hi all
Can any one test mi squid.conf
my problem is when my users surf many images no show, but making rigth
clic on the box and select show image then show.
http_port 8080
# TAG: icp_port
icp_port 3130
# Default is 4827. To disable use "0".
htcp_port 4827
# TAG: udp_incoming_address is used for the ICP socket receiving packets
from other caches.
# TAG: udp_outgoing_address is used for ICP packets sent out to other
caches.
#Default:
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_query_timeout 0
maximum_icp_query_timeout 2000
minimum_icp_query_timeout 5
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
# background_ping_rate 10 seconds
# -----------------------------------------------------------------------------
# OPCIONES QUE AFECTAN EL TAMANO DE LA CACHE
# -----------------------------------------------------------------------------
cache_mem 32 MB
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
cache_swap_low 90
cache_swap_high 95
# TAG: maximum_object_size (bytes)
# maximum_object_size 4096 KB
# TAG: minimum_object_size (bytes)
minimum_object_size 1 KB
# TAG: maximum_object_size_in_memory (bytes)
maximum_object_size_in_memory 8 KB
# TAG: ipcache_size (number of entries)
#Default:
ipcache_size 1024
ipcache_low 90
ipcache_high 95
# TAG: fqdncache_size (number of entries) Maximum number of FQDN cache
entries.
fqdncache_size 1024
# TAG: cache_replacement_policy
cache_replacement_policy lru
# TAG: memory_replacement_policy
memory_replacement_policy lru
# -----------------------------------------------------------------------------
# FICHEROS LOGS RUTAS DE NOMBRES Y DIRECTORIOS CACHE
# -----------------------------------------------------------------------------
# TAG: cache_dir
#Default:
cache_dir ufs /var/spool/squid3 100 16 256
cache_dir ufs /var/spool/squid1 100 16 256
cache_dir ufs /var/spool/squid2 100 16 256
# TAG: access_log
#Default:
access_log /var/log/squid3/access.log
# TAG: cache_log
#Default:
cache_log /var/log/squid3/cache.log
# TAG: cache_store_log
#Default:
cache_store_log /var/log/squid3/store.log
# TAG: emulate_httpd_log on|off
#Default:
emulate_httpd_log off
# TAG: log_ip_on_direct on|off
#Default:
log_ip_on_direct on
# TAG: mime_table
#Default:
mime_table /usr/share/squid3/mime.conf
# TAG: log_mime_hdrs on|off
#Default:
log_mime_hdrs off
# TAG: pid_filename
# A filename to write the process-id to. To disable, enter "none".
pid_filename /var/run/squid3.pid
# TAG: debug_options
#Default:
debug_options ALL,1
# TAG: log_fqdn on|off
#Default:
log_fqdn off
# TAG: client_netmask
#Default:
client_netmask 255.255.255.255
# -----------------------------------------------------------------------------
# OPCIONES PARA SOPORTE EXTERNO DE LOS PROGRAMAS
# -----------------------------------------------------------------------------
# TAG: ftp_user
#Default:
ftp_user Squid@
# TAG: ftp_list_width
#Default:
ftp_list_width 32
# TAG: ftp_passive
#Default:
ftp_passive on
# TAG: ftp_sanitycheck
#Default:
ftp_sanitycheck on
# TAG: check_hostnames
#Default:
check_hostnames on
# TAG: ftp_telnet_protocol
#Default:
ftp_telnet_protocol on
#Default:
#dns_children 5
# TAG: dns_retransmit_interval
#Default:
dns_retransmit_interval 5 seconds
# TAG: dns_timeout
#Default:
dns_timeout 5 minutes
# TAG: dns_defnames on|off
#Default:
dns_defnames off
# TAG: dns_nameservers
#dns_nameservers 169.158.128.136 169.158.128.156
# TAG: auth_param
###############################################################################################
auth_param digest program /usr/lib/squid3/digest_pw_auth -c
/etc/apache2/passwd
auth_param digest children 16
auth_param digest realm Linux-Squid-Proxy-Server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
###############################################################################################
#redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#redirect_program /usr/local/bin/SquidClamAV_Redirector.py -c
/etc/squid3/SquidClamAV_Redirector.conf
redirect_program /usr/local/bin/wrapzap
redirect_children 5
# TAG: authenticate_cache_garbage_interval
#Default:
authenticate_cache_garbage_interval 1 hour
# TAG: authenticate_ttl tiempo de duracion de la ultima autenticacion de un
usuario desde una IP
#Default:
authenticate_ttl 1 hour
# TAG: authenticate_ip_ttl DEFAULT 0 tiempo que squid recordara la Ip de un
usuario
authenticate_ip_ttl 120 seconds
# -----------------------------------------------------------------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# TAG: wais_relay_host [Relay WAIS request to host (1st arg) at port (2
arg).]
