squid 经典配置




关于squid,我就不多说了,想必大家都对它很了解,以下是我负责维护的一台squid  server 的配置:

vi /etc/squid/squid.conf

#配置为透明模式
http_port 192.168.1.10:8080 transparent
cache_mem 128 MB
cache_dir ufs /var/spool/squid 4096 16 256
cache_effective_user squid
cache_effective_group squid
dns_nameservers 202.96.209.133 202.96.209.6
error_directory /etc/squid/errors/Simplify_Chinese
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
visible_hostname 192.168.1.10
cache_mgr [email protected]
client_db on

coredump_dir /var/spool/squid

acl yoursite urlpath_regex www\.andy\.com 
no_cache deny yoursite

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl QUERY urlpath_regex -i cgi-bin \? \.asp$ \.php$ \.jsp$ \.cgi$
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl

#no cache
acl andy.com dstdomain "/etc/squid/conf/no_cache"
no_cache deny andy.com


#down
acl down urlpath_regex -i \.rmvb$ \.rm$ \.bt$ \.wmv$ \.wma$ \.avi$ \.exe$ \.pmp$ \.torrent$ \.mp4$ \.iso$ \.msi$ \.mp3$ \.rar
$ \.zip$ \.asx$ \.flv$

#video
acl video_web dstdomain "/etc/squid/conf/deny_web"

#worktime
acl worktime time MTWHFA 8:30-11:30

#worktime2
acl worktime2 time MTWHFA 12:30-17:30


#taobao
acl taobao_web dstdomain .taobao.com .paipai.com  .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com
acl taobao time MTWHFA 8:30-11:30
http_access deny taobao taobao_web

acl taobao_web2 dstdomain .taobao.com .paipai.com  .qzone.qq.com .xunlei.com .tudou.com .kuaiche.com
acl taobao2 time MTWHFA 12:30-17:30
http_access deny taobao2 taobao_web2

# localhost
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

#down_ip
acl down_ip src "/etc/squid/conf/allow_ip"

#maxconn
acl connip src 192.168.1.0/255.255.255.0
acl conn maxconn 50

#safe
acl SSL_ports port 443 563 8000
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 25 110
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#allow_ip
http_access allow down_ip

#deny_ip
#http_access deny deny_ip

#http_access
http_access deny down worktime
http_access deny connip conn
http_access deny video_web worktime
http_access deny video_web worktime2
http_access allow !safe_ports

http_access deny CONNECT !SSL_ports

#localhost
http_access allow localhost
acl all src 0.0.0.0/0.0.0.0
http_access deny all
ident_lookup_access allow yoursite QUERY denyssl s520.cc down video_web worktime worktime2 test_ip taobao_web taobao taobao_w
eb2 taobao2 localhost to_localhost down_ip connip conn deny_ip SSL_ports Safe_ports CONNECT all









你可能感兴趣的:(配置,职场,经典,squid,休闲)