squid:configure_squid
Squid - Configure Squid
WARNING: The refresh pattern on this config are very aggressive and sometimes a user will get old cached pages even for those sites which updates on daily basis,
if you face such issues, remove following directives from refresh pattern.
ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
# SQUID 2.7 CONFIG FILE # By - Syed Jahanzaib # Email: aacable@hotmail.com # Web : https://aacable.wordpress.com # PORT and Transparent Option http_port 8080 transparent server_http11 on icp_port 0 # Cache Directory , modify it according to your system. # but first create directory in root by # mkdir /cache1 # chown proxy:proxy /cache1 # [for ubuntu user is proxy, in Fedora user is SQUID] # I have set 100 GB for caching, Adjust it according to your need. # My recommendation is to have one cache_dir per drive. zzz store_dir_select_algorithm round-robin cache_dir aufs /cache1 100000 16 256 #cache_dir ufs /mnt/hdd2/cache2 200000 16 256 # If you have secondary HDD memory_replacement_policy heap GDSF cache_replacement_policy heap GDSF # If you want to enable DATE time n SQUID Logs,use following emulate_httpd_log on logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt log_fqdn off # How much days to keep users access web logs # You need to rotate your log files with a cron job. For example: # 0 0 * * * /usr/local/squid/bin/squid -k rotate logfile_rotate 14 debug_options ALL,1 cache_access_log /var/log/squid/access.log cache_log none cache_store_log none # Block Ads [zaib] #acl adsites dstdomain url_regex "/etc/squid/adslist.txt" #http_access deny adsites #deny_info http://192.168.6.1/psb.htm adsites #I used DNSAMSQ service for fast dns resolving #so install by using "apt-get install dnsmasq" first dns_nameservers 127.0.0.1 8.8.8.8 ftp_user anonymous@ ftp_list_width 32 ftp_passive on ftp_sanitycheck on #ACL Section mylan myacl acl all src 0.0.0.0/0.0.0.0 #acl all src 192.168.50.0/255.255.255.0 #acl all2 src 10.0.0.0/255.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager all http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow all #http_access allow all2 http_reply_access allow all #http_reply_access allow all2 icp_access allow all #========================== # Administrative Parameters #========================== #============================================================$ # SNMP , if you want to generate graphs for SQUID via MRTG #============================================================$ #acl snmppublic snmp_community zaib #snmp_port 3401 #snmp_access allow snmppublic all #snmp_access allow all # I used UBUNTU so user is proxy, in FEDORA you may use use squid cache_effective_user proxy cache_effective_group proxy cache_mgr SYED_JAHANZAIB visible_hostname aacable.wordpress.com unique_hostname aacable@hotmail.com # Memory cache_mem 128 MB minimum_object_size 0 bytes maximum_object_size 700 MB maximum_object_size_in_memory 32 KB tcp_outgoing_tos 0x30 all zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 acl store_rewrite_list urlpath_regex \/(get_video|videoplayback\?id|videoplayback.*id) acl store_rewrite_list urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\? acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id) acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe) acl dontrewrite url_regex redbot\.org \.php acl getmethod method GET storeurl_access deny dontrewrite storeurl_access deny !getmethod storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list storeurl_access allow store_rewrite_list_domain storeurl_access allow store_rewrite_list_path storeurl_access deny all # First add storeurl.pl to enable below, see my other guides # e.g: https://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/ #storeurl_rewrite_program /etc/squid/storeurl.pl #storeurl_rewrite_children 7 #storeurl_rewrite_concurrency 0 ## refresh_pattern -i \.htm 120 50% 10080 reload-into-ims refresh_pattern -i \.html 120 50% 10080 reload-into-ims refresh_pattern ^http://*.facebook.com/* 720 100% 4320 refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 refresh_pattern ^http://*.google.*/.* 720 100% 4320 refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320 refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 refresh_pattern ^http://*.plasa.*/.* 720 100% 4320 refresh_pattern ^http://*.telkom.*/.* 720 100% 4320 ## # 1 year = 525600 mins, 1 month = 43800 mins refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims #refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern \.(ico|video-stats) 10800 80% 10800 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth override-lastmod negative-ttl=10080 refresh_pattern \.etology\? 10800 80% 10800 override-expire ignore-reload ignore-no-cache refresh_pattern galleries\.video(\?|sz) 10800 80% 10800 override-expire ignore-reload ignore-no-cache refresh_pattern brazzers\? 10800 80% 10800 override-expire ignore-reload ignore-no-cache refresh_pattern \.adtology\? 10800 80% 10800 override-expire ignore-reload ignore-no-cache refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignore-no-cache ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=10 refresh_pattern ^.*safebrowsing.*google 10800 80% 10800 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth negative-ttl=10080 refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 10800 80% 10800 override-expire ignore-reload ignore-private negative-ttl=10080 refresh_pattern ytimg\.com.*\.jpg 10800 80% 10800 override-expire ignore-reload refresh_pattern images\.friendster\.com.*\.(png|gif) 10800 80% 10800 override-expire ignore-reload refresh_pattern garena\.com 10800 80% 10800 override-expire reload-into-ims refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10800 80% 10800 override-expire ignore-reload refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 10800 80% 10800 ignore-no-cache override-expire override-lastmod refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10800 80% 10800 reload-into-ims override-expire ignore-private refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 10800 80% 10800 reload-into-ims ignore-no-cache ignore-reload override-expire refresh_pattern ^http:\/\/www.onemanga.com.*\/ 10800 80% 10800 reload-into-ims ignore-no-cache ignore-reload override-expire # ANTI VIRUS refresh_pattern guru.avg.com/.*\.(bin) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern (avgate|avira).*(idx|gz)$ 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern kaspersky.*\.avc$ 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern kaspersky 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern windowsupdate.com/.*\.(cab|exe) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern update.microsoft.com/.*\.(cab|exe) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe) 10800 80% 10800 ignore-no-cache ignore-reload reload-into-ims #images facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache #banner IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/openx.kompas.com.*\/ 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache #IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-auth #All File refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern ^ftp: 10080 95% 10800 override-lastmod reload-into-ims refresh_pattern . 180 95% 10800 override-lastmod reload-into-ims global_internal_static off max_stale 10 years retry_on_error on buffered_logs on read_ahead_gap 32 KB #header_access Accept-Encoding deny all client_persistent_connections off server_persistent_connections on half_closed_clients off strip_query_terms off quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100 vary_ignore_expire on reload_into_ims on pipeline_prefetch on read_timeout 30 minutes client_lifetime 6 hours $negative_ttl 30 seconds positive_dns_ttl 6 hours $negative_dns_ttl 60 seconds pconn_timeout 15 seconds request_timeout 1 minute $store_avg_object_size 13 KB log_icp_queries off ipcache_size 16384 ipcache_low 98 ipcache_high 99 log_fqdn off fqdncache_size 16384 memory_pools off forwarded_for on client_db off max_filedescriptors 8192
References
squid/configure_squid.txt · Last modified: 2021/01/06 11:54 by peter