[mdlug] sample squid.conf
Dean Durant
mdlug at sbcglobal.net
Thu Jan 24 13:25:00 EST 2008
Hello, I have inherited this squid server, and I don't know that much about it. It's behind a firewall I don't control, and nobody else controls it either. So actually, it isn't a sample, it's in production. Previously when I posted asking about squid, some people offered to take a look at my squid.conf. So here it is:
(any comments are greatly appreciate, thanks!)
http_port 3128
https_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ext3 /usr/freeware/squid/cache 200 16 256
cache_access_log /usr/freeware/squid/logs/access.log
cache_log /usr/freeware/squid/logs/cache.log
cache_store_log /usr/freeware/squid/logs/store.log
pid_filename /usr/freeware/squid/logs/squid.pid
debug_options ALL,1
auth_param basic program /usr/freeware/squid/libexec/yp_auth ab11.com passwd.byname
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl fillmore dst 130.0.0.0/255.0.0.0
acl origNet src 192.9.70.0/255.255.255.0
acl ab11NetU src 130.16.64.0/255.255.192.0
acl ab11NetW src 130.16.128.0/255.255.192.0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl scanner dst 192.9.70.243
acl autoweb dst 198.172.237.21
acl SSL_ports port 443 563
acl Safe_ports port 1025-4000
acl CONNECT method CONNECT
acl lunch time 11:30-12:30
acl folmar dstdomain .cvent.com
acl cemail dstdomain .altair.com
acl cemail2 dst 12.40.128.114/32
acl cemail3 dst 63.85.107.47/32
acl 401k dstdomain .accusereonline.com
acl sapallow dst 130.10.198.10/32
acl gmutils dst 130.170.126.202/32
acl gmutils2 dstdomain pd.naeng.gm.com
acl gmutils3 dstdomain .gm.com
acl gmutils4 dst 130.170.0.0/16
acl gmutils5 port 443
acl marian src 130.16.128.127
acl ebay dstdomain .ebay.com
acl ship dstdomain .kshipijhotelroyale.com
acl sols dst 198.63.61.35
acl sols2 dstdomain www2.ab11-us.com
acl sols3 dstdomain .ab11-us.com
acl chry4 dstdomain vpmpasswd.tcc.chrysler.com
acl chry5 dstdomain roadmap.tcc.chrylser.com
acl chry6 dstdomain .chrysler.com
acl chry7 dstdomain intra-wiw.e.daimlerchrysler.com
acl chry8 dstdomain web3270.appl.daimlerchrysler.com
acl chry9 dstdomain dcanywhere.daimlerchrysler.com
acl hotel1 dstdomain .spg.com
acl hotel2 dstdomain .starwoodhotels.com
acl hotel3 dstdomain .atdmt.com
acl hotel4 dstdomain www.starwoodhotels.com
acl hotel5 dst 15.173.128.247/32
acl hotel6 dst 155.72.128.147/32
acl brasil1 dst 200.245.73.181
acl yp_user proxy_auth
acl yp_user_denied proxy_auth "/usr/freeware/squid/etc/ab11forbidden/user.txt"
acl ab11_forbidden url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_blocked.txt"
acl ab11_forbidden_always url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.always"
acl ab11_forbidden_lunch url_regex "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.lunch"
http_access allow folmar
http_access allow scanner
http_access allow autoweb
http_access allow sapallow
http_access allow cemail2
http_access allow cemail3
http_access allow 401k
http_access allow gmutils
http_access allow gmutils2
http_access allow gmutils4
http_access allow gmutils5
http_access allow ebay
http_access allow marian
http_access deny ab11_forbidden
http_access allow ab11_forbidden_lunch lunch
http_access deny ab11_forbidden_always
http_access allow ship
http_access allow sols
http_access allow sols2
http_access allow sols3
http_access allow yp_user
http_access allow chry4
http_access allow chry5
http_access allow chry6
http_access allow chry7
http_access allow chry8
http_access allow chry9
http_access allow hotel1
http_access allow hotel2
http_access allow hotel3
http_access allow hotel4
http_access allow hotel5
http_access allow hotel6
http_access allow brasil1
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow fillmore
http_access allow origNet
http_access allow ab11NetW
http_access allow ab11NetU
http_access allow cemail
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr joe.soandso at ab11-us.com
cache_effective_user squid
cache_effective_group squid
visible_hostname srvproxy228
dns_testnames netscape.com internic.net nlanr.net picosoft.com
More information about the mdlug
mailing list