Squid 配置文件詳解
http://blog.csdn.net/joliny/archive/2008/10/20/3098544.aspx
Squid 配置文件詳解
# NETWORK OPTIONS(網絡選項)
# -----------------------------------------------------------------------------
http_port 3128 #代理端口
icp_port 3130 #icp端口
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#-----------------------------------------------------------------------------
#禁止緩存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:// ?
acl QUERY urlpath_regex -i cgi-bin /? /.asp /.php /.jsp /.cgi
acl denyssl urlpath_regex -i ^https://
no_cache deny QUERY
no_cache deny denyssl
#上面幾個就是說遇到URL中有包含cgi-bin和以https://開頭的都不要緩存,
#asp、cgi、php等動態腳本也不要緩存,
#https://開通的不緩存是因爲一般我們進行電子商務交易,
#例如銀行付款等都是採用這個的,如果把信用卡號什麼緩存那不是很危險。
# OPTIONS WHICH AFFECT THE CACHE SIZE(定義cache大小的選項)
# -----------------------------------------------------------------------------
cache_mem 32 MB #額外使用內存量,可根據你的系統內存在設定,一般爲實際內存的1/3
cache_swap_low 70 #最低緩存百分比
cache_swap_high 95 #最高緩存百分比,就是上面那個額外內存的使用百分比
maximum_object_size 4096 KB #單個文件最大緩存大小,超過這個大小將不緩存
maximum_object_size_in_memory 8 KB #在內存中單個文件最大緩存大小,超過這個大小將不緩存到內存中
#有DNS正反解所得到的IP存在緩存區的大小,這樣可以加快解析速度
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
# LOGFILE PATHNAMES AND CACHE DIRECTORIES(定義日誌文件的路徑及cache的目錄)
# -----------------------------------------------------------------------------
# 各發行版自帶的Squid略有區別,一般使用各發行版自帶的設置
# <cache_dir>; <aufs|ufs>; <目錄所在>; <MBytes大小>; <dir1>; <dir2>;
# 那個 aufs 只有在編譯的時候加入 --enable-async-io 那個選項纔有支持,
# 至於目錄所在地與所佔用的磁盤大小則請視您的主機情況而定,
# 而後面 dir1, dir2 則是兩個次目錄的大小,通常 16 256 或 64 64 皆可,
# 一般來說,數字最好是 16 的倍數,據說性能會比較好啦!
cache_dir aufs /Cache1 100 16 256
cache_dir aufs /Cache2 100 16 256
#日誌存放位置
#cache_access_log /usr/local/squid/var/logs/access.log
#cache_log /usr/local/squid/var/logs/cache.log
# TAG: cache_store_log
#cache_store_log /usr/local/squid/var/logs/store.log
# TAG: pid_filename
#pid_filename /usr/local/squid/var/logs/squid.pid
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS(外部支持程序選項)
# -----------------------------------------------------------------------------
#用代理登陸匿名ftp服務選項
# 各發行版自帶的Squid略有區別,一般使用各發行版自帶的設置
# TAG: ftp_user
ftp_user Squid@ #用戶名
ftp_passive on #被動模式
#認證
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
# OPTIONS FOR TUNING THE CACHE(調整cache的選項)
# -----------------------------------------------------------------------------
# TAG: refresh_pattern Cache更新時間設置
#<refresh_pattern>; <regex>; <最小時間>; <百分比>; <最大時間>;
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#上面第一行如果網址開頭是 ftp 的話,那麼在一天(1440分鐘)後,
#如果proxy 再次取用這個檔案時,則 cache 內的數據會被更新!
# TIMEOUTS (超時)
# -----------------------------------------------------------------------------
#連接到其他機器的最大嘗試時間
connect_timeout 1 minute
#連接到上層代理的超時時間
peer_connect_timeout 30 seconds
#返回超時
request_timeout 2 minutes
#持續連接時間
persistent_request_timeout 1 minute
# ACCESS CONTROLS(訪問控制)
# -----------------------------------------------------------------------------
# TAG: acl
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl msn url_regex -i ^http://gateway.messenger.hotmail.com
acl inside1 src 192.168.1.0/24 #內部網IP段
acl inside2 src 192.168.2.0/24
acl localmac arp "/usr/local/squid/localmac" #mac地址文件
# TAG: http_access
http_access allow inside1 #允許inside1規則通過
http_access allow inside2 #允許inside2規則通過
http_access allow localmac #允許localmac裏面有登記的mac地址通過
http_access allow msn #允許訪問http://gateway.messenger.hotmail.com
acl admin arp 00:40:05:13:C4:B2
http_access allow admin #允許00:40:05:13:C4:B2這個mac地址
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost #允許manager訪問localhost
http_access deny manager #禁止manager訪問
# Deny requests to unknown ports
http_access deny !Safe_ports #禁止訪問不在Safe_ports裏的端口
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports #禁止訪問非443,563端口
#
acl banned_sites url_regex "/etc/squid/banned.list"
acl worktime time MTWHF 8:30-12:00 14:00-18:00
acl mmxfile urlpath_regex -i /.mp3$ /.avi$ /.rmvb$ /.rm$ /.wma$ /.wmv$
http_access deny worktime mmxfile #禁止在worktime時間內訪問.mp3,.avi,.rmvb,.rm,.wma文件
http_access deny worktime banned_sites #banned.list文件裏的網址全部丟棄
http_access allow localhost #localhost可以訪問
#------按照網段,限制連接數
acl loc1 src 192.168.1.0/24
acl loc1_conn maxconn 50
acl loc2 src 192.168.2.0/24
acl loc2_conn maxconn 30
http_access deny loc1 loc1_conn
http_access allow loc1
http_access deny loc2 src loc2_conn
http_access allow loc2
#-----------------------------
http_access allow localhost #localhost可以訪問
http_access deny all #丟棄其他
# HTTPD-ACCELERATOR OPTIONS(HTTPD加速選項)
# -----------------------------------------------------------------------------
#設定透明代理
httpd_accel_host virtual #主機名
httpd_accel_port 80 #透明代理端口
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
本文來自CSDN博客,轉載請標明出處:http://blog.csdn.net/joliny/archive/2008/10/20/3098544.aspx