|
# common settings |
|
# --------------- |
|
http_port 127.0.0.1:888 |
|
http_port 3128 |
|
http_port 9090 intercept |
|
visible_hostname squid |
|
workers 1 |
|
|
|
dns_nameservers 192.168.110.10 141.1.1.1 |
|
|
|
# Standard ACL configuration |
|
# -------------------------- |
|
# Allow proxing standard web traffic only |
|
acl SSL_ports port 443 |
|
acl Safe_ports port 80 |
|
acl Safe_ports port 443 |
|
acl CONNECT method CONNECT |
|
|
|
# ACLs to target for logging |
|
acl success_codes http_status 100-199 # informational |
|
acl success_codes http_status 200-299 # successful transactions |
|
acl success_codes http_status 300-399 # redirection |
|
acl failure_codes http_status 400-499 # client error |
|
acl failure_codes http_status 500-599 # server error |
|
acl success_hier hier_code HIER_DIRECT |
|
acl failure_hier hier_code HIER_NONE |
|
acl failure all-of CONNECT failure_hier |
|
acl failure all-of !CONNECT failure_codes |
|
acl success all-of CONNECT success_hier |
|
acl success all-of !CONNECT success_codes |
|
|
|
acl localnet src 127.0.0.1 |
|
acl localnet src 192.168.0.0/16 |
|
acl docker src 172.17.0.0/16 |
|
|
|
acl safe_ports port 80 |
|
acl safe_ports port 443 |
|
|
|
# ACL operators |
|
# ------------- |
|
http_access allow localhost |
|
http_access allow localnet |
|
http_access allow docker |
|
http_access deny to_localhost |
|
http_access deny CONNECT !Safe_ports |
|
http_access deny CONNECT !SSL_ports |
|
http_access deny !Safe_ports |
|
http_access allow Safe_ports |
|
http_access deny all |
|
|
|
follow_x_forwarded_for allow localhost |
|
follow_x_forwarded_for allow localnet |
|
follow_x_forwarded_for allow docker |
|
|
|
# Logging configuration |
|
# --------------------- |
|
log_mime_hdrs on |
|
# access_log daemon:/var/log/squid/access.log squid !success |
|
cache_log stdio:/var/log/squid/cache.log |
|
cache_store_log stdio:/var/log/squid/store.log |
|
access_log stdio:/var/log/squid/access.log# strip_query_terms off |
|
# debug_options ALL,1 |
|
|
|
coredump_dir /var/cache/squid |
|
cache_mem 2 GB |
|
cache_replacement_policy heap LFUDA |
|
cache_dir ufs /var/cache/squid 256 4 8 |
|
|
|
offline_mode on |
|
|
|
maximum_object_size 12288 MB |
|
maximum_object_size_in_memory 6 MB |
|
|
|
|
|
pipeline_prefetch on |
|
|
|
# http://www.squid-cache.org/Versions/v2/2.6/cfgman/refresh_pattern.html |
|
# refresh_pattern [-i] regex min percent max [options] |
|
# |
|
refresh_pattern ^ftp: 1440 20% 10080 |
|
refresh_pattern ^rsync: 1440 20% 10080 |
|
refresh_pattern ^gopher: 1440 0% 1440 |
|
|
|
#refresh_pattern (cgi-bin|\?) 0 0% 0 |
|
#refresh_pattern . 0 20% 10080 |
|
|
|
# ignore-no-cache bzw. override-expire bricht das http-Protokoll! |
|
# refresh_pattern \.ttweb\.net 5 99% 10080 ignore-no-cache override-expire |
|
# refresh_pattern . 360 50% 10080 ignore-no-cache ignore-private |
|
# refresh_pattern -i \.html 3600 50% 10080 ignore-no-cache override-expire ignore-private |
|
|
|
#refresh_pattern -i \.jpg$ 7200 40% 10080 ignore-no-cache override-expire ignore-private |
|
#refresh_pattern -i \.gif$ 7200 40% 10080 ignore-no-cache override-expire ignore-private |
|
#refresh_pattern -i \.png$ 7200 40% 10080 ignore-no-cache override-expire ignore-private |
|
refresh_pattern \.tar\.bz2$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.tar\.gz$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.tar\.xz$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.apk$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.deb$ 0 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern . 0 20% 4320 |
|
|
|
|
|
# Logging configuration |
|
# --------------------- |
|
visible_hostname linux |
|
forwarded_for off |
|
request_header_access X-FORWARDED-FOR deny all |
|
request_header_access Via deny all |
|
request_header_access Cache-Control deny all |
|
|
|
|
|
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh |
|
|
|
# strip_query_terms off |
|
# debug_options ALL,1 |
|
|
|
coredump_dir /var/cache/squid |
|
cache_mem 2 GB |
|
cache_replacement_policy heap LFUDA |
|
cache_dir ufs /var/cache/squid 256 4 8 |
|
|
|
offline_mode on |
|
|
|
maximum_object_size 12288 MB |
|
maximum_object_size_in_memory 6 MB |
|
|
|
pipeline_prefetch on |
|
|
|
# http://www.squid-cache.org/Versions/v2/2.6/cfgman/refresh_pattern.html |
|
# refresh_pattern [-i] regex min percent max [options] |
|
# |
|
refresh_pattern ^ftp: 1440 20% 10080 |
|
refresh_pattern ^rsync: 1440 20% 10080 |
|
refresh_pattern ^gopher: 1440 0% 1440 |
|
|
|
# ignore-no-cache bzw. override-expire bricht das http-Protokoll! |
|
refresh_pattern \.tar\.bz2$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.tar\.gz$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.tar\.xz$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.apk$ 7200 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern \.deb$ 0 40% 10080 ignore-no-cache override-expire ignore-private refresh-ims |
|
refresh_pattern . 0 20% 4320 |
|
|
|
# --------------------- |
|
forwarded_for off |
|
request_header_access X-FORWARDED-FOR deny all |
|
request_header_access Via deny all |
|
request_header_access Cache-Control deny all |