squid 經典配置

關于squid,我就不多說了,想必大家都對它很了解,以下是我負責維護的一台squid  server 的配置:

vi /etc/squid/squid.conf

#配置為透明模式

http_port 192.168.1.10:8080 transparent

cache_mem 128 MB

cache_dir ufs /var/spool/squid 4096 16 256

cache_effective_user squid

cache_effective_group squid

dns_nameservers 202.96.209.133 202.96.209.6

error_directory /etc/squid/errors/Simplify_Chinese

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

visible_hostname 192.168.1.10

cache_mgr [email protected]

client_db on

coredump_dir /var/spool/squid

acl yoursite urlpath_regex www\.andy\.com 

no_cache deny yoursite

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               0       20%     4320

acl QUERY urlpath_regex -i cgi-bin \? \.asp$ \.php$ \.jsp$ \.cgi$

acl denyssl urlpath_regex -i ^https:\\

no_cache deny QUERY

no_cache deny denyssl

#no cache

acl andy.com dstdomain "/etc/squid/conf/no_cache"

no_cache deny andy.com

#down

acl down urlpath_regex -i \.rmvb$ \.rm$ \.bt$ \.wmv$ \.wma$ \.avi$ \.exe$ \.pmp$ \.torrent$ \.mp4$ \.iso$ \.msi$ \.mp3$ \.rar

$ \.zip$ \.asx$ \.flv$

#video

acl video_web dstdomain "/etc/squid/conf/deny_web"

#worktime

acl worktime time MTWHFA 8:30-11:30

#worktime2

acl worktime2 time MTWHFA 12:30-17:30

#taobao

acl taobao_web dstdomain .taobao.com .paipai.com  .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com

acl taobao time MTWHFA 8:30-11:30

http_access deny taobao taobao_web

acl taobao_web2 dstdomain .taobao.com .paipai.com  .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com

acl taobao2 time MTWHFA 12:30-17:30

http_access deny taobao2 taobao_web2

# localhost

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

#down_ip

acl down_ip src "/etc/squid/conf/allow_ip"

#maxconn

acl connip src 192.168.1.0/255.255.255.0

acl conn maxconn 50

#safe

acl SSL_ports port 443 563 8000

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 25 110

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

#allow_ip

http_access allow down_ip

#deny_ip

#http_access deny deny_ip

#http_access

http_access deny down worktime

http_access deny connip conn

http_access deny video_web worktime

http_access deny video_web worktime2

http_access allow !safe_ports

http_access deny CONNECT !SSL_ports

#localhost

http_access allow localhost

acl all src 0.0.0.0/0.0.0.0

http_access deny all

ident_lookup_access allow yoursite QUERY denyssl s520.cc down video_web worktime worktime2 test_ip taobao_web taobao taobao_w

eb2 taobao2 localhost to_localhost down_ip connip conn deny_ip SSL_ports Safe_ports CONNECT all