Search squid archive

Re: anyOne who has working ssl_bump configuration for facebook ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks all for giving time at my post 

Here is my squid conf. 

acl snmppublic snmp_community public
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl zainnet src 192.168.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 1935          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

http_access deny noway
http_access allow manager localhost
http_access allow bamboe
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
htcp_access deny all
miss_access allow all


http_port 3129
http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5



#  MEMORY CACHE OPTIONS
cache_mem 1024 MB
maximum_object_size_in_memory 16 KB

# DISK CACHE OPTIONS
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 160000 64 256
store_dir_select_algorithm least-load
minimum_object_size 16 KB
maximum_object_size 512 MB
cache_swap_low 97
cache_swap_high 99

#LOGFILE OPTIONS
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
cache_swap_log /etc/squid/swap/swap.state
logfile_rotate 5
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off

#OPTIONS FOR TUNING THE CACHE
refresh_pattern -i \.swf$ 20160 80% 20160  override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.gif$ 20160 80% 20160  override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.jpg$ 20160 80% 20160  override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache  ignore-private ignore-auth
refresh_pattern -i \.jpeg$ 20160 80% 20160  override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache  ignore-private  ignore-auth
refresh_pattern -i \.exe$ 20160 80% 20160  override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache  ignore-private  ignore-auth

# 1 year = 525600 mins, 1 month = 20160 mins, 1 day = 1440
refresh_pattern
^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).*
20160 20% 20160 ignore-no-cache  ignore-private override-expire
ignore-reload ignore-auth
refresh_pattern ^.*safebrowsing.*google                                
20160 80% 20160 override-expire ignore-reload ignore-no-cache ignore-private
ignore-auth
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)   
20160 80% 20160 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg                                      
20160 80% 20160 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)                   
20160 80% 20160 override-expire ignore-reload
refresh_pattern garena\.com                                            
20160 80% 20160 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)         
20160 80% 20160 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?                    
20160 80% 20160 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)   
20160 80% 20160 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.                    
20160 80% 20160 reload-into-ims ignore-no-cache  ignore-reload
override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/                         
20160 80% 20160 reload-into-ims ignore-no-cache  ignore-reload
override-expire
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9])       
20160 80% 20160 override-expire ignore-reload ignore-no-cache 
ignore-private ignore-auth override-lastmod
#images facebook
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif)                     
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)       
20160 80% 20160 ignore-reload override-expire ignore-no-cache

#All File
refresh_pattern -i
\.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)       20160
80% 20160 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar)  20160
80% 20160 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll)         20160
80% 20160 ignore-no-cache   override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob)
20160 80% 20160 ignore-no-cache   override-expire override-lastmod
reload-into-ims
refresh_pattern -i
\.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv)
20160 80% 20160 ignore-no-cache   override-expire override-lastmod
reload-into-ims
refresh_pattern ^ftp:           1440    90%     201600  override-lastmod
reload-into-ims
refresh_pattern ^gopher:        1440    0%      1440    override-lastmod
reload-into-ims
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       80%     20160   override-lastmod
reload-into-ims

#SNMP OPTIONS
snmp_port 3401
snmp_access allow snmppublic zainnet
snmp_access deny all

#another optimizing
memory_pools off
client_db off
coredump_dir /cache
reload_into_ims on
balance_on_multiple_ip on
vary_ignore_expire on
pipeline_prefetch on
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
shutdown_lifetime 10 seconds
half_closed_clients off
cache_effective_user squid
cache_effective_group squid
dns_nameservers 192.168.7.1 8.8.8.8 8.8.4.4
ipcache_size 2048
ipcache_low 90
ipcache_high 95




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/anyOne-who-has-working-ssl-bump-configuration-for-facebook-tp4663452p4663458.html
Sent from the Squid - Users mailing list archive at Nabble.com.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux