squid cache (squid.conf)

squid proxy server

Categoria: Networking

Software: squid cache

[ Hits: 8.970 ]

Por: nao quero informar


Este arquivo e o que eu uso no meu trabalho num dos laboratorios da estacio para configurar um servidor proxy, que controla a internet nos laboratorios, consigo dividir o fluxo por salas aqui no caso sao 4 salas e tambem bloqueios e taxa de internet, este arquivo esta configurado para verificar codigo de placa de rede.


# [ NETWORK OPTIONS ] ####
http_port 10.12.20.4:3128
#https_port 80
#ssl_unclean_shutdown off
#icp_port 3128
#htcp_port 4827
#mcast_groups
#tcp_outgoing_address
udp_incoming_address 0.0.0.0 
udp_outgoing_address 255.255.255.255

#### [ OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM ] ####
cache_peer 10.12.20.3 parent 80 80 multicast-responder 
#neighbor_type_domain
icp_query_timeout 2000
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 20 seconds
#hierarchy_stoplist cgi-bin \?
acl all src 10.12.196.0/255.255.252.0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#### [ OPTIONS WHICH AFFECT THE CACHE SIZE ] ####
############################################################################
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 4096
ipcache_low 24
ipcache_high 90
fqdncache_size 4096
memory_replacement_policy lru

#### [ LOGFILE PATHNAMES AND CACHE DIRECTORIES ] ####
############################################################################
cache_dir ufs /usr/local/squid/var/cache 4000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
#cache_swap_log /usr/local/squid/var/cache/swap.lo%1
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/local/squid/etc/mime.conf
#log_mime_hdrs off
#useragent_log /usr/local/squid/var/logs/agend.log
#referer_log /usr/local/squid/var/logs/referer.log
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255

#### [ OPTIONS FOR EXTERNAL SUPPORT PROGRAMS ] ####
##############################################################################
#ftp_user lab.bangu@estacio.br
#ftp_list_width 32
#ftp_passive on
#ftp_sanitycheck on
#cache_dns_program /usr/local/squid/libexec/dnsserver
#dns_children 22
dns_retransmit_interval 5 seconds
dns_timeout 3 minutes
#dns_defnames on
dns_nameservers 10.12.20.13
hosts_file /etc/hosts
#diskd_program /usr/local/squid/libexec/diskd
#unlinkd_program /usr/local/squid/libexec/unlinkd
#pinger_program /usr/local/squid/libexec/pinger
#redirect_program /usr/local/squid/etc/bannerfilter/redirector.pl
#redirect_children 5
#redirect_rewrites_host_header on
#redirector_access  

#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour 
authenticate_ip_ttl 60 seconds
#external_acl_type

#### [ OPTIONS FOR TUNING THE CACHE ] ####
#############################################################################
#wais_relay_host 10.12.20.3 
#wais_relay_port 80
request_header_max_size 10 KB
request_body_max_size 0 KB
reply_body_max_size 0 allow all 
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   50%   4320
#reference_age 1
quick_abort_min 0 KB
quick_abort_max 10 MB
quick_abort_pct 95
negative_ttl 30 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 60 seconds
range_offset_limit 0 KB

#### [ TIMEOUTS ] ####
#############################################################################
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
#siteselect_timeout 4 seconds
read_timeout 15 minutes
request_timeout 120 seconds
persistent_request_timeout 1 minute
client_lifetime 1 hour
half_closed_clients off
pconn_timeout 120 seconds
#ident_timeout 10 seconds
shutdown_lifetime 30 seconds

