[squid-users] better squid.conf

From: Marlon Bastida <marlon.bastida_at_gmail.com>
Date: Sun, 16 Oct 2011 16:04:44 -0200

Hi,

I would like some help with this squid.conf, bellow. Because I will
try let as smaller as possible.

For example when I try to enter the word `porn` in the google box and
do a search let me static in this field and doesn`t give me an error
page.

Marlon

squid.conf
-----------------
## hostname port
http_port 3128

##visible_hostname server
error_directory /usr/share/squid/errors/Portuguese/

## memory cache and disk
cache_mem 300 MB

## object size - before 128 KB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 2 KB

## management of cache policy swap
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

## cache exclusion limits
cache_swap_low 90
cache_swap_high 95

## 8192 16 256
cache_dir ufs /var/spool/squid 10240 16 256
cache_access_log /var/log/squid/access.log
cache_store_log none

## connections
half_closed_clients off
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

## acls
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

## SSL(https)
acl SSL_ports port 443 563

## safe ports
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
acl localnetwork src 10.0.0.0/23

##### test - release sites to work without authentication
#acl websites_without_auth dstdom_regex "/etc/squid/websites_without_auth"
#always_direct allow websites_without_auth

## NCSA_AUTH authentication
auth_param basic realm ENTERPRISE
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic credentialsttl 1 hour
acl authenticated proxy_auth REQUIRED

## releases IPs from workstations without ask AUTH
acl releases_ips src "/etc/squid/releases_ips"
always_direct allow releases_ips

## block proibit words with exceptions
acl exception_words url_regex -i "/etc/squid/exception_words"
acl proibit_words url_regex -i "/etc/squid/proibit_words"
deny_info ERR_PROIBIT_WORDS proibit_words

## celebrities
acl name_celebrities url_regex -i "/etc/squid/name_celebrities"
deny_info ERR_NAME_CELEBRITIES name_celebrities

## release bank sites without going though proxy auth
acl websites_bank dstdom_regex "/etc/squid/websites_bank"
always_direct allow websites_bank

## sales dept rules
#acl users_sales proxy_auth "/etc/squid/users_sales"
#acl users_sales dstdom_regex "/etc/squid/users_sales"

## lunch hour - released sites
#acl lunch_hours time 12:00-13:00
#acl lunch_hours dstdom_regex "/etc/squid/lunch_hours

## pcp rules
#acl users_pcp proxy_auth "/etc/squid/users_pcp"

## blocked IPs
acl blocked_ips src "/etc/squid/blocked_ips"
always_direct allow blocked_ips
deny_info ERR_BLOCKED_IPS blocked_ips

## releases websites without going through AUTH
acl released_websites dstdom_regex "/etc/squid/released_websites"
always_direct allow released_websites

## blocked websites with fun pages, specific error page
acl fun_sites url_regex -i "/etc/squid/fun_sites"
deny_info ERR_FUN_SITES fun_sites

## blocked websites with specific page
acl websites_blocked url_regex -i "/etc/squid/websites_blocked"
deny_info ERR_BLOCKED_SITES websites_blocked

## blocked porn sites with specific error page
acl websites_porn url_regex -i "/etc/squid/websites_porn"
deny_info ERR_PORN_SITES websites_porn

## download banned extensions
acl banned_extension url_regex -i "/etc/squid/banned_extension"
deny_info ERR_BANNED_EXT banned_extension

## permissions rules
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

## permissions / restrictions

http_access deny banned_extension
http_access deny websites_porn
http_access deny websites_blocked
http_access deny fun_sites
http_access allow exception_words
http_access deny proibit_words
http_access deny name_celebrities
http_access allow releases_ips
http_access allow released_websites
http_access deny blocked_ips
#http_access allow lunch_hours users_pcp
#http_access deny !users_sales users_sales
http_access allow
http_access allow authenticated
#http_access allow websites_without_auth

http_access allow localhost
http_access allow localnetwork
http_access deny all
-----------------
Received on Sun Oct 16 2011 - 18:04:52 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 17 2011 - 12:00:03 MDT