编译安装squid3.1--亲测 三

案例架设配置

http_port 222.73.248.112:3128 vhost vport

cache_peer 222.73.248.112 parent 80 0 no-query originserver weight=1 name=a1

cache_peer_domain a1  sjehzy.cn            

cache_peer 222.73.248.112 parent 80 0 no-query originserver weight=1 name=a4

cache_peer_domain a4  test.cn 

 

 

 

#

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl localhost src ::1/128

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl to_localhost dst ::1/128

 

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7   # RFC 4193 local private network range

acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged) machines

acl mydomain dstdomain sjehzy.cn

acl mydomain dstdomain test.cn

 

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

 

#

# Recommended minimum Access Permission configuration:

#

 

http_access allow mydomain

 

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

 

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

 

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

 

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

 

# And finally deny all other access to this proxy

http_access deny all

deny_info http://127.0.0.1 all

 

 

# Squid normally listens to port 3128

#http_port 3128

 

# We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

 

###

cache_mem 1000 MB

max_open_disk_fds 0

maximum_object_size 20 MB

maximum_object_size_in_memory 20 MB

 

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid/cache 1500 16 256

cache_swap_low 80

cache_swap_high 97

strip_query_terms off

request_header_max_size 10 kb

request_body_max_size 1 MB

memory_pools on

memory_pools_limit 150 MB

emulate_httpd_log o

 

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid/cache

cache_store_log /var/log/squid1/logs/store.log

###

emulate_httpd_log on

#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

cache_access_log /var/log/squid1/logs/access.log

##

#error_directory /usr/local/squid/share/errors/Simplify_Chinese

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

 

###############################

#refresh_pattern ^ftp: 60 20% 10080

#refresh_pattern ^gopher: 60 0% 1440

 

#refresh_pattern ^gopher: 60 0% 1440

#refresh_pattern . 0 20% 1440

refresh_pattern -i \.css$       360     50%     2880     reload-into-ims

refresh_pattern -i \.js$        1440    50%     2880     reload-into-ims

refresh_pattern -i \.html$      720     50%     1440     reload-into-ims

refresh_pattern -i \.jpg$       1440    90%     2880     ignore-reload

refresh_pattern -i \.gif$       1440    90%     2880     ignore-reload

refresh_pattern -i \.swf$       1440    90%     2880     ignore-reload

refresh_pattern -i \.jpg$       1440    50%     2880     ignore-reload

refresh_pattern -i \.png$       1440    50%     2880     ignore-reload

refresh_pattern -i \.bmp$       1440    50%     2880     ignore-reload

refresh_pattern -i \.doc$       1440    50%     2880      ignore-reload

refresh_pattern -i \.ppt$       1440    50%     2880      ignore-reload

refresh_pattern -i \.xls$       1440    50%     2880      ignore-reload

refresh_pattern -i \.pdf$       1440    50%     2880      ignore-reload

refresh_pattern -i \.rar$       1440    50%     2880      ignore-reload

refresh_pattern -i \.zip$       1440    50%     2880      ignore-reload

refresh_pattern -i \.txt$       1440    50%     2880      ignore-reload

###############################

cache_effective_user nobody

cache_effective_group nobody

cache_mgr hanzeyong@cheabc.com

###

dns_timeout 2 seconds

forward_timeout 30 seconds

connect_timeout 30 seconds

peer_connect_timeout 30 seconds

read_timeout 30 seconds

request_timeout 6 seconds

persistent_request_timeout 16 seconds

#

visible_hostname pic.cheabc.com

logfile_rotate 0

 

acl myip dst 127.0.0.1 222.73.248.112

http_access deny !myip