[mdlug] sample squid.conf

Dean Durant mdlug at sbcglobal.net
Thu Jan 24 13:25:00 EST 2008 

Hello, I have inherited this squid server, and I don't know that much about it.   It's behind a firewall I don't control, and nobody else controls it either.  So actually, it isn't a sample, it's in production.   Previously when I posted asking about squid, some people offered to take a look at my squid.conf.    So here it is:
(any comments are greatly appreciate, thanks!)

http_port 3128

https_port 3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ext3 /usr/freeware/squid/cache 200 16 256

cache_access_log /usr/freeware/squid/logs/access.log

cache_log /usr/freeware/squid/logs/cache.log

cache_store_log /usr/freeware/squid/logs/store.log

pid_filename /usr/freeware/squid/logs/squid.pid

debug_options ALL,1

auth_param basic program /usr/freeware/squid/libexec/yp_auth ab11.com passwd.byname
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl fillmore dst 130.0.0.0/255.0.0.0
acl origNet src 192.9.70.0/255.255.255.0
acl ab11NetU src 130.16.64.0/255.255.192.0
acl ab11NetW src 130.16.128.0/255.255.192.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl scanner dst 192.9.70.243
acl autoweb dst 198.172.237.21
acl SSL_ports port 443 563
acl Safe_ports port 1025-4000
acl CONNECT method CONNECT
acl lunch time 11:30-12:30


acl folmar dstdomain .cvent.com
acl cemail  dstdomain  .altair.com
acl cemail2 dst 12.40.128.114/32
acl cemail3 dst 63.85.107.47/32
acl 401k dstdomain .accusereonline.com 
acl sapallow dst 130.10.198.10/32
acl gmutils dst 130.170.126.202/32
acl gmutils2 dstdomain pd.naeng.gm.com
acl gmutils3 dstdomain .gm.com
acl gmutils4 dst 130.170.0.0/16
acl gmutils5 port 443
acl marian src 130.16.128.127
acl ebay dstdomain .ebay.com
acl ship dstdomain .kshipijhotelroyale.com
acl sols dst 198.63.61.35
acl sols2 dstdomain www2.ab11-us.com
acl sols3 dstdomain .ab11-us.com
acl chry4 dstdomain vpmpasswd.tcc.chrysler.com
acl chry5 dstdomain roadmap.tcc.chrylser.com
acl chry6 dstdomain .chrysler.com
acl chry7 dstdomain intra-wiw.e.daimlerchrysler.com
acl chry8 dstdomain web3270.appl.daimlerchrysler.com
acl chry9 dstdomain dcanywhere.daimlerchrysler.com
acl hotel1 dstdomain .spg.com
acl hotel2 dstdomain .starwoodhotels.com
acl hotel3 dstdomain .atdmt.com
acl hotel4 dstdomain www.starwoodhotels.com
acl hotel5 dst 15.173.128.247/32
acl hotel6 dst 155.72.128.147/32
acl brasil1 dst 200.245.73.181


acl yp_user proxy_auth

acl yp_user_denied proxy_auth "/usr/freeware/squid/etc/ab11forbidden/user.txt" 

acl ab11_forbidden url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_blocked.txt" 
 
acl ab11_forbidden_always url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.always" 
acl ab11_forbidden_lunch url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.lunch" 
http_access allow folmar
http_access allow scanner
http_access allow autoweb
http_access allow sapallow
http_access allow cemail2
http_access allow cemail3
http_access allow 401k
http_access allow gmutils
http_access allow gmutils2
http_access allow gmutils4
http_access allow gmutils5
http_access allow ebay
http_access allow marian
http_access deny ab11_forbidden
http_access allow ab11_forbidden_lunch lunch
http_access deny ab11_forbidden_always
http_access allow ship
http_access allow sols
http_access allow sols2
http_access allow sols3
http_access allow yp_user 
http_access allow chry4
http_access allow chry5
http_access allow chry6
http_access allow chry7
http_access allow chry8
http_access allow chry9
http_access allow hotel1
http_access allow hotel2
http_access allow hotel3
http_access allow hotel4
http_access allow hotel5
http_access allow hotel6
http_access allow brasil1
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow fillmore
http_access allow origNet
http_access allow ab11NetW
http_access allow ab11NetU
http_access allow cemail

http_access deny all

http_reply_access allow all

icp_access allow all


cache_mgr joe.soandso at ab11-us.com 

cache_effective_user squid 
cache_effective_group squid 
visible_hostname srvproxy228


dns_testnames netscape.com internic.net nlanr.net picosoft.com

More information about the mdlug mailing list