# TAG: wais_relay_port
#Default:
wais_relay_port 0
# TAG: request_header_max_size (KB)
#Default:
request_header_max_size 20 KB
# TAG: request_body_max_size (KB)
#Default:
request_body_max_size 0 KB
# TAG: refresh_pattern
# usage: refresh_pattern [-i] regex min percent max [options]
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
#Default: 16 16 95
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: read_ahead_gap buffer-size
#Default: 16
read_ahead_gap 16 KB
# TAG: negative_ttl time-units
#Default: 5
negative_ttl 5 minutes
# TAG: positive_dns_ttl time-units
#Default: 6
positive_dns_ttl 8 hours
# TAG: negative_dns_ttl time-units
#Default: 3
negative_dns_ttl 3 minutes
# TAG: range_offset_limit (bytes)
#Default: 0
range_offset_limit 0 KB
# TIMEOUTS
# -----------------------------------------------------------------------------
# TAG: forward_timeout time-units
#Default: 4
forward_timeout 4 minutes
# TAG: connect_timeout time-units
#Default: 1
connect_timeout 1 minute
# TAG: peer_connect_timeout time-units
#Default: 30
peer_connect_timeout 30 seconds
# TAG: read_timeout time-units
#Default:
read_timeout 15 minutes
# TAG: request_timeout
#Default: 5
request_timeout 5 minutes
# TAG: persistent_request_timeout
#Default: 1
persistent_request_timeout 1 minute
# TAG: client_lifetime time-units
#Default: 1
client_lifetime 8 hours
# TAG: half_closed_clients
#Default: on
half_closed_clients off
# TAG: pconn_timeout
#Default: 120
pconn_timeout 120 seconds
# TAG: ident_timeout
#Default: 10
ident_timeout 10 seconds
# TAG: shutdown_lifetime time-units
#Default:
shutdown_lifetime 30 seconds
# CONTROL DE ACCESO
# -----------------------------------------------------------------------------
# TAG: acl
#acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[0-9]+\.[0-9]+$
#http_access allow direccioneslocales all
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl Autenticados proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#################################################################################################
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[157]+\.[0-9]+$
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[155]+\.[0-9]+$
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[156]+\.[0-9]+$
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[158]+\.[4]+$
#################################################################################################
#################################################################################################
# #
# INSERTAR LAS REGLAS DE CONTROL DE ACCESO #
#################################################################################################
# EFINICION DE PAS REDES AUTORIZADAS A NAVEGAR O LAS DIRECCIONES IPs
INDIVIDUALMENTE
acl red_metro src 192.168.0.0/16
# Extensiones de Archivos y ficheros denegados
acl denegar urlpath_regex -i "/etc/squid3/extensiones"
