gustavohsr
(usa Debian)
Enviado em 02/03/2011 - 18:48h
MEU SQUID.CONF
#################################
#Porta de acesso do proxy - Escuta do DansGuardian
http_port 8080 transparent
visible_hostname proxy
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
#Não faz cache da acl QUERY
cache deny QUERY
#apache
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#Tamanho máximo de memória para cache
cache_mem 300 MB
#Tamanho máximo de um objeto
maximum_object_size 500 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
#Otimizando o CACHE
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
maximum_object_size_in_memory 128 KB
cache_dir aufs /var/spool/squid 2048 16 256
#Arquivo de Log
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
#Arquivo que contém os nomes de máquinas
hosts_file /etc/hosts
dns_nameservers 127.0.0.1
#Estas 'refresh_pattern' fazem com que o squid mantenha o maximo
#possivel um objeto em cache, aumentando o cache HIT e byte HIT
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440
refresh_pattern -i \.htm$ 0 20% 1440
refresh_pattern -i \.shtml$ 0 20% 1440
refresh_pattern -i \.shtm$ 0 20% 1440
refresh_pattern -i \.mov$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.avi$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.mpg$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.mpeg$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.qtm$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.flv$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.wav$ 1440 100% 4320 reload-into-ims
refresh_pattern -i \.au$ 1440 100% 4320 reload-into-ims
refresh_pattern -i \.mid$ 1440 100% 4320 reload-into-ims
refresh_pattern -i \.mp3$ 2880 100% 21600 reload-into-ims
refresh_pattern -i \.zip$ 7200 50% 21600 reload-into-ims
refresh_pattern -i \.gz$ 0 50% 10080 reload-into-ims
refresh_pattern -i \.arj$ 0 50% 4320 reload-into-ims
refresh_pattern -i \.lha$ 0 50% 4320 reload-into-ims
refresh_pattern -i \.lzh$ 0 50% 4320 reload-into-ims
refresh_pattern -i \.rar$ 7200 50% 21600 reload-into-ims
refresh_pattern -i \.tgz$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tar$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.Z$ 0 50% 4320 reload-into-ims
refresh_pattern -i \.sit$ 0 50% 4320 reload-into-ims
refresh_pattern -i \.pdf$ 7200 50% 10080 reload-into-ims
#Tempo de atualização dos objetos relacionados aos protocolos ftp, gopher e http.
#Default Sugerido:
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280 override-expire
##### Cache do Windows Update #####
refresh_pattern au.download.windowsupdate.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern msgruser.dlservice.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern
www.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
################################
####### Cache Videos ###########
refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
acl youtube dstdomain .youtube.com
cache allow youtube
################################
#Mínimo de Access Control List para o squid funcionar corretamente
#Não altere estas acls, pois você poderá travar o squid
#Configuração mínima
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#acl rede10 src 10.10.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 23000 8999 #SIAFI Web SERPRO
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 23000 #SIAFI Web SERPRO
acl Safe_ports port 8999 # SIAFI Web SERPRO
acl purge method PURGE
acl CONNECT method CONNECT
#ACLs
# limita conexões HTTP
acl connect_abertas maxconn 8
#Default
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access allow rede10
http_reply_access allow all
#icp_access allow all
http_access deny all
cache_effective_user proxy
cache_effective_group proxy
cache_mgr gustavo
coredump_dir /var/spool/squid
#### Localizacao onde esta os erros em portugues ####
error_directory /usr/share/squid/errors/Portuguese
strip_query_terms off
detect_broken_pconn on
pipeline_prefetch on
