squid.conf

Squid (squid.conf)

delcimar

Configuração para Squid 2.5 stable13

Categoria: Miscelânea

Software: Squid

[ Hits: 7.479 ]

Por: Delcimar Martins

0 0
Denuncie   Favoritos   Indicar  

Estou postando aqui uma configuração de Squid bem simples e limpa para a versão 2.5 stable13 compilado com os seguintes parâmetros, onde não tem quase nada, somente o armazenamento de cache da rede.

Esta configuração é para uma máquina de 2G de RAM com 600G de HD para o cache.

./configure --enable-underscores --enable-icmp --enable-delay-pools --enable-htcp --enable-linux-netfilter --enable-arp-acl --enable-cache-digests 


# [ NETWORK OPTIONS ] ####
http_port 3128 
udp_outgoing_address 255.255.255.255

#### [ OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM ] ####
icp_query_timeout 2000
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
acl all src 0/0
acl QUERY urlpath_regex cgi-bin \?

#### [ OPTIONS WHICH AFFECT THE CACHE SIZE ] ####
cache_mem 2000 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 4194240 KB 
minimum_object_size 0 KB
maximum_object_size_in_memory 8192 KB
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
cache_replacement_policy lru 
memory_replacement_policy lru 

#### [ LOGFILE PATHNAMES AND CACHE DIRECTORIES ] ####
cache_dir ufs /usr/local/squid/var/cache/ 550000 16 256 
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
cache_swap_log /usr/local/squid/var/cache/swap.lo%1
emulate_httpd_log off 
log_ip_on_direct on
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255

#### [ OPTIONS FOR EXTERNAL SUPPORT PROGRAMS ] ####
##############################################################################
ftp_list_width 32
ftp_passive on 
ftp_sanitycheck on
ftp_telnet_protocol on
dns_retransmit_interval 5 seconds
dns_timeout 3 minutes
hosts_file /etc/hosts
unlinkd_program /usr/local/squid/libexec/unlinkd
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour 
authenticate_ip_ttl 60 seconds


#### [ OPTIONS FOR TUNING THE CACHE ] ####
#############################################################################
wais_relay_host proxy
wais_relay_port 80
request_header_max_size 10 KB
refresh_pattern ^ftp:      1440   80%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   80%   4320
quick_abort_min 0 KB
quick_abort_max 10 MB
quick_abort_pct 95
negative_ttl 30 second
positive_dns_ttl 6 hour
negative_dns_ttl 60 second
range_offset_limit 0 KB

#### [ TIMEOUTS ] ####
#############################################################################
connect_timeout 2 minute
peer_connect_timeout 30 seconds
request_timeout 60 second
persistent_request_timeout 1 minute
client_lifetime 1 hour
half_closed_clients on
pconn_timeout 120 second
ident_timeout 10 seconds
shutdown_lifetime 30 second

#### [ ACCESS CONTROLS ] ####
############################################################################
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$

acl localhost src 127.0.0.1/255.255.255.255

acl Safe_ports port 80
acl Safe_ports port 21 20
acl Safe_ports port 53
acl Safe_ports port 1025-65535

http_access allow fileupload javascript

http_access deny !Safe_ports 
http_access allow all 

http_reply_access allow all
no_cache deny QUERY localhost
miss_access allow all
ident_lookup_access allow all

#### [ ADMINISTRATIVE PARAMETERS ] ####
###############################################################################
cache_mgr eu@eu.com.br
cache_effective_user nobody
cache_effective_group nogroup
visible_hostname proxy
hostname_aliases proxy.comp.com.br

#### [ HTTPD-ACCELERATOR OPTIONS versao anterior a 2.6] ####
#############################################################################
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

#### [ MISCELLANEOUS ] ####
##############################################################################
dns_testnames 200.20.57.2 200.20.57.22
#dns_testnames 10.0.0.31
logfile_rotate 10
append_domain .comp.com.br
memory_pools on
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 8
minimum_direct_rtt 400
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp off
test_reachability off
buffered_logs off
header_access http allow all
icon_directory /usr/local/squid/share/icons
error_directory /usr/local/squid/share/errors/Portuguese
#snmp_port 3401
#snmp_access deny all
#snmp_incoming_address 0.0.0.0
#snmp_outgoing_address 255.255.255.255
wccp_router 0.0.0.0
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255

#### [ DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) ] ####
################################################################################
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct off
prefer_direct off
strip_query_terms on
coredump_dir /usr/local/squid/var/cache
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
request_entities off
high_response_time_warning 1 hour
high_page_fault_warning 5 minutes
high_memory_warning 99 MB 
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
  


Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Passkeys: A Evolução da Autenticação Digital

Instalação de distro Linux em computadores, netbooks, etc, em rede com o Clonezilla

Título: Descobrindo o IP externo da VPN no Linux

Armazenando a senha de sua carteira Bitcoin de forma segura no Linux

Enviar mensagem ao usuário trabalhando com as opções do php.ini

Dicas

Instalando Brave Browser no Linux Mint 22

vídeo pra quem quer saber como funciona Proteção de Memória:

Encontre seus arquivos facilmente com o Drill

Mouse Logitech MX Ergo Advanced Wireless Trackball no Linux

Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil

Tópicos

Sem som no pc [RESOLVIDO] (7)

Arch Linux - Guia para Iniciantes (3)

VMs e Interfaces de Rede desapareceram (4)

Desde que seja DDR3, posso colocar qualquer memória? (5)

Tem como deixar um processo rodando mesmo após o desligamento da maqui... (5)

Top 10 do mês

Scripts

[Outros] Dicas e truques Matematica Básica

[C/C++] reverse shell na marra!

[C/C++] criptografia de modo simples

[C/C++] intdb - gerador de wordlist numerica

[C/C++] genpass - gerador de senhas seguras

A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

Site hospedado por: