/etc/squid/squid.conf
visible_hostname
pcloud
acl ip1 myip
10.1.0.1
acl ip2 myip
192.168.10.210
tcp_outgoing_address
192.168.10.210 ip1
tcp_outgoing_address
192.168.10.210 ip2
#
# Recommended
minimum configuration:
#
# Example rule
allowing access from your local networks.
# Adapt to list your
(internal) IP networks from where browsing
# should be allowed
acl localnet src
10.0.0.0/8 # RFC1918 possible internal network
acl localnet src
172.16.0.0/12 # RFC1918 possible internal network
acl localnet src
192.168.0.0/16 # RFC1918 possible internal network
acl localnet src
fc00::/7 # RFC 4193 local private network
range
acl localnet src
fe80::/10 # RFC 4291 link-local (directly
plugged) machines
acl SSL_ports port
443
acl Safe_ports port
80 # http
acl Safe_ports port
21 # ftp
acl Safe_ports port
443 # https
acl Safe_ports port
70 # gopher
acl Safe_ports port
210 # wais
acl Safe_ports port
1025-65535 # unregistered ports
acl Safe_ports port
280 # http-mgmt
acl Safe_ports port
488 # gss-http
acl Safe_ports port
591 # filemaker
acl Safe_ports port
777 # multiling http
acl CONNECT method
CONNECT
#
# Recommended
minimum Access Permission configuration:
#
# Deny requests to
certain unsafe ports
http_access deny
!Safe_ports
# Deny CONNECT to
other than secure SSL ports
http_access deny
CONNECT !SSL_ports
http_access allow
CONNECT
# Only allow
cachemgr access from localhost
http_access allow
localhost manager
http_access deny
manager
# We strongly
recommend the following be uncommented to protect
innocent
# web applications
running on the proxy server who think the only
# one who can access
services on "localhost" is a local user
#http_access deny
to_localhost
#
# INSERT YOUR OWN
RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule
allowing access from your local networks.
# Adapt localnet in
the ACL section to list your (internal) IP
networks
# from where
browsing should be allowed
http_access allow
localnet
http_access allow
localhost
# And finally deny
all other access to this proxy
http_access deny all
# Squid normally
listens to port 3128
http_port 3128
# Uncomment and
adjust the following to add a disk cache
directory.
#cache_dir ufs
/var/cache/squid 100 16 256
# Leave coredumps in
the first cache dir
#coredump_dir
/var/cache/squid
#
# Add any of your
own refresh_pattern entries above these.
#
#
http_port 3126
#http_port 3128
#######################################
#cache_swap_low 90
#cache_swap_high 95
############################
cache_effective_user
squid
cache_effective_group
squid
memory_replacement_policy
lru
cache_replacement_policy
heap LFUDA
########################
maximum_object_size
10000 MB
#cache_mem 5000 MB
maximum_object_size_in_memory
10 MB
#########################
logfile_rotate 2
max_filedescriptors
131072
###############################
############
cache_dir aufs
/var/cache/squid 600000 64 128
#######################################
https_port 3129
intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/ssl_cert/myca.pem
key=/usr/local/squid/ssl_cert/myca.pem
ssl_bump
server-first all
sslcrtd_program
/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children
1000 startup=1 idle=1
###
minimum_object_size
0 bytes
#refresh patterns
for caching static files
refresh_pattern
^ftp: 1440 20% 10080
refresh_pattern
^gopher: 1440 0% 1440
refresh_pattern -i
.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
override-expire ignore-no-cache ignore-no-store
ignore-private
refresh_pattern -i
.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200
90% 432000 override-expire ignore-no-cache
ignore-no-store ignore-private
refresh_pattern -i
.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$
10080 90% 43200 override-expire ignore-no-cache
ignore-no-store ignore-private
refresh_pattern -i
.index.(html|htm)$ 0 40% 10080
refresh_pattern -i
.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0
40% 40320
any Joy Guys ?
should i update
squid ? or downgrade squid ?
kind regards
