-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsquid.conf
97 lines (76 loc) · 4.19 KB
/
squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
visible_hostname squid
shutdown_lifetime 1 second
log_uses_indirect_client on
coredump_dir /var/spool/squid
cache_effective_user proxy
cache_effective_group proxy
cache_mem 500 MB
cache_dir ufs /var/spool/squid 10000 32 512
cache_store_log daemon:/var/log/squid/store.log
cache_replacement_policy heap LFUDA
maximum_object_size 320 MB
strip_query_terms on
log_mime_hdrs off
pinger_enable off
query_icmp on
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 intercept
https_port 0.0.0.0:3130 intercept ssl-bump cert=/etc/squid/ssl/squid.crt key=/etc/squid/ssl/squid.key generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
sslcrtd_program /usr/local/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 16MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all
# applications registries
refresh_pattern -i registry.npmjs.org.+\.(zip|gz)$ 129600 100% 129600 ignore-auth ignore-private ignore-no-cache ignore-no-store ignore-reload override-expire
refresh_pattern -i pypi.python.org.+\.(zip|gz|whl)$ 129600 100% 129600 ignore-auth ignore-private ignore-no-cache ignore-no-store ignore-reload override-expire
# common services
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
# Common binaries
refresh_pattern -i \.(deb|rpm|exe)$ 129600 90% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern -i \.(zip|tar|gz|rar)$ 129600 90% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
# Common binaries
refresh_pattern -i \.(deb|rpm|exe)$ 129600 90% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern -i \.(zip|tar|gz|rar)$ 129600 90% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
# Debian based
refresh_pattern Packages\.(bz2|gz)$ 129600 20% 129600
refresh_pattern Sources\.(bz2|gz)$ 129600 20% 129600
refresh_pattern Release\.gpg$ 129600 90% 129600
refresh_pattern Release$ 129600 90% 129600
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
# windows update
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
# images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern . 0 20% 4320
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rync
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5938 # teamviewer
acl Safe_ports port 6000 # skype
acl purge method PURGE
acl CONNECT method CONNECT
acl localnet src 192.168.0.0/16
http_access allow manager localhost localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all