debug_options ALL,1 http_port 8080 hierarchy_stoplist cgi-bin ? # # Revisit these two lines - perhaps move them elsewhere? # acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir aufs /data/squidcache 51200 64 256 maximum_object_size 32 MB cache_mem 4 MB cache_swap_low 97 cache_swap_high 98 ipcache_size 4096 ipcache_low 90 ipcache_high 95 fqdncache_size 4096 buffered_logs off cache_replacement_policy heap LFUDA cache_access_log /data/squidlogs/access.log cache_store_log none ftp_user ftp@ #reference_age 6 month quick_abort_min 1 KB quick_abort_max 1048576 KB quick_abort_pct 90 connect_timeout 30 seconds read_timeout 5 minutes request_timeout 30 seconds client_lifetime 2 hour half_closed_clients off pconn_timeout 120 seconds ident_timeout 10 second shutdown_lifetime 15 seconds request_header_max_size 100 KB request_body_max_size 1000 KB refresh_pattern ^ftp: 1440 50% 86400 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 50% 86400 ############################ # ACL's ############################ acl bad-files url_regex -i "/u1/squid/etc/bad-files" acl good-files url_regex "/u1/squid/etc/good-files" # Reloate the next line to the http_access group area? http_access deny bad-files !good-files # # Define networks # acl RAS src 192.168.0.0/16 acl Old_Bldg_One src 10.10.0.0/16 acl Future_Bldg src 10.11.0.0/16 acl Partner_Net src 10.12.0.0/16 acl Bldg_One src 10.13.0.0/16 acl Bldg_Two src 10.14.0.0/16 acl Bldg_Three src 10.15.0.0/16 acl Bldg_Four src 10.16.0.0/16 # acl EXT_sixteen src 172.16.0.0/16 acl EXT_seventeen src 172.17.0.0/16 acl EXT_eighteen src 172.18.0.0/16 acl EXT_nineteen src 172.19.0.0/16 # # Define the Cache Peers (these are on a private Conn) # acl ICP_ONE src 172.16.20.9 acl ICP_TWO src 172.16.20.10 # acl manager proto cache_object # acl localhost src 127.0.0.1/255.255.255.255 # # Define Safe Ports to use. # acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http # # Define SSL Ports # acl SSL_ports port 443 563 # acl CONNECT method CONNECT # # # Everyone Else # acl all src 0.0.0.0/255.255.255.255 # # Attempt to prevent us from being seen with tools # like those at: # # http://www.dnsstuff.com/tools/aboutyou.ch # # This link shows alot more than what we wish # to divulge here header_access Via deny all header_access X-Forwarded-For deny all ############################ # http_access ############################ # I've tried using http_access allow all, but it did # not work, I assume because of the way I've defined networks? # http_access allow RAS http_access allow Old_Bldg_One http_access deny Future_Bldg http_access allow Partner_Net http_access allow Bldg_One http_access allow Bldg_Two http_access allow Bldg_Three http_access allow Bldg_Four # http_access allow EXT_sixteen http_access allow EXT_seventeen http_access allow EXT_eighteen http_access allow EXT_nineteen # http_access allow ICP_ONE http_access allow ICP_TWO # # http_access allow manager localhost http_access allow manager Bldg_One http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # http_access deny all ############################ # http_reply_access ############################ # # One per each network above # http_reply_access allow RAS http_reply_access allow Old_Bldg_One http_reply_access allow Future_Bldg http_reply_access allow Partner_Net http_reply_access allow Bldg_One http_reply_access allow Bldg_Two http_reply_access allow Bldg_Three http_reply_access allow Bldg_Four # http_reply_access allow EXT_sixteen http_reply_access allow EXT_seventeen http_reply_access allow EXT_eighteen http_reply_access allow EXT_nineteen # http_reply_access allow ICP_ONE http_reply_access allow ICP_TWO # http_reply_access allow all cache_mgr squidmgr@MyCorp.Net visible_hostname squidproxy1 logfile_rotate 8 coredump_dir /u1/squid/var/cache cache_effective_user nobody cache_effective_group nobody # TEMP icp_port 3130 # Allow my peer icp_access allow ICP_ONE # Deny everyone else. # Be sure to edit this in case you modify or add another cache. # icp_access deny all # cache_peer 172.16.20.9 sibling 8080 3130 proxy-only cache_peer 172.16.20.9 sibling 8080 3130 peer_connect_timeout 10 seconds dns_testnames localhost