# Denegar el acceso a servidores basados en direcciones IP
# acl IPForHostname dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
# CONEXIONES MAXIMAS POR USUARIOS
acl OverConnLimit maxconn 4
# CONEXIONES DE USUARIOS POR DIRECCIONES IPs
acl ip_max max_user_ip -s 1
# Definicion del horario laboral y un poquito mas
acl horario_lab time MTWHF 07:30-18:00
# Bloquear streaming video y audio
acl useragent browser -i ^application/NSPlayer$
acl useragent browser -i ^application/Windows-Media-Player$
acl useragent browser ^application/x-msn-messenger$
#acl useragent browser Mozilla
# DEFINICION DE RESPUESTAS CON MIME INDECEABLES.
acl webRadioRep req_mime_type -i "/etc/squid3/mime_prohibidos"
# DEFINIENDO LOS NAVEGADORES PROHIBIDOS
# Como el streaming de mp3 suele NO TENER mime/type
# clasificamos tambien segun el user_agent.
acl Agente browser -i "/etc/squid3/browser"
###############################################################################################
# Errores Personalizados#
#sintaxis : deny_info direccion URL del error de la pagina [Nombre de la
regla]
#deny_info http://192.168.157.65/ denegar
acl FTP url_regex -i ^ftp://.*\.mp3$
acl FTP url_regex -i ^ftp://.*\.exe$
acl FTP url_regex -i ^ftp://.*\.mpg$
acl FTP url_regex -i ^ftp://.*\.avi$
acl FTP url_regex -i ^ftp://.*\.pdf$
acl FTP url_regex -i ^ftp://.*\.jpg$
acl FTP url_regex -i ^ftp://.*\.iso$
acl FTP url_regex -i ^ftp://.*\.zip$
acl FTP url_regex -i ^ftp://.*\.rar$
http_access allow direccioneslocales all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny Agente all
http_reply_access deny Agente all
http_reply_access deny webRadioRep
http_reply_access deny FTP
#
#
http_access deny OverConnLimit
http_access deny ip_max
http_access allow Autenticados red_metro !FTP
deny_info ERR_USER_IP_MAX ip_max
deny_info ERR_OVER_CONECTION_LIMIT OverConnLimit
###############################################################################################
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
snmp_access deny all
###############################################################################################
# Y Finalmente Denegar Todo.!!!!!!!!!!!!!!!!!!
http_access allow localhost
http_access deny all
###############################################################################################
# TAG: htcp_access
#Default:
htcp_access deny all
# TAG: htcp_clr_access
#Default:
htcp_clr_access deny all
# TAG: miss_access
#Default setting:
# miss_access allow all
# TAG: ident_lookup_access
#Default:
ident_lookup_access deny all
# TAG: reply_header_max_size (KB)
#Default: Debe ser menor de 512
reply_header_max_size 20 KB
# TAG: reply_body_max_size size [acl acl...]
#
###############################################################################################
# PARAMETROS ADMINISTRATIVOS
#
###############################################################################################
