關于squid,我就不多說了,想必大家都對它很了解,以下是我負責維護的一台squid server 的配置:
vi /etc/squid/squid.conf
#配置為透明模式
http_port 192.168.1.10:8080 transparent
cache_mem 128 MB
cache_dir ufs /var/spool/squid 4096 16 256
cache_effective_user squid
cache_effective_group squid
dns_nameservers 202.96.209.133 202.96.209.6
error_directory /etc/squid/errors/Simplify_Chinese
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
visible_hostname 192.168.1.10
cache_mgr [email protected]
client_db on
coredump_dir /var/spool/squid
acl yoursite urlpath_regex www\.andy\.com
no_cache deny yoursite
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl QUERY urlpath_regex -i cgi-bin \? \.asp$ \.php$ \.jsp$ \.cgi$
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#no cache
acl andy.com dstdomain "/etc/squid/conf/no_cache"
no_cache deny andy.com
#down
acl down urlpath_regex -i \.rmvb$ \.rm$ \.bt$ \.wmv$ \.wma$ \.avi$ \.exe$ \.pmp$ \.torrent$ \.mp4$ \.iso$ \.msi$ \.mp3$ \.rar
$ \.zip$ \.asx$ \.flv$
#video
acl video_web dstdomain "/etc/squid/conf/deny_web"
#worktime
acl worktime time MTWHFA 8:30-11:30
#worktime2
acl worktime2 time MTWHFA 12:30-17:30
#taobao
acl taobao_web dstdomain .taobao.com .paipai.com .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com
acl taobao time MTWHFA 8:30-11:30
http_access deny taobao taobao_web
acl taobao_web2 dstdomain .taobao.com .paipai.com .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com
acl taobao2 time MTWHFA 12:30-17:30
http_access deny taobao2 taobao_web2
# localhost
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
#down_ip
acl down_ip src "/etc/squid/conf/allow_ip"
#maxconn
acl connip src 192.168.1.0/255.255.255.0
acl conn maxconn 50
#safe
acl SSL_ports port 443 563 8000
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 25 110
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#allow_ip
http_access allow down_ip
#deny_ip
#http_access deny deny_ip
#http_access
http_access deny down worktime
http_access deny connip conn
http_access deny video_web worktime
http_access deny video_web worktime2
http_access allow !safe_ports
http_access deny CONNECT !SSL_ports
#localhost
http_access allow localhost
acl all src 0.0.0.0/0.0.0.0
http_access deny all
ident_lookup_access allow yoursite QUERY denyssl s520.cc down video_web worktime worktime2 test_ip taobao_web taobao taobao_w
eb2 taobao2 localhost to_localhost down_ip connip conn deny_ip SSL_ports Safe_ports CONNECT all