# $Id$ visible_hostname example.org http_port 80 icp_port 0 #htcp_port 0 # disable usual block on cgi-bin and ? in URL, to avoid web robots # adding ? to requests to bypass the proxy. Little cgi-bin and ? use on # my site, so not a problem for me... # #hierarchy_stoplist cgi-bin ? #acl QUERY urlpath_regex cgi-bin \? #no_cache deny QUERY cache_mem 256 MB # cache_swap_low 90 # cache_swap_high 95 maximum_object_size 1024 KB # minimum_object_size 0 KB maximum_object_size_in_memory 64 KB cache_replacement_policy lru memory_replacement_policy lru cache_dir ufs /var/squid/cache 5000 16 256 logfile_rotate 3 #cache_access_log none cache_log none cache_store_log none cache_access_log /var/log/squid/access_log #cache_log /var/log/squid/cache_log #cache_store_log /var/log/squid/store_log # emulate_httpd_log off # log_ip_on_direct on # log_mime_hdrs off log_fqdn off ftp_user nobody@example.org # ftp_sanitycheck on # use local caching name server, avoid /etc/hosts dns_nameservers 127.0.0.1 hosts_file none redirect_rewrites_host_header off # TODO needed?? auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours request_header_max_size 16 KB # request_body_max_size 0 KB refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 negative_ttl 1 minutes negative_dns_ttl 1 minutes # connect_timeout 1 minutes # peer_connect_timeout 30 seconds # read_timeout 10 minutes # request_timeout 5 minutes # persistent_request_timeout 2 minute # half_closed_clients on ident_timeout 1 seconds shutdown_lifetime 17 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports #http_access deny to_localhost acl okdomains dstdomain neamh.example.org http_access deny !to_localhost http_access allow all # And finally deny all other access to this proxy #http_access deny all http_reply_access allow all icp_access deny all miss_access allow all ident_lookup_access deny all cache_mgr webmaster@example.org cache_effective_user squid httpd_accel_host 127.0.0.1 httpd_accel_port 7654 httpd_accel_uses_host_header off httpd_accel_single_host on httpd_accel_with_proxy on forwarded_for on log_icp_queries off #snmp_port 0 #snmp_access deny all # offline_mode off coredump_dir none pipeline_prefetch on