For a 3.1 accelerator we have put the followinconfig together. This accelerator will not be doing any caching since we use an external service. Initially both http and https will be provided. Some questions: I think the ordering of statements and acls is correct, but was hoping to get some feedback if possible. Also, since we want to turn caching off completely I was wondering if some of the statements are unnecessary. Any feedback or recommendations on the overall config would be appreciated. ----------------------------------- visible_hostname squid.example.com http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost http_port 192.168.100.2:80 accel defaultsite=dev.example.com vhost http_port 192.168.100.4:80 accel defaultsite=test1.example.com vhost https_port 192.168.100.1:443 accel defaultsite=www.example.com vhost cert=/path/cert.pem key=/path/key.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE cipher=[cipher-list] dhparams=/path/dhparams.pem https_port 192.168.100.2:443 accel defaultsite=dev.example.com vhost cert=/path/cert.pem key=/path/key.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE cipher=[cipher-list] dhparams=/path/dhparams.pem https_port 192.168.100.4:443 accel defaultsite=test1.example.com vhost cert=/path/cert.pem key=/path/key.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE cipher=[cipher-list] dhparams=/path/dhparams.pem # Backend servers for www acl www dstdomain www.example.com cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver round-robin cache_peer_access 10.10.10.1 allow www cache_peer_access 10.10.10.1 deny all cache_peer 10.10.10.2 parent 80 0 no-query no-digest originserver round-robin cache_peer_access 10.10.10.2 allow www cache_peer_access 10.10.10.2 deny all # Backend server for dev acl dev dstdomain dev.example.com cache_peer 10.10.10.3 parent 80 0 no-query no-digest originserver round-robin cache_peer_access 10.10.10.3 allow dev cache_peer_access 10.10.10.3 deny all # Debug #debug_options All,1 cache_effective_user squid cache_effective_group squid cache deny all cache_log /var/log/squid/cache.log buffered_logs on cache_store_log none strip_query_terms off emulate_httpd_log on logformat custom %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" "%{Host}>h" "%tr" %Ss:%Sh access_log /var/log/squid/access.log custom acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 acl Safe_ports port 443 acl SSL_ports port 443 acl internal src 10.10.10.0/24 acl CONNECT method CONNECT acl test1_dst dstdomain test1.example.com acl test1-refer referer_regex -i [^:]+://[^/]+/test1/ acl test1 url_regex -i [^:]+://test1.example.com deny_info TCP_RESET test1 http_access deny !Safe_ports #http_access deny CONNECT !SSL_ports http_access deny CONNECT http_access allow manager localhost http_access deny manager http_access deny internal http_access deny to_localhost http_access allow localhost http_access allow www http_access allow dev http_access allow test-refer #http_access deny test1 http_access deny all url_rewrite_program /usr/local/bin/red_http url_rewrite_children 5 cachemgr_passwd none info cachemgr_passwd disable all cache_mgr user@xxxxxxxxxx allow_underscore off httpd_suppress_version_string on log_mime_hdrs on client_db off log_icp_queries off cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF ##cache_mem 1000 MB ##cache_dir diskd /var/spool/squid 5000 16 256 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users