Optimized Squid proxy squid.conf configuration example

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range
acl noscan dstdomain symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com avstats.avira.com premium.avira-update.com 8f8fb293be49781da3e3229cd4469a18.da3e3.net # RFC 4291 link-local (directly plugged) machines

#acl video urlpath_regex -i \.(mpa|m2a|mpe|avi|mov|mpg|mpg3|mpg4|mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp2|mp3|mp4|wmv|m3u8|flv|ts|f4v|f4m)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
#no_cache deny video
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy
# Squid normally listens to port 3128
#pipeline_prefetch 7
read_ahead_gap 256 MB
client_request_buffer_max_size 1 MB
#quick_abort_min -1 KB
#range_offset_limit -1
eui_lookup off
http_port 0.0.0.0:8080 intercept disable-pmtu-discovery=always
http_port 0.0.0.0:3128
tcp_outgoing_address 192.168.2.2
connect_retries 5

client_persistent_connections on
server_persistent_connections on

# We recommend you to use at least the following line.
#hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir diskd /ssd/0 54000 32 256 Q1=256 Q2=296
#cache_dir diskd /ssd/1 54000 32 256 Q1=256 Q2=296
#cache_dir diskd /ssd/3 54000 32 256 Q1=256 Q2=296

#cache_dir diskd /ssd2/0 68000 32 256
#cache_dir diskd /ssd2/1 68000 32 256
#cache_dir diskd /ssd2/3 68000 32 256

cache_dir ufs /ssd/0 54000 32 256
cache_dir ufs /ssd/1 54000 32 256
cache_dir ufs /ssd/3 54000 32 256

cache_dir diskd /ssd2/0 68000 32 256 Q1=256 Q2=296
cache_dir diskd /ssd2/1 68000 32 256 Q1=256 Q2=296
cache_dir diskd /ssd2/3 68000 32 256 Q1=256 Q2=296

store_dir_select_algorithm round-robin
#cache_replacement_policy heap LFUDA
#memory_replacement_policy heap LFUDA

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
refresh_pattern -i \.(gif)|png|jp(g|eg|2)[?])$ 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(jpx|j2k|j2c|fpx|ico|bmp|tif(f)|webp|bif|ver|pcd|pict|rif|exif|hdr|bpg|img|[?])$ 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(swf|js)$ 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(wav|c(la)ss|dat|zsci|ver|advcs|woff(|2)|eps|ttf|svgi(|z)|ps(1))|acsm)$ 220000 90% 300000 override-expire reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(mpa|m2a|mpe|avi|mov|mpg(|3|4))$ 220000 90% 300000 reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(mpeg|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg|ogm|asf|asx|mp(2|3|4)|wmv|m3u8|flv|ts|f4(v|m))$ 220000 90% 300000 reload-into-ims ignore-no-store ignore-private refresh-ims store-stale
refresh_pattern -i \.(htm(|l)|crl)$ 9440 90% 300000 reload-into-ims refresh-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(xml|flow|asp(|x))$ 0 90% 300000
refresh_pattern -i \.(json)$ 0 90% 300000
refresh_pattern -i (/cgi-bin/|\?) 0 0% 300000
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0
refresh_pattern -i ^http:\/\/premium.avira-update.com.*\(gz) 0 0% 0
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms(i|u|f)|asf|wm(v|a)|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms(i|u|f)|asf|wm(v|a)|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms(i|u|f)|asf|wm(v|a)|dat|zip)$ 4320 80% 43200 reload-into-ims refresh-ims
refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz)$ 220000 90% 300000 override-expire reload-into-ims refresh-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(bz(|2)|ipa|ram|rar|bin|uxx|gz|crl|msi|dll|hz|cab|psf|vidt|apk|wtex|hz|ov(a|f))$ 220000 90% 300000 override-expire reload-into-ims refresh-ims ignore-no-store ignore-private store-stale
refresh_pattern -i \.(ppt|pptx|doc(x|m|b)|dot|pdf|pub|xl(s|sx|t|m|lsm|tm|w)|csv|txt)$ 220000 90% 300000 override-expire reload-into-ims refresh-ims ignore-no-store ignore-private store-stale
#refresh_pattern -i ^ftp: 66000 90% 200000
#refresh_pattern -i ^gopher: 1440 0% 1440
refresh_pattern -i . 0 90% 300000 override-expire reload-into-ims refresh-ims ignore-no-store store-stale ignore-private
log_icp_queries off
icp_port 0
htcp_port 0
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
minimum_object_size 0 KB
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
vary_ignore_expire off
reload_into_ims on
cache_swap_low 85
cache_swap_high 90
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 512 KB
reply_header_max_size 512 KB
request_entities on
half_closed_clients off
max_filedesc 65535
connect_timeout 4 second
cache_effective_group squid
buffered_logs on
#access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log buffer-size=2048KB
#access_log none
netdb_filename none
client_db off
dns_nameservers 127.0.0.1 127.0.0.1 192.168.2.2 192.168.1.96
ipcache_size 8096
ipcache_low 90
ipcache_high 95
dns_v4_first on
negative_ttl 5 minutes
positive_dns_ttl 30 days
negative_dns_ttl 5 minutes
dns_retransmit_interval 1 seconds
detect_broken_pconn on
check_hostnames off
forwarded_for delete
via off
httpd_suppress_version_string on
# mem and cache size
#collapsed_forwarding on
cache_mem 12 GB
memory_cache_mode disk
maximum_object_size 12 GB
maximum_object_size_in_memory 12 GB
digest_generation off
#digest_bits_per_entry 16
pinger_enable off
memory_pools on
cache_store_log none
max_stale 1 month
#workers 4
#memory_cache_shared on




Facebooktwittergoogle_plusredditpinterestlinkedinmail