[squid-users] acl Question
joe
chip_pop at hotmail.com
Mon Oct 12 23:19:35 UTC 2015
ok again i filter out most of the squid conf with this minimum config should
i get any static img or anything as hit or not
caus i dont get any
i test on squid 3.5.8 and up same think
via off
forwarded_for off
# should be allowed
acl localnet src 10.2.3.0/24
acl localnet src 10.2.2.0/24
acl localnet src 10.3.2.0/24
acl localnet src 10.4.4.0/24
#http_access deny all
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# STOREID ACCESS LIST
acl domaincache dstdomain .dailymotion.com
cache allow domaincache
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access allow manager
# And finally deny all other access to this proxy
http_access allow all
http_port 8079
http_port 8080 accel vhost allow-direct
store_dir_select_algorithm least-load
cache_dir aufs /mnt/sdb 500000 26 256
cache_dir aufs /mnt/sdc 500000 26 256
memory_pools off
memory_pools_limit 4 GB
cache_mem 5 GB
#maximum_object_size_in_memory 64 KB
maximum_object_size_in_memory 2048 KB
minimum_object_size 1 KB
maximum_object_size 3 GB
cache_swap_low 98
cache_swap_high 99
logfile_rotate 0
cache_store_log none
access_log daemon:/var/log/squid3/access.log !CONNECT
cache_log /var/log/squid3/cache.log
# FILES TYPE
refresh_pattern -i \.(exe|crx|esd)(\?|\/\?) 10080 100% 799000
override-expire override-lastmod ignore-reload ignore-no-store
ignore-private ignore-auth ignore-must-revalidate store-stale
reload-into-ims
refresh_pattern -i
\.(3gp|m1v|ace|web(m|p|a)|m2(v|p)|swf|dat|cup|dvr-ms|ram|avi|mk(a|v)|vob|wm(a|v)|flv|x-flv|JPG)
10080 100% 129600 override-expire override-lastmod ignore-reload
ignore-no-store ignore-private ignore-auth ignore-must-revalidate
store-stale reload-into-ims
refresh_pattern -i
\.(m3u8|jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|mp(e?g|a|e|1|2|3|4)|deb|ad|f4(f|v)|abst|dll)
10080 100% 129600 override-expire override-lastmod ignore-reload
ignore-no-store ignore-private ignore-auth ignore-must-revalidate
store-stale reload-into-ims
refresh_pattern -i
\.(rar|jar|gz|tgz|bz2|iso|7z|asx|mo(d|v)|arj|lha|lzh|zip|tar|pak|cup|ipa|apk)
10080 100% 43800 override-expire override-lastmod ignore-reload
ignore-no-store ignore-private ignore-auth ignore-must-revalidate
store-stale
refresh_pattern -i
\.(rpm|ac4|bin|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|inc|cod|jad|txt) 10080
100% 43800 override-expire override-lastmod ignore-reload ignore-no-store
ignore-private ignore-auth ignore-must-revalidate store-stale
refresh_pattern -i
\.(pp(t?x)|s|t)|pdf|rtf|wax|cab|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|qt|vpx)
10080 100% 43800 override-expire override-lastmod ignore-reload
ignore-no-store ignore-private ignore-auth ignore-must-revalidate
store-stale
refresh_pattern -i .(html|htm|css|js|xml)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 43800
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
visible_hostname xcache
unique_hostname xcache
dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.4
shutdown_lifetime 10 second
icp_port 0
htcp_port 0
check_hostnames off
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
forward_timeout 240 seconds
connect_timeout 60 seconds
#read_timeout 15 minute
peer_connect_timeout 30 seconds
read_timeout 600 second
request_timeout 60 second
ipcache_size 16384
ipcache_low 98
ipcache_high 99
ipcache_size 2048
ipcache_low 98
ipcache_high 99
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100
fqdncache_size 16384
icp_hit_stale on
query_icmp off
strip_query_terms off
retry_on_error on
check_hostnames off
minimum_expiry_time 0 seconds
positive_dns_ttl 6 hour
negative_dns_ttl 60 second
half_closed_clients off
memory_pools off
reload_into_ims on
store_avg_object_size 82 KB
client_db on
max_filedescriptors 32768
# QoS MARKING
qos_flows local-hit=0x30
tcp_outgoing_tos 0x30 all
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/acl-Question-tp4673648p4673649.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list