Here you go with my squid.conf acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT # sqstat acl manager proto cache_object acl webserver src 10.51.100.206/255.255.255.255 http_access allow manager webserver http_access deny manager # Skype acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443 acl Skype_UA browser ^skype acl validUserAgent browser \S+ # for cheetah only #acl usman src 10.51.100.107 #delay_pools 1 #delay_class 1 1 #delay_parameters 1 22000/22000 #delay_access 1 allow usman #-------------Allow All ACL------------- acl aci_lan src 10.51.100.0/24 acl aci_general src 10.51.100.0/24 #----My ip acl my_ip src 10.51.100.240 http_access allow my_ip # Testing delay pool delay_pools 1 delay_class 1 1 delay_parameters 1 22000/10240000 delay_access 1 allow aci_general #---------------------Assurety Whitelist--------------- acl aci_whitelist dstdomain "/blocklist/aci_list/whitelist" http_access allow aci_whitelist #--Senior Allow Domainlist------------------------------ acl aci_seniors dstdomain "/blocklist/aci_list/whitelist_seniors" #---------------------------------------------------------#See implimentation in ACI implimentation section #--------------------Assurety Hard_Block-------------- acl aci_hard_block dstdomain "/blocklist/aci_list/hard_block_domains" http_access deny aci_hard_block #--------------------Hard_Block EXE and E.T.C--------------------- #acl mime_block_hard rep_mime_type -i "/blocklist/aci_list/hard_mime_block" #http_reply_access deny mime_block_hard #--General------Streaming Block------------------------------ acl mime_block rep_mime_type -i "/blocklist/aci_list/time_mime_block" #--General Domainlist------------------------------ acl aci_dest dstdomain "/blocklist/aci_list/time_block_domains" #--Seniors MAC list mouting------------------------------ acl aci_mac_seniors arp "/blocklist/aci_list/mac_list_seniors" #--General Timing------------ Normal Days Working hours-------------- acl aci_working_hours time MTWH 10:04-13:04 acl aci_working_hours time MTWH 14:04-18:04 #--General Timing-------------Friday------------------------ acl aci_working_hours time F 10:04-13:04 acl aci_working_hours time F 15:04-18:04 #--General/Seniors-------------Implimentation------------------ http_access allow aci_seniors aci_mac_seniors http_access deny aci_dest aci_working_hours aci_general http_reply_access deny mime_block aci_working_hours aci_general !my_ip #skype deny http_access deny numeric_IPS aci_working_hours http_access deny Skype_UA aci_working_hours http_access deny !validUserAgent aci_working_hours #Error Directory by Ykhan error_directory /usr/share/squid/errors/en-us/ #------------------------TheEnd---------------------- http_access allow aci_lan http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all icp_access allow localnet icp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT hosts_file /etc/hosts coredump_dir /var/spool/squid ##ykhan squid redirection to squidguard #redirect_program /usr/bin/squidGuard #url_rewrite_program /usr/bin/squidGuard #url_rewrite_children 5 On Mon, Apr 23, 2012 at 8:42 PM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > On 23/04/2012 18:38, Muhammad Yousuf Khan wrote: >> >> well i have been experiencing slow Internet browsing. not very slow >> but comparatively slower then IPCOP firewall. i can not understand how >> come i diagnose the issue. >> i mean. i increase the RAM , i checked the DNS every thing is fine but >> my browser stuck at "connecting" ones it start download it do it fast >> but then stop for something then start. i am not getting the clear >> picture. can anyone help >> >> i am suing debian 6.0.4 with 2.7 stable squid. >> >> Thanks, >> >> MYK > > what is your exact problem? slow downloads? > what is your squid setup?transparent ?regular forward proxy? > what browser are you using? > do you have some squid logs? or squid.conf? > what dns server are you using? > > Regards, > Eliezer > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il
