iknaza
(usa Slackware)
Enviado em 28/10/2014 - 14:11h
http_port 127.0.0.1:3128 transparent
visible_hostname ikfirewall.br
cache_mem 2048 MB
#cache_mem 200 MB
maximum_object_size_in_memory 8192 KB
memory_replacement_policy lru
memory_pools_limit 1024 MB
no_cache deny all
cache_dir diskd /cache 120000 64 256 Q1=64 Q2=72
minimum_object_size 0 KB
###novas
#chunked_request_body_max_size 1024 KB
#log_fqdn off
#log_ip_on_direct on
#client_netmask 255.255.255.0
#forwarded_for truncate
#cache_replacement_policy head LFUDA
#logfile_rotate 10
#memory_pools off
maximum_object_size 50 MB
maximum_object_size_in_memory 50 KB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
#half_closed_clients off
#collapsed_forwarding on
logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat referrer %ts.%03tu %>a %{Referer}>h %ru
logformat useragent %>a [%tl] "%{User-Agent}>h"
cache_swap_low 90
cache_swap_high 95
access_log /log/access.log squid
cache_store_log /log/store.log
cache_log /log/cache.log
pid_filename /log/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 15 20% 4320
refresh_pattern -i (cgi-bin|\?) 0 0% 0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl localnet src 192.168.0.0/24
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https,snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl Safe_ports port 1025-65535 #portas altas
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443 563
##ACLS
acl palavrasproibidas url_regex -i "/ikfirewall/palavrasproibidas.txt"
acl sitespermitidos url_regex -i "/ikfirewall/dominiospermitidos.txt"
acl extensoesbloqueadas url_regex -i "/ikfirewall/extensoes.txt"
acl sitesbloqueados url_regex -i "/ikfirewall/dominiosbloqueados.txt"
acl redelocal src 192.168.0.0/24
#request_header_access Content-Length deny all
http_access allow manager localhost localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl_uses_indirect_client on
##Controle de acesso
http_access deny palavrasproibidas all
http_access deny sitesbloqueados all
http_access deny extensoesbloqueadas all
http_access allow sitespermitidos all
http_access allow localhost
http_access allow redelocal
follow_x_forwarded_for allow localhost
http_access deny all
error_directory /usr/share/squid/errors/pt-br
max_filedesc 4096
dns_nameservers 8.8.8.8 8.8.4.4