# WELCOME TO SQUID 2 # ------------------ # # This is the Syn-3 Squid configuration file. You may wish # to look at the Squid home page (http://www.squid-cache.org/) # for the FAQ and other documentation. # NETWORK OPTIONS # ----------------------------------------------------------------------------- # TAG: http_port #Default: http_port 3128 http_port 3129 transparent # TAG: https_port # Note: This option is only available if Squid is rebuilt with the # --enable-ssl option #Default: # none # TAG: ssl_unclean_shutdown # Note: This option is only available if Squid is rebuilt with the # --enable-ssl option #Default: # ssl_unclean_shutdown off # TAG: icp_port #Default: # icp_port 3130 # TAG: htcp_port #Default: # htcp_port 4827 # TAG: mcast_groups #Default: # none # TAG: udp_incoming_address # TAG: udp_outgoing_address #Default: # udp_incoming_address 0.0.0.0 # udp_outgoing_address 255.255.255.255 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- # TAG: cache_peer #Default: # none # TAG: cache_peer_domain #Default: # none # TAG: neighbor_type_domain #Default: # none # TAG: icp_query_timeout (msec) #Default: # icp_query_timeout 0 # TAG: maximum_icp_query_timeout (msec) #Default: # maximum_icp_query_timeout 2000 # TAG: mcast_icp_query_timeout (msec) #Default: # mcast_icp_query_timeout 2000 # TAG: dead_peer_timeout (seconds) #Default: # dead_peer_timeout 10 seconds # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # TAG: no_cache acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) #Default: cache_mem 32 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) #Default: # cache_swap_low 90 # cache_swap_high 95 # TAG: maximum_object_size (bytes) #Default: maximum_object_size 4096 KB # TAG: minimum_object_size (bytes) #Default: # minimum_object_size 0 KB # TAG: maximum_object_size_in_memory (bytes) #Default: # maximum_object_size_in_memory 8 KB # TAG: ipcache_size (number of entries) # TAG: ipcache_low (percent) # TAG: ipcache_high (percent) # The size, low-, and high-water marks for the IP cache. # #Default: # ipcache_size 1024 # ipcache_low 90 # ipcache_high 95 # TAG: fqdncache_size (number of entries) #Default: # fqdncache_size 1024 # TAG: cache_replacement_policy #Default: # cache_replacement_policy lru # TAG: memory_replacement_policy #Default: # memory_replacement_policy lru # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- # TAG: cache_dir cache_dir ufs /home/system/proxy/cache 2048 16 256 # TAG: cache_access_log access_log /var/log/squid/access.log # TAG: cache_log cache_log none # TAG: cache_store_log cache_store_log none # TAG: cache_swap_log #Default: # none # TAG: emulate_httpd_log on|off #Default: # emulate_httpd_log off # TAG: log_ip_on_direct on|off #Default: # log_ip_on_direct on # TAG: mime_table #Default: # mime_table /etc/mime.conf # TAG: log_mime_hdrs on|off #Default: # log_mime_hdrs off # TAG: useragent_log # Note: This option is only available if Squid is rebuilt with the # --enable-useragent-log option #Default: # none # TAG: referer_log # Note: This option is only available if Squid is rebuilt with the # --enable-referer-log option #Default: # none # TAG: pid_filename pid_filename /var/run/squid.pid # TAG: debug_options #Default: # debug_options ALL,1 # TAG: log_fqdn on|off #Default: # log_fqdn off # TAG: client_netmask #Default: # client_netmask 255.255.255.255 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- # TAG: ftp_user #Default: # ftp_user Squid@ # TAG: ftp_list_width #Default: # ftp_list_width 32 # TAG: ftp_passive #Default: # ftp_passive on # TAG: ftp_sanitycheck #Default: # ftp_sanitycheck on # TAG: ftp_telnet_protocol #Default: # ftp_telnet_protocol on # TAG: cache_dns_program # Note: This option is only available if Squid is rebuilt with the # --disable-internal-dns option #Default: # cache_dns_program /usr/bin/dnsserver # TAG: dns_children # Note: This option is only available if Squid is rebuilt with the # --disable-internal-dns option #Default: # dns_children 5 # TAG: dns_retransmit_interval #Default: # dns_retransmit_interval 5 seconds # TAG: dns_timeout #Default: # dns_timeout 2 minutes # TAG: dns_defnames on|off # Note: This option is only available if Squid is rebuilt with the # --disable-internal-dns option #Default: # dns_defnames off # TAG: dns_nameservers #Default: # none # TAG: hosts_file hosts_file /etc/hosts # TAG: diskd_program #Default: # diskd_program /usr/bin/diskd # TAG: unlinkd_program #Default: # unlinkd_program /usr/bin/unlinkd # TAG: pinger_program # Note: This option is only available if Squid is rebuilt with the # --enable-icmp option #Default: # pinger_program /usr/bin/pinger # TAG: redirect_program #Default: # none # TAG: redirect_children #Default: # redirect_children 5 # TAG: redirect_rewrites_host_header #Default: # redirect_rewrites_host_header on # TAG: redirector_access #Default: # none # TAG: auth_param #auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp #auth_param ntlm children 5 auth_param basic program /usr/bin/squid_ldap_auth -v 3 -u uid -b "ou=Users,dc=syn-3" -h ldap-master auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # TAG: authenticate_cache_garbage_interval #Default: authenticate_cache_garbage_interval 1 minute # TAG: authenticate_ttl #Default: authenticate_ttl 1 minute # TAG: authenticate_ip_ttl #Default: # authenticate_ip_ttl 0 seconds # TAG: external_acl_type #Default: # none external_acl_type ldap_group ttl=300 %LOGIN /usr/bin/squid_ldap_group -b "ou=Groups,dc=syn-3" -h ldap-master -f "(&(memberuid=%v)(cn=%a))" external_acl_type wbinfo_group %LOGIN /usr/bin/wbinfo_group.pl # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # TAG: wais_relay_host # TAG: wais_relay_port # Relay WAIS request to host (1st arg) at port (2 arg). # #Default: # wais_relay_port 0 # TAG: request_header_max_size (KB) #Default: # request_header_max_size 20 KB # TAG: request_body_max_size (KB) #Default: # request_body_max_size 0 KB # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # TAG: quick_abort_min (KB) # TAG: quick_abort_max (KB) # TAG: quick_abort_pct (percent) #Default: # quick_abort_min 16 KB # quick_abort_max 16 KB # quick_abort_pct 95 # TAG: negative_ttl time-units #Default: # negative_ttl 5 minutes # TAG: positive_dns_ttl time-units #Default: # positive_dns_ttl 6 hours # TAG: negative_dns_ttl time-units #Default: # negative_dns_ttl 1 minute # TAG: range_offset_limit (bytes) #Default: # range_offset_limit 0 KB # TIMEOUTS # ----------------------------------------------------------------------------- # TAG: forward_timeout time-units #Default: # forward_timeout 4 minutes # TAG: connect_timeout time-units #Default: # connect_timeout 1 minute # TAG: peer_connect_timeout time-units #Default: # peer_connect_timeout 30 seconds # TAG: read_timeout time-units #Default: # read_timeout 15 minutes # TAG: request_timeout #Default: # request_timeout 5 minutes # TAG: persistent_request_timeout #Default: # persistent_request_timeout 1 minute # TAG: client_lifetime time-units #Default: # client_lifetime 1 day # TAG: half_closed_clients #Default: # half_closed_clients on # TAG: pconn_timeout #Default: # pconn_timeout 120 seconds # TAG: ident_timeout #Default: # ident_timeout 10 seconds # TAG: shutdown_lifetime time-units #Default: shutdown_lifetime 1 seconds # ACCESS CONTROLS