LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-27-2006, 04:40 AM   #1
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Rep: Reputation: 30
Squid.conf?


----------------------------------------------------------
http_port 80

cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 64 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 MB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru

cache_effective_user administrator
cache_dir ufs /usr/local/squid/var/cache 800 16 256
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log

ftp_list_width 32

ftp_sanitycheck on
ftp_telnet_protocol on
check_hostnames on
allow_underscore on
dns_timeout 2 minutes
authenticate_ttl 1 hour

request_header_max_size 2 MB
request_body_max_size 8 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute
range_offset_limit 0 KB

forward_timeout 4 minutes
connect_timeout 120 seconds
peer_connect_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients off
pconn_timeout 120 seconds

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl myclients src 192.168.0.101-192.168.0.200

acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

acl allowedsites dstdomain "/usr/local/squid/etc/allowedsites.txt"

http_access allow myclients allowedsites
http_access deny !Safe_ports

http_reply_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny all

icp_access allow all
miss_access allow all
reply_header_max_size 20 KB

visible_hostname administrator

memory_pools off
forwarded_for on
store_avg_object_size 13 KB
store_objects_per_bucket 20
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
---------------------------------------------------------

-hi i am trying to setup a proxy server for our small network consisting of 10 XP2 units and all users of these units are only allowed to surf the net so im trying to use squid as our proxy server and configure it to control the websites that our users can only visit. the configuration above is a testing configuration i am not familiar with squid but i was able to find a good manual about squid configurations. so i only copied the configurations which i think is applicable to our network and its the one stated above. all of the configurations that i copied are default configurations and i only change some of the values. when i tested it, it works and i was able to blocklist all websites and allow only those that i want. my problems is that units configured to use the proxy server(squid) has a slow access on the internet but if they are not configured to use the proxy server there internet access is fast. so my guess is maybe there is something wrong with my squid config. can anyone pls check the configuration above to see whats wrong with it.tnx!
 
Old 10-27-2006, 06:21 AM   #2
ele0100443
LQ Newbie
 
Registered: Oct 2006
Location: Sokoto, Nigeria
Distribution: RedHat, Mandrake
Posts: 15

Rep: Reputation: 0
Cool

Put your allowedsite.txt in the dir "/etc/squid"
can try this in your squid.conf configuration:
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 2000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 KB
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 50000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl allowedsites dstdomain "/etc/squid/allowedsites.txt"
http_access allow myclients allowedsites
http_access deny !Safe_ports
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_port
acl myclients src 192.168.0.101-192.168.0.200
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
coredump_dir /var/spool/squid

YOU CAN ALSO REMOVE THEALLOWED SITES LIST FROM THE SQUID IT WILL DEFINATELY INCREASE THE RESPONCE TIME OF YOUR PROXY
 
Old 10-27-2006, 06:55 AM   #3
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Original Poster
Rep: Reputation: 30
-can you please explain to me what would be the effect of these.tnx

cache_mem 256 MB
maximum_object_size 2000 KB
maximum_object_size_in_memory 4 KB
cache_dir ufs /var/spool/squid 50000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl allowedsites dstdomain "/etc/squid/allowedsites.txt"
http_access allow myclients allowedsites
http_access deny !Safe_ports
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
acl myclients src 192.168.0.101-192.168.0.200
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
coredump_dir /var/spool/squid
 
Old 10-27-2006, 09:51 AM   #4
nayyares
Member
 
Registered: Oct 2006
Location: JNB, SA
Posts: 33

Rep: Reputation: 15
Hi,

I recommend you to increase cache_mem size as much as possible and further make a handsome amount of cache_dir size, even in my case i took almost 80GB HDD for caching. you can even find many howtos on high-performace-squid at google and even sometime the filesystem also make difference. if you need i will send you my squid.conf as an example, that squid has been using for arround 500 clients

thanks
 
Old 10-27-2006, 08:58 PM   #5
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Original Poster
Rep: Reputation: 30
-thanks nayyares that would be nice. this is the email address where you can send your squid.conf batas_ng_bayan@yahoo.combatas_ng_bayan@yahoo.com
 
Old 10-28-2006, 03:49 AM   #6
albeniz
LQ Newbie
 
Registered: Aug 2006
Posts: 6

Rep: Reputation: 0
pleas send to me

hi

i have PC for thise work (cpu 3G - ram 2Gig - hard scasi 15rpm 36G)
pleas help me what is the for thise hardware best squid.conf and config iptables?
pleas send to me the best squid.conf.(m_albeniz@yahoo.com)
thanks

Last edited by albeniz; 10-28-2006 at 03:54 AM.
 
Old 11-16-2006, 03:21 PM   #7
cj_cheema
Member
 
Registered: Mar 2006
Location: INDIA
Distribution: RedHat, SuSE, Debian
Posts: 156

Rep: Reputation: 15
Hi
Nayyares first of all Aslaam Walekum can u also send me ur squid configuration file on my mail ie cj_cheema@hotmail.com. Thanx
Regards
CJ Cheema

Last edited by cj_cheema; 11-16-2006 at 03:22 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID for blocking yahoo and msn [inc squid.conf] chrisfirestar Linux - Security 10 03-03-2008 08:33 AM
need examples of squid.conf & dansguardian.conf jocast Linux - Software 1 05-11-2006 04:47 PM
Squid.conf jocast Linux - Software 2 03-20-2006 05:23 PM
squid conf: squid failed when I type insert redirect_program /usr/bin/squidguard Niceman2005 Linux - Software 1 11-24-2004 02:29 PM
squid.conf... need help! paeng16 Linux - General 0 05-25-2004 10:39 PM


All times are GMT -5. The time now is 07:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration