Tuesday, March 31, 2015

Squid 3 Basic configuration

This is just an update from my old Squid installation tutorial. Below is some minor changes on the configuration. Tested on Ubuntu 14.04 using Squid 3.3.8


visible_hostname verZionSQD3
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
#Recommended minimum configuration:
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 5242        # for Viber
acl Safe_ports port 4244        # for Viber
acl Safe_ports port 5243        # for Viber
acl Safe_ports port 9785        # for Viber
acl CONNECT method CONNECT

#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost


http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid

cache_dir ufs /var/spool/squid3 3000 16 256

#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache deny SSL_ports

#Suggested default:
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3


# not to be cached sites place here
acl websitesNC dstdomain www.bir.gov.ph
acl websitesNC dstdomain www.sss.gov.ph
always_direct allow websitesNC

########## Block List ###############
#block sample
acl blocked01 dstdomain www.yahoo.com
acl blocked01 dstdomain www.friendster.com
http_access deny blocked01

###############
# blacklisted #
###############
acl macblock  arp 00:1b:b1:5b:f9:17
http_access deny macblock


##### users with restrictions set #######

#Allow your subnet
acl PChosts src 192.168.1.0/24
http_access allow PChosts

#allow all subnet
#http_access allow all


Enjoy!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)