Nuhll, Just use the following config and point your clients to port 8080 on the squid ip. The ONLY thing you really should change with this configuration is the IP addresses, the hostname or add file extensions to the refresh_patterns. It should work! # #Recommended minimum configuration: # always_direct allow all # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 # RFC1918 possible internal network acl Safe_ports port 1-65535 # RFC1918 possible internal network acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network #acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range acl noscan dstdomain .symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com # RFC 4291 link-local (directly plugged) machines acl video urlpath_regex -i \.(m2a|avi|mov|mp(e?g|a|e|1|2|3|4)|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg |ogm|asf|asx|wmvm3u8|flv|ts) # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost no_cache deny noscan always_direct allow noscan always_direct allow video # Deny requests to certain unsafe ports # Deny CONNECT to other than secure SSL ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on .localhost. is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # #cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange #never_direct allow all # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow all # allow localhost always proxy functionality # And finally deny all other access to this proxy # Squid normally listens to port 3128 http_port 192.168.2.2:8080 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. maximum_object_size 5000 MB #store_dir_select_algorithm round-robin cache_dir aufs /daten/squid 100000 16 256 # Leave coredumps in the first cache dir coredump_dir /var/cache/squid # Add any of your own refresh_pattern entries above these. # General Rules refresh_pattern -i \.(jpg|gif|png|webp|jpeg|ico|bmp|tiff|bif|ver|pict|pixel|bs)$ 220000 90% 300000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims refresh_pattern -i \.(js|css|class|swf|wav|dat|zsci|do|ver|advcs|woff|eps|ttf|svg|svgz|ps|acsm| wma)$ 220000 90% 300000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims refresh_pattern -i \.(html|htm|crl)$ 220000 90% 259200 override-expire ignore-no-store ignore-private ignore-auth refresh-ims refresh_pattern -i \.(xml|flow)$ 0 90% 100000 refresh_pattern -i \.(json)$ 1440 90% 5760 refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0% 0 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200 refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200 refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200 refresh_pattern -i \.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|msi|dl l|hz|cab|psf|vidt|apk|wtex|hz|ipsw)$ 220000 90% 500000 override-expire ignore-no-store ignore-private ignore-auth refresh-ims refresh_pattern -i \.(ppt|pptx|doc|docx|pdf|xls|xlsx|csv|txt)$ 220000 90% 259200 override-expire ignore-no-store ignore-private ignore-auth refresh-ims refresh_pattern -i ^ftp: 66000 90% 259200 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern -i . 0 90% 259200 log_icp_queries off icp_port 0 htcp_port 0 snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all minimum_object_size 0 KB buffered_logs on cache_effective_user squid #header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9 vary_ignore_expire on cache_swap_low 90 cache_swap_high 95 visible_hostname shadow unique_hostname shadow-DHS shutdown_lifetime 0 second request_header_max_size 256 KB half_closed_clients off max_filedesc 65535 connect_timeout 10 second cache_effective_group squid #access_log /var/log/squid/access.log squid access_log daemon:/var/log/squid/access.log buffer-size=1MB client_db off dns_nameservers 127.0.0.1 #pipeline_prefetch 20 ipcache_size 8192 fqdncache_size 8192 #positive_dns_ttl 72 hours #negative_dns_ttl 5 minutes tcp_outgoing_address 192.168.2.2 dns_v4_first on check_hostnames off forwarded_for delete via off pinger_enable off cache_mem 2048 MB maximum_object_size_in_memory 256 KB memory_cache_mode disk cache_store_log none read_ahead_gap 50 MB reload_into_ims on -----Original Message----- From: nuhll [mailto:nuhll@xxxxxx] Sent: Wednesday, August 20, 2014 12:08 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: server failover/backup I give up. Squid sucks so hard. New and easier idea: accel the sites i want to cache. But how? Information about this is crazy much http://wiki.squid-cache.org/SquidFaq/ReverseProxy But how to cache? # #Recommended minimum configuration: # debug_options ALL,1 33,2 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 # RFC1918 possible internal network #acl Safe_ports port 1-65535 # RFC1918 possible internal network #acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network #acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network range #acl noscan dstdomain .symantecliveupdate.com liveupdate.symantec.com psi3.secunia.com update.immunet.com # RFC 4291 link-local (directly plugged) machines #acl video urlpath_regex -i \.(m2a|avi|mov|mp(e?g|a|e|1|2|3|4)|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg |ogm|asf|asx|wmvm3u8|flv|ts) # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost #no_cache deny noscan #always_direct allow noscan #always_direct allow video # Deny requests to certain unsafe ports # Deny CONNECT to other than secure SSL ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on .localhost. is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # #cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest #no-netdb-exchange #never_direct allow all # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow all # allow localhost always proxy functionality # And finally deny all other access to this proxy http_port 192.168.0.8:80 accel defaultsite=windowsupdate.com cache_peer windowsupdate.com parent 80 0 no-query originserver http_port 192.168.0.8:80 accel defaultsite=microsoft.com cache_peer microsoft.com parent 80 0 no-query originserver http_port 192.168.0.8:80 accel defaultsite=windows.com cache_peer windows.com parent 80 0 no-query originserver # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. maximum_object_size 5000 MB #store_dir_select_algorithm round-robin cache_dir aufs /daten/squid 100000 16 256 # Leave coredumps in the first cache dir coredump_dir /daten/squid #windows update refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 202974 80% 262974 refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 202974 80% 262974 refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 202974 80% 262974 log_icp_queries off icp_port 0 htcp_port 0 snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all minimum_object_size 0 KB buffered_logs on cache_effective_user proxy #header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9 vary_ignore_expire on cache_swap_low 90 cache_swap_high 95 #visible_hostname shadow #unique_hostname shadow-DHS shutdown_lifetime 0 second request_header_max_size 256 KB half_closed_clients off max_filedesc 65535 connect_timeout 10 second cache_effective_group proxy #access_log /var/log/squid/access.log squid #access_log daemon:/var/log/squid3/access.test.log squid client_db off #dns_nameservers 192.168.0.10 ipcache_size 1024 fqdncache_size 1024 positive_dns_ttl 24 hours negative_dns_ttl 5 minutes #itcp_outgoing_address 192.168.2.2 dns_v4_first on check_hostnames off forwarded_for delete via off #pinger_enable off #memory_replacement_policy heap LFUDA #cache_replacement_policy heap LFUDA cache_mem 2048 MB maximum_object_size_in_memory 512 KB #memory_cache_mode disk cache_store_log none read_ahead_gap 50 MB pipeline_prefetch on reload_into_ims on #quick_abort_min -1 KB Does not cache any windows updates. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ONLY-Cache-certain-Websit es-tp4667121p4667289.html Sent from the Squid - Users mailing list archive at Nabble.com.
