squid.conf
http_port 8081 #http_port 10.1.1.5:8082 pid_filename /var/run/squid3-2.pid cache_mgr [email protected] visible_hostname NETLITEPROXY #dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.123 208.67.220.123 dns_nameservers 10.5.1.5 dns_timeout 1 minutes positive_dns_ttl 1 hours negative_dns_ttl 10 minutes fqdncache_size 51200 ipcache_size 51200 #pipeline_prefetch on cache_dir aufs /var/lib/vz/squid/cache/squid3-2/aufs-small 1024 16 256 max-size=32768 cache_dir aufs /var/lib/vz/squid/cache/squid3-2/aufs-large 4096 16 256 cache_mem 2048 MB minimum_object_size 0 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF memory_pools on maximum_object_size 128 MB minimum_object_size 0 KB maximum_object_size_in_memory 512 KB ie_refresh on cache_access_log /var/log/squid3/access-2.log #cache_access_log /dev/null #cache_log /var/log/squid3/cache-2.log cache_log /dev/null #cache_store_log /var/log/squid3/store-2.log cache_store_log /dev/null logfile_rotate 0 log_mime_hdrs off log_icp_queries off buffered_logs on redirect_rewrites_host_header off acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl SSL_ports port 8080 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports debug_options ALL,1 client_lifetime 12 hour half_closed_clients off pconn_timeout 5 minutes request_timeout 5 minutes connect_timeout 30 seconds authenticate_ttl 15 minutes authenticate_ip_ttl 15 minutes max_open_disk_fds 32768 acl java_jvm browser Java/1. J/SSL #acl localhost src 127.0.0.1/32 #acl reti_abilitate src 127.0.0.1/32 acl reti_abilitate src 10.5.1.0/24 acl netlite src 212.29.137.82/32 #netlite office acl netlite src 87.248.52.82/32 #netlite office acl no_cache_siti dstdomain "/etc/squid3/no-cache-siti.txt" acl siti_pubblici dstdomain "/etc/squid3/siti-pubblici.txt" acl lan-allowed-ip src "/etc/squid3/good-lan-ip.txt" http_access allow lan-allowed-ip # MAC Utenti Bovolone acl MAC arp "/etc/squid3/mac.txt" acl emerge browser Wget http_access allow emerge always_direct allow emerge acl aptupdate browser APT-HTTP http_access allow aptupdate always_direct allow aptupdate http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny connect !SSL_ports http_access allow netlite http_access deny !reti_abilitate http_access allow siti_pubblici http_access allow java_jvm no_cache deny no_cache_siti always_direct allow no_cache_siti #request_header_access Allow allow all #request_header_access Authorization allow all #request_header_access WWW-Authenticate allow all #request_header_access Proxy-Authorization allow all #request_header_access Proxy-Authenticate allow all #request_header_access Cache-Control allow all #request_header_access Content-Encoding allow all #request_header_access Content-Length allow all #request_header_access Content-Type allow all #request_header_access Date allow all #request_header_access Expires allow all #request_header_access Host allow all #request_header_access If-Modified-Since allow all #request_header_access Last-Modified allow all #request_header_access Location allow all #request_header_access Pragma allow all #request_header_access Accept allow all #request_header_access Accept-Charset allow all #request_header_access Accept-Encoding allow all #request_header_access Accept-Language allow all #request_header_access Content-Language allow all #request_header_access Mime-Version allow all #request_header_access Retry-After allow all #request_header_access Title allow all #request_header_access Connection allow all #request_header_access Proxy-Connection allow all #request_header_access User-Agent allow all #request_header_access From allow all #request_header_access Referer allow all #request_header_access Cookie allow all #request_header_access All deny all request_header_access All allow all follow_x_forwarded_for deny all forwarded_for delete via off forwarded_for off http_reply_access allow all icp_access allow all coredump_dir /var/cache balance_on_multiple_ip off #http_access deny !MAC # utilizzati per ftp anonimo ftp_user [email protected] ftp_passive on acl ftp proto FTP acl ftp_port port 21 http_access allow ftp_port CONNECT ftp_epsv off #dns_v4_first on http_access allow all
andrea