlm|xlsm|xltm|xlw|csv|txt) 220000 90% 500000 override-expire reload-into-ims ignore-no-store ignore-private store-stale
#refresh_pattern -i ^ftp: 66000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440
refresh_pattern -i . 0 90% 300000 override-expire reload-into-ims refresh-ims

log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 85
cache_swap_high 90
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 256 KB
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 8 second
cache_effective_group squid
#buffered_logs on
#access_log /var/log/squid/access.log squid
#access_log daemon:/var/log/squid/access.log buffer-size=1024KB
access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 192.168.2.2 192.168.1.96
ipcache_low 50
dns_v4_first on
positive_dns_ttl 30 days
negative_dns_ttl 60 seconds
dns_retransmit_interval 2 seconds
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
cache_mem 10 GB
memory_cache_mode disk
maximum_object_size 2047 MB
maximum_object_size_in_memory 2048 KB
digest_generation off
#digest_bits_per_entry 16

pinger_enable off
#memory_pools off
reload_into_ims on
cache_store_log none
#quick_abort_min -1 KB
max_stale 1 month




Facebooktwittergoogle_plusredditpinterestlinkedinmail