# TAG: cache_mgr
# Default:
cache_mgr enrique_at_banmet.cu
# TAG: mail_program
# Default:
mail_program mail
# TAG: cache_effective_user
# Default:
cache_effective_user proxy
# TAG: cache_effective_group
# Default:
cache_effective_group proxy
# TAG: httpd_suppress_version_string on|off
# Default:
httpd_suppress_version_string off
# TAG: visible_hostname
# Default:
visible_hostname internet-access
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
# MISCELLANEOUS
# -----------------------------------------------------------------------------
# TAG: dns_testnames
# Default:
dns_testnames banmet.cu
# TAG: logfile_rotate
# Default: para que Squid no Rote los LOGS por si Solo.
logfile_rotate 0
# TAG: tcp_recv_bufsize (bytes)
#Default:
tcp_recv_bufsize 0 bytes
# TAG: email_err_data on|off
#Default:
email_err_data on
# TAG: memory_pools on|off
#Default:
memory_pools on
# TAG: memory_pools_limit (bytes)
# Used only with memory_pools on:
# memory_pools_limit 50 MB
#Default: 5
memory_pools_limit 5 MB
# TAG: via on|off
#Default: on
via on
# TAG: forwarded_for on|off
#Default: on
forwarded_for on
# TAG: log_icp_queries on|off
#Default:
log_icp_queries on
# TAG: icp_hit_stale on|off
#Default:
icp_hit_stale off
# TAG: minimum_direct_hops
#Default:
minimum_direct_hops 4
# TAG: minimum_direct_rtt:
minimum_direct_rtt 400
# TAG: cachemgr_passwd
# TAG: store_avg_object_size (kbytes)
#Default:
store_avg_object_size 13 KB
# TAG: store_objects_per_bucket
#Default:
store_objects_per_bucket 20
# TAG: client_db on|off
#Default:
client_db on
# TAG: netdb_low
# TAG: netdb_high
#Default:
netdb_low 900
netdb_high 1000
# TAG: netdb_ping_period
#Default:
netdb_ping_period 5 minutes
# TAG: query_icmp on|off
#Default:
query_icmp off
# TAG: test_reachability on|off
#Default:
test_reachability off
# TAG: buffered_logs on|off
#Default:
buffered_logs off
# TAG: refresh_all_ims on|off
#Default:
refresh_all_ims off
# TAG: reload_into_ims on|off
#Default:
reload_into_ims off
# TAG: icon_directory
#Default:
icon_directory /usr/share/squid3/icons
# TAG: global_internal_static
#Default:
global_internal_static on
# TAG: short_icon_urls
#Default:
short_icon_urls on
# TAG: error_directory
#Default:
error_directory /usr/share/squid3/errors/Spanish
# TAG: maximum_single_addr_tries
#Default:
maximum_single_addr_tries 1
# TAG: retry_on_error
#Default:
retry_on_error off
# TAG: snmp_port
#Default:
snmp_port 3401
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0
# TAG: snmp_access
snmp_access deny all
# -----------------------------------------------------------------------------
# TAG: incoming_icp_average
# TAG: incoming_http_average
# TAG: incoming_dns_average
# TAG: min_icp_poll_cnt
# TAG: min_dns_poll_cnt
# TAG: min_http_poll_cnt
# Heavy voodoo here. I can't even believe you are reading this.
# Are you crazy? Don't even think about adjusting these unless
# you understand the algorithms in comm_select.c first!
#
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8
# TAG: max_open_disk_fds
#Default:
max_open_disk_fds 0
# TAG: offline_mode
#Default:
offline_mode off
# TAG: uri_whitespace
#Default:
uri_whitespace strip
# TAG: nonhierarchical_direct
#Default:
nonhierarchical_direct on
# TAG: prefer_direct
#Default:
prefer_direct off
# TAG: strip_query_terms
strip_query_terms on
# TAG: coredump_dir
#Default:
coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3
# TAG: redirector_bypass
#Default:
redirector_bypass off
# TAG: ignore_unknown_nameservers
#Default:
ignore_unknown_nameservers on
# TAG: client_persistent_connections
# TAG: server_persistent_connections
#Default:
client_persistent_connections on
server_persistent_connections on
# TAG: persistent_connection_after_error
#Default:
persistent_connection_after_error off
# TAG: detect_broken_pconn
#Default:
detect_broken_pconn on
# TAG: balance_on_multiple_ip
#Default:
balance_on_multiple_ip on
# TAG: pipeline_prefetch
#Default:
pipeline_prefetch off
# TAG: request_entities
#Default:
request_entities off
# TAG: high_response_time_warning (msec)
#Default:
high_response_time_warning 0
# TAG: high_page_fault_warning
#Default:
high_page_fault_warning 0
# TAG: high_memory_warning
#Default:
high_memory_warning 0
# TAG: store_dir_select_algorithm
#Default:
store_dir_select_algorithm least-load
# TAG: ie_refresh on|off
#Default:
ie_refresh off
# TAG: vary_ignore_expire on|off
#Default:
vary_ignore_expire off
# TAG: sleep_after_fork (microseconds)
#Default:
sleep_after_fork 0
# TAG: minimum_expiry_time (seconds)
#Default:
minimum_expiry_time 60 seconds
# TAG: relaxed_header_parser on|off|warn
relaxed_header_parser on
Received on Thu Jan 15 2009 - 16:32:20 MST
This archive was generated by hypermail 2.2.0 : Sun Jan 18 2009 - 12:00:02 MST