ant2ne wrote:
> This is great, the proxy is caching about a gig a day. Below is the final and
> fine tuned squid.conf that I will put into production after school lets out
> today.
>
> administrator_at_AHSPX01:~$ cat /etc/squid/squid.conf
> http_port 3128
> acl QUERY urlpath_regex cgi-bin \?
> #no_cache deny QUERY
> cache_mem 512 MB
> maximum_object_size_in_memory 2048 KB
> maximum_object_size 1 GB
> cache_dir aufs /cache 500000 256 256
> redirect_rewrites_host_header off
> cache_replacement_policy lru
> #acl QUERY urlpath_regex cgi-bin \?
> acl all src all
> acl localnet src 10.60.0.0/255.255.0.0
> acl localhost src 127.0.0.1
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/8
> acl Safe_ports port 80 443 210 119 70 21 1025-65535
> acl SSL_Ports port 443
> acl CONNECT method CONNECT
Gah! Your http_access were permitting internal people complete access
with no safety limits again.
Make the http_access section this:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
http_access allow localnet
http_access allow localhost
http_access deny all
> icp_port 0
> refresh_pattern \.jpg$ 3600 50% 60 ignore-reload
> refresh_pattern \.gif$ 3600 50% 60 ignore-reload
> refresh_pattern \.css$ 3600 50% 60 ignore-reload
> refresh_pattern \.js$ 3600 50% 60 ignore-reload
> refresh_pattern \.html$ 300 50% 10 ignore-reload
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> #refresh_pattern . 60 50% 10 ignore-reload
> refrsh_pattern . 0 20% 4320
> visible_hostname AHSPX01
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14Received on Fri Oct 02 2009 - 01:14:10 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 02 2009 - 12:00:02 MDT