acl syn3SourceList_private_adressen src "/home/system/proxy/filterlists/SourceList_private_adressen" acl syn3SourceList_All src "/home/system/proxy/filterlists/SourceList_All" acl syn3PortList_SSL_Ports port "/home/system/proxy/filterlists/PortList_SSL_Ports" acl syn3DestList_to_localhost dst "/home/system/proxy/filterlists/DestList_to_localhost" acl syn3SourceList_localhost src "/home/system/proxy/filterlists/SourceList_localhost" acl syn3PortList_Safe_ports port "/home/system/proxy/filterlists/PortList_Safe_ports" acl syn3domainIP_Default url_regex "/home/system/proxy/filterlists/domainIP_Default" acl syn3Group_Internet external ldap_group Internet acl syn3ReqPro_Management_protocol proto "/home/system/proxy/filterlists/ReqPro_Management_protocol" acl syn3ReqHead_CONNECT method "/home/system/proxy/filterlists/ReqHead_CONNECT" # TAG: http_access http_access deny syn3ReqPro_Management_protocol http_access deny !syn3PortList_Safe_ports http_access deny !syn3PortList_SSL_Ports syn3ReqHead_CONNECT http_access deny syn3DestList_to_localhost http_access allow syn3SourceList_localhost http_access deny !syn3SourceList_private_adressen http_access allow syn3SourceList_All #syn3default_rules # TAG: http_reply_access #Default: # http_reply_access allow all # #Recommended minimum configuration: # Insert your own rules here. # and finally allow by default http_reply_access allow syn3SourceList_All # TAG: icp_access #Default: # icp_access deny all # #Allow ICP queries from everyone icp_access allow syn3SourceList_All # TAG: miss_access #Default setting: miss_access allow syn3SourceList_All # TAG: follow_x_forwarded_for follow_x_forwarded_for allow syn3SourceList_localhost # TAG: cache_peer_access #Default: # none # TAG: ident_lookup_access #Default: ident_lookup_access deny syn3SourceList_All # TAG: tcp_outgoing_tos #Default: # none # TAG: tcp_outgoing_address #Default: # none # TAG: reply_header_max_size (KB) #Default: # reply_header_max_size 20 KB # TAG: reply_body_max_size bytes allow|deny acl acl... #Default: reply_body_max_size 0 allow syn3SourceList_All # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_mgr #Default: # cache_mgr webmaster # TAG: cache_effective_user #Default: cache_effective_user nobody # TAG: cache_effective_group #Default: cache_effective_group nogroup # TAG: visible_hostname #Default: # none # TAG: unique_hostname #Default: # none # TAG: hostname_aliases #Default: # none # OPTIONS FOR THE CACHE REGISTRATION SERVICE # ----------------------------------------------------------------------------- # TAG: announce_period #Default: # announce_period 0 # #To enable announcing your cache, just uncomment the line below. #announce_period 1 day # TAG: announce_host # TAG: announce_file # TAG: announce_port #Default: # announce_host tracker.ircache.net # announce_port 3131 # HTTPD-ACCELERATOR OPTIONS # ----------------------------------------------------------------------------- # TAG: httpd_accel_host # TAG: httpd_accel_port #Default: # httpd_accel_port 80 # TAG: httpd_accel_single_host on|off #Default: # httpd_accel_single_host off # TAG: httpd_accel_with_proxy on|off #Default: # httpd_accel_with_proxy off # TAG: httpd_accel_uses_host_header on|off #Default: # httpd_accel_uses_host_header off # MISCELLANEOUS # ----------------------------------------------------------------------------- # TAG: dns_testnames #Default: # dns_testnames netscape.com internic.net nlanr.net microsoft.com # TAG: logfile_rotate #Default: # logfile_rotate 10 # TAG: append_domain #Default: # none # TAG: tcp_recv_bufsize (bytes) #Default: # tcp_recv_bufsize 0 bytes # TAG: err_html_text #Default: # none # TAG: deny_info #Default: # none # TAG: memory_pools on|off #Default: # memory_pools on # TAG: memory_pools_limit (bytes) #Default: # memory_pools_limit 5 MB # TAG: forwarded_for on|off #Default: # forwarded_for on # TAG: log_icp_queries on|off #Default: # log_icp_queries on # TAG: icp_hit_stale on|off #Default: # icp_hit_stale off # TAG: minimum_direct_hops #Default: # minimum_direct_hops 4 # TAG: minimum_direct_rtt #Default: # minimum_direct_rtt 400 # TAG: cachemgr_passwd #Default: # none # TAG: store_avg_object_size (kbytes) #Default: # store_avg_object_size 13 KB # TAG: store_objects_per_bucket #Default: # store_objects_per_bucket 20 # TAG: client_db on|off #Default: # client_db on # TAG: netdb_low # TAG: netdb_high #Default: # netdb_low 900 # netdb_high 1000 # TAG: netdb_ping_period #Default: # netdb_ping_period 5 minutes # TAG: query_icmp on|off #Default: # query_icmp off # TAG: test_reachability on|off #Default: # test_reachability off # TAG: buffered_logs on|off #Default: # buffered_logs off # TAG: reload_into_ims on|off #Default: # reload_into_ims off # TAG: always_direct #Default: # none # TAG: never_direct #Default: # none # TAG: header_access # Usage: header_access header_name allow|deny [!]aclname ... # # WARNING: Doing this VIOLATES the HTTP standard. Enabling # this feature could make you liable for problems which it # causes. #Default: # none # TAG: header_replace # By default, headers are removed if denied. #Default: # none # TAG: icon_directory # Where the icons are stored. These are normally kept in #Default: # icon_directory /usr/share/icons # TAG: short_icon_urls #Default: # short_icon_urls off # TAG: error_directory #Default: # error_directory /usr/share/errors/English # TAG: maximum_single_addr_tries #Default: # maximum_single_addr_tries 1 # TAG: snmp_port #Default: # snmp_port 3401 # TAG: snmp_access #Example: # snmp_access allow snmppublic localhost # snmp_access deny all # #Default: # snmp_access deny all # TAG: snmp_incoming_address # TAG: snmp_outgoing_address #Default: # snmp_incoming_address 0.0.0.0 # snmp_outgoing_address 255.255.255.255 # TAG: as_whois_server #Default: # as_whois_server whois.ra.net # as_whois_server whois.ra.net # TAG: wccp_router # Use this option to define your WCCP ``home'' router for # Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) # disables WCCP. # #Default: # wccp_router 0.0.0.0 # TAG: wccp_version #Default: # wccp_version 4 # TAG: wccp_incoming_address # TAG: wccp_outgoing_address #Default: # wccp_incoming_address 0.0.0.0 # wccp_outgoing_address 255.255.255.255 # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) # ----------------------------------------------------------------------------- # TAG: delay_pools # Note: This option is only available if Squid is rebuilt with the # --enable-delay-pools option #Default: # delay_pools 0 # TAG: delay_class # Note: This option is only available if Squid is rebuilt with the # --enable-delay-pools option #Default: # none # TAG: delay_access # Note: This option is only available if Squid is rebuilt with the # --enable-delay-pools option #Default: # none # TAG: delay_parameters # Note: This option is only available if Squid is rebuilt with the # --enable-delay-pools option #delay_parameters pool aggregate #delay_parameters pool aggregate individual #delay_parameters pool aggregate network individual #delay_parameters 1 -1/-1 8000/8000 #delay_parameters 2 32000/32000 8000/8000 600/8000 #Default: # none # TAG: delay_initial_bucket_level (percent, 0-100) # Note: This option is only available if Squid is rebuilt with the # --enable-delay-pools option #Default: # delay_initial_bucket_level 