#### [ ACCESS CONTROLS ] ####
############################################################################
#acl password proxy_auth REQUIRED
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
#acl bigblock url_regex -i "/usr/local/squid/etc/bigblock.txt"
acl blockedsites url_regex -i "/usr/local/squid/etc/block.txt"
acl blockblibli url_regex -i "/usr/local/squid/etc/blockbi.txt"
acl unblockedsites url_regex -i "/usr/local/squid/etc/unblock.txt"
acl unblocksites url_regex -i "/usr/local/squid/etc/unblocks.txt"
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl serv arp 00:01:03:BF:F1:FC 00:00:21:48:85:EC 00:01:02:62:13:FB
acl lab1 arp 00:01:03:C0:09:80 00:01:02:CC:F4:21 00:A1:B0:00:05:37 00:01:02:CC:F3:01 00:01:02:CC:F2:08 00:01:03:C0:00:85 00:01:02:CC:F3:5E 00:01:03:BF:F7:11 00:01:03:BF:F8:15 00:01:02:CC:F2:6A 00:01:03:C0:06:26 00:01:03:BF:FB:9F 00:01:03:BF:FC:A5 00:01:02:CC:F3:7C 00:01:03:BF:35:BF 00:01:03:BF:2B:5F 00:01:03:BF:3A:B8 00:01:03:DF:E8:C3 00:01:03:BF:EE:08 00:01:03:E0:0C:46 00:01:02:CC:F3:82 00:01:03:C0:06:53
acl lab2 arp 00:40:A7:06:EB:79 00:40:A7:06:5D:75 00:40:A7:06:22:4C 00:40:A7:06:5C:C0 00:40:A7:06:5B:B8 00:40:A7:06:5E:49 00:40:A7:06:5D:6E 00:40:A7:06:46:62 00:40:A7:06:5B:E7 00:40:A7:06:39:06 00:40:A7:06:5D:76 00:40:A7:06:5B:CC 00:40:A7:06:46:47 00:40:A7:06:3E:46 00:40:A7:06:5C:DC 00:40:A7:06:11:F5 00:40:A7:06:3E:48 00:40:A7:06:5B:D0 00:40:A7:06:5D:71 00:40:A7:06:5F:70
acl lab3 arp 00:01:03:D1:E9:08 00:01:03:DF:DC:A7 00:01:03:DF:E7:BF 00:01:03:CF:88:79 00:50:FC:B6:A3:43 00:01:03:E0:16:2B 00:01:03:E0:16:0F 00:01:03:D7:0D:55 00:E0:4C:78:3C:37 00:01:03:E4:14:C9 00:01:03:E0:14:1D 00:01:03:CF:88:3C 00:01:03:DF:D6:BD 00:01:03:CF:8C:7F 00:01:03:DF:DD:2A 00:01:03:DF:E4:51 00:01:03:E0:16:27 00:E0:4C:78:40:B9 00:01:03:E0:13:A5 00:01:03:DC:35:DE
acl lab4 arp 00:D0:09:46:8B:8A 00:50:FC:B6:9A:4A 00:E0:7D:B3:7A:43 00:C0:26:80:26:31 00:D0:09:44:51:1A 00:D0:09:48:83:44 00:D0:09:3F:72:91 00:D0:09:48:2D:24 00:D0:09:3F:72:6D 00:D0:09:48:3C:27 E2:20:03:00:FF:5E 00:D0:09:48:2D:30 00:D0:09:44:51:21 00:D0:09:44:4F:A8 00:D0:09:44:4D:F3 00:D0:09:44:51:20 00:D0:09:44:4D:F0 00:D0:09:48:88:19 00:D0:09:49:12:7F 00:D0:09:BF:24:B0 00:D0:09:BE:CF:2C 00:D0:B7:80:C7:84
acl biblioteca arp 00:D0:09:64:3B:38 00:D0:09:66:96:DD 00:00:21:CD:0C:86
acl lab11 time T 19:00-21:00
acl lab12 time MH 21:10-23:10
acl lab21 time F 19:00-21:00
acl lab22 time MTF 21:10-23:10
acl lab31 time MF 19:00-21:00
acl lab32 time MTW 21:00-23:10
acl lab41 time M 19:00-21:00
acl lab42 time A 05:00-22:00
acl allhora time MTWHFA 07:00-23:00
acl compblock arp 00:00:00:00:00:00
acl tempo1 time MTWHF 19:00-21:00
acl tempo2 time MTWHF 21:10-23:00
acl sabado time A 7:00-23:00
http_access deny !Safe_ports !SSL_ports
#http_access deny bigblock
http_access deny blockedsites
http_access allow unblockedsites
http_access allow lab1 allhora !lab11 !compblock
http_access allow lab2 allhora !lab21 !compblock
http_access allow lab3 allhora !compblock
http_access allow lab4 allhora !compblock
http_access allow serv
http_access allow biblioteca !blockblibli
http_access allow localhost
http_access allow javascript
http_access allow fileupload
http_access deny all
#http_reply_access allow all
#icp_access deny all
#miss_access allow all
#cache_peer_access 10.12.20.3 allow all
#ident_lookup_access allow all

