1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273
| append_domain .mondomaine.INT
visible_hostname = squid
emulate_httpd_log on
http_port 3128
icp_port 1
#https_port 0.0.0.0:3128 cert=/etc/gadminsquid/certificate.pem
#visible_hostname host.example.org
httpd_suppress_version_string off
client_netmask 255.255.255.0
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
log_ip_on_direct on
debug_options ALL,1 20,9
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
dns_defnames off
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 0 seconds
#wais_relay_port 0
request_header_max_size 20 KB
request_body_max_size 0 KB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute
range_offset_limit 0 KB
collapsed_forwarding off
refresh_stale_hit 0 seconds
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 9 second
shutdown_lifetime 30 seconds
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
reply_header_max_size 20 KB
cache_mgr root
mail_from <a href="mailto:squid@example.org">squid@example.org</a>
mail_program mail
cache_effective_user squid
#cache_effective_group squid
cache_effective_group root
umask 027
announce_period 0 hour
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_no_pmtu_disc off
logfile_rotate 0
memory_pools on
memory_pools_limit 5 MB
via on
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
icon_directory /usr/share/squid/icons
global_internal_static on
short_icon_urls off
error_directory /usr/share/squid/errors/English
maximum_single_addr_tries 1
retry_on_error off
snmp_port 0
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000
wccp_address 0.0.0.0
wccp2_address 0.0.0.0
#incoming_icp_average 6
#incoming_http_average 4
#incoming_dns_average 4
#min_icp_poll_cnt 8
#min_dns_poll_cnt 8
#min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir none
coredump_dir /var/spool/squid
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
persistent_connection_after_error off
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
minimum_expiry_time 60 seconds
relaxed_header_parser on
max_filedesc 1024
cache_vary on
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic realm Squid proxy-caching web server
#auth_param basic casesensitive off
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic credentialsttl 2 hours
auth_param basic realm Squid mezzocc
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param ntlm children 5
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=MEZZOCC.INT\\mezzocc
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=MEZZOCC.INT\\mezzocc
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.0.0/24 192.168.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl manager proto cache_object
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apacheauth_param basic program
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl localnetwork src 172.29.0.0/255.255.255.0
acl mezzocc src 172.30.0.0/255.255.0.0
acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_access allow localhost
http_reply_access allow all
broken_vary_encoding allow apache
icp_access allow all
miss_access allow all
reply_body_max_size 0 allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
follow_x_forwarded_for deny all
ident_lookup_access allow all localhost mezzocc
cache deny QUERY
http_access allow localnetwork
http_access deny all
snmp_access deny all
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#dns_nameservers 172.29.10.40 10.0.0.2
#mcast_groups 239.128.16.128 224.0.1.20
#mime_table /etc/squid/mime.conf
#ssl_unclean_shutdown off
#ssl_engine none
#sslproxy_client_certificate none
#sslproxy_client_key none
#sslproxy_version 1
#sslproxy_options none
#sslproxy_cipher none
#sslproxy_cafile none
#sslproxy_capath none
#sslproxy_flags none
#sslpassword_program none
delay_pools 0
#delay_pools 2 # 2 delay pools
#delay_class 1 2 # pool 1 is a class 2 pool
#delay_class 2 3 # pool 2 is a class 3 pool
#delay_access 1 allow some_big_clients
#delay_access 2 allow lotsa_little_clients
#delay_access 1 deny all
#delay_access 2 deny all
#delay_parameters pool aggregate
#delay_parameters pool aggregate individual
#delay_parameters pool aggregate network individual
#delay_parameters 1 -1/-1 8000/8000
#delay_parameters 2 32000/32000 8000/8000 600/8000
#delay_initial_bucket_level 50
#cache_peer parent.foo.net parent 3128 3130 proxy-only
#cache_peer sib1.foo.net sibling 3128 3130 proxy-only
#cache_peer sib2.foo.net multicast 3128 3130 proxy-only
#cache_peer_domain parent.foo.net .net
#cache_peer_domain parent.bar.net !hello.org
#cache_peer parent cache.foo.org 3128 3130
#neighbor_type_domain cache.foo.org sibling .com .net
#neighbor_type_domain cache.foo.org sibling .au .de
deny_info err_access_denied localnetwork
deny_info err_access_denied mezzocc
never_direct allow
#redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard |
Partager