50 # TAG: incoming_icp_average # TAG: incoming_http_average # TAG: incoming_dns_average # TAG: min_icp_poll_cnt # TAG: min_dns_poll_cnt # TAG: min_http_poll_cnt # Heavy voodoo here. I can't even believe you are reading this. # Are you crazy? Don't even think about adjusting these unless # you understand the algorithms in comm_select.c first! # #Default: # incoming_icp_average 6 # incoming_http_average 4 # incoming_dns_average 4 # min_icp_poll_cnt 8 # min_dns_poll_cnt 8 # min_http_poll_cnt 8 # TAG: max_open_disk_fds #Default: # max_open_disk_fds 0 # TAG: offline_mode #Default: # offline_mode off # TAG: uri_whitespace #Default: # uri_whitespace strip # TAG: broken_posts #Default: # none # TAG: mcast_miss_addr # Note: This option is only available if Squid is rebuilt with the # -DMULTICAST_MISS_STREAM option #Default: # mcast_miss_addr 255.255.255.255 # TAG: mcast_miss_ttl # Note: This option is only available if Squid is rebuilt with the # -DMULTICAST_MISS_TTL option #Default: # mcast_miss_ttl 16 # TAG: mcast_miss_port # Note: This option is only available if Squid is rebuilt with the # -DMULTICAST_MISS_STREAM option #Default: # mcast_miss_port 3135 # TAG: mcast_miss_encode_key # Note: This option is only available if Squid is rebuilt with the # -DMULTICAST_MISS_STREAM option #Default: # mcast_miss_encode_key XXXXXXXXXXXXXXXX # TAG: nonhierarchical_direct #Default: # nonhierarchical_direct on # TAG: prefer_direct #Default: # prefer_direct off # TAG: strip_query_terms # By default, Squid strips query terms from requested URLs before # logging. This protects your user's privacy. # #Default: # strip_query_terms on # TAG: coredump_dir #Default: # coredump_dir none # # Leave coredumps in the first cache dir coredump_dir /var/cache # TAG: redirector_bypass #Default: # redirector_bypass off # TAG: ignore_unknown_nameservers #Default: # ignore_unknown_nameservers on # TAG: digest_generation # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_generation on # TAG: digest_bits_per_entry # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_bits_per_entry 5 # TAG: digest_rebuild_period (seconds) # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_rebuild_period 1 hour # TAG: digest_rewrite_period (seconds) # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_rewrite_period 1 hour # TAG: digest_swapout_chunk_size (bytes) # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_swapout_chunk_size 4096 bytes # TAG: digest_rebuild_chunk_percentage (percent, 0-100) # Note: This option is only available if Squid is rebuilt with the # --enable-cache-digests option #Default: # digest_rebuild_chunk_percentage 10 # TAG: chroot #Default: # none # TAG: client_persistent_connections # TAG: server_persistent_connections #Default: # client_persistent_connections on # server_persistent_connections on # TAG: detect_broken_pconn #Default: # detect_broken_pconn off # TAG: balance_on_multiple_ip #Default: # balance_on_multiple_ip on # TAG: pipeline_prefetch #Default: # pipeline_prefetch off # TAG: extension_methods #Default: # none # TAG: request_entities #Default: # request_entities off # TAG: high_response_time_warning (msec) #Default: # high_response_time_warning 0 # TAG: high_page_fault_warning #Default: # high_page_fault_warning 0 # TAG: high_memory_warning #Default: # high_memory_warning 0 # TAG: store_dir_select_algorithm #Default: # store_dir_select_algorithm least-load # TAG: forward_log #Default: # none # TAG: ie_refresh on|off #Default: # ie_refresh off # TAG: vary_ignore_expire on|off #Default: # vary_ignore_expire off # TAG: sleep_after_fork (microseconds) #Default: # sleep_after_fork 0