#### [ AUTH_PARAM ] ####
###########################################################################
#auth_param basic program /path/do/programa /path/do/arquiv/senhas
#auth_param basic children 88
#auth_param basic realm texto de login
#auth_param basic credentialsttl 1 hour

#### [ ADMINISTRATIVE PARAMETERS ] ####
###############################################################################
cache_mgr lab.bangu@estacio.br
cache_effective_user nobody
cache_effective_group nogroup
visible_hostname servbangu02
#hostname_aliases

#### [ OPTIONS FOR THE CACHE REGISTRATION SERVICE ] ####
###############################################################################
#announce_period 0
#announce_period 1 day
#announce_host tracker.ircache.net
#announce_port 3131

#### [ HTTPD-ACCELERATOR OPTIONS ] ####
#############################################################################
httpd_accel_host 10.12.20.3
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header off

#### [ MISCELLANEOUS ] ####
##############################################################################
dns_testnames 10.12.20.13
logfile_rotate 10
#append_domain .estacioacad.rj.br
tcp_recv_bufsize 1024 bytes
#deny_info
#memory_pools_limit 24
icp_hit_stale off
#minimum_direct_hops 8
#minimum_direct_rtt 400
#cachemgr_passwd secret shutdown
store_avg_object_size 13 KB
store_objects_per_bucket 20
#netdb_low 900
#netdb_high 1000
#netdb_ping_period 5 minutes
#query_icmp off
test_reachability off
buffered_logs off
#reload_into_ims off
#always_direct
#never_direct
#header_access
#header_replace
icon_directory /usr/local/squid/share/icons
error_directory /usr/local/squid/share/errors/Portuguese
minimum_retry_timeout 5 seconds
maximum_single_addr_tries 3
#snmp_port 3401
#snmp_access deny all
#snmp_incoming_address 0.0.0.0
#snmp_outgoing_address 255.255.255.255
#as_whois_server 10.12.20.40
#wccp_router 0.0.0.0
#wccp_version 4
#wccp_incoming_address 0.0.0.0
#wccp_outgoing_address 255.255.255.255

#### [ DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) ] ####
################################################################################
delay_pools 4
delay_class 1 3
delay_class 2 3
delay_class 3 3
delay_class 4 3
delay_parameters 1 256000/256000 1250000/1250000 256000/256000
delay_parameters 2 256000/256000 1250000/1250000 256000/256000
delay_parameters 3 256000/256000 1250000/1250000 256000/256000
delay_parameters 4 256000/256000 1250000/1250000 256000/256000
delay_access 1 allow lab1
delay_access 2 allow lab2
delay_access 3 allow lab3
delay_access 4 allow lab4
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
#broken_posts allow buggy_server
#mcast_miss_addr 255.255.255.255
#mcast_miss_ttl 16
#mcast_miss_port 3135
#mcast_miss_encode_key XXXXXXXXXXXXXXXX
nonhierarchical_direct off
prefer_direct off
strip_query_terms on
coredump_dir /usr/local/squid/var/cache
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
#chroot disable
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
#extension_methods
request_entities off
high_response_time_warning 1 hour
high_page_fault_warning 5 minutes
high_memory_warning 99 MB 
store_dir_select_algorithm least-load
#forward_log
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
  


Comentários
[1] Comentário enviado por martello2222 em 06/03/2009 - 18:51h

com este tipo de configuração sites como o msn e o orkut assim como salas de bate - papo são bloqueados ...
como vc faz para desbloquear em um unico computador ,como o principal por exemplo ....

[2] Comentário enviado por martello2222 em 06/03/2009 - 18:52h

me manda um e-mail me respondendo o mais rapido possivel por favor...
e-mail : marlon_17rj@yahoo.com.br


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts