ant2ne wrote:
This is great, the proxy is caching about a gig a day. Below is the final and fine tuned squid.conf that I will put into production after school lets out today. administrator@AHSPX01:~$ cat /etc/squid/squid.conf http_port 3128 acl QUERY urlpath_regex cgi-bin \? #no_cache deny QUERY cache_mem 512 MB maximum_object_size_in_memory 2048 KB maximum_object_size 1 GB cache_dir aufs /cache 500000 256 256 redirect_rewrites_host_header off cache_replacement_policy lru #acl QUERY urlpath_regex cgi-bin \? acl all src all acl localnet src 10.60.0.0/255.255.0.0 acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/8 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl SSL_Ports port 443 acl CONNECT method CONNECT
Gah! Your http_access were permitting internal people complete access with no safety limits again.
Make the http_access section this: http_access deny !Safe_ports http_access deny CONNECT !SSL_Ports http_access allow localnet http_access allow localhost http_access deny all
icp_port 0 refresh_pattern \.jpg$ 3600 50% 60 ignore-reload refresh_pattern \.gif$ 3600 50% 60 ignore-reload refresh_pattern \.css$ 3600 50% 60 ignore-reload refresh_pattern \.js$ 3600 50% 60 ignore-reload refresh_pattern \.html$ 300 50% 10 ignore-reload refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 #refresh_pattern . 60 50% 10 ignore-reload refrsh_pattern . 0 20% 4320 visible_hostname AHSPX01
Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
