[squid-users] Verify Squid.conf File

From: Tarak Ranjan <contacttrm_at_yahoo.co.in>
Date: Tue, 21 Oct 2008 09:06:05 +0100 (BST)

hi List,
can anyone provide me the url for verifying yhe
squid.conf file. & i want suggestion from the list ,
that how my current squid.conf file looks, & how can i
improve the security as wl as performance level ,

 
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 256 MB
maximum_object_size 1024 KB
cache_dir ufs /cache 10000 24 256
access_log /var/log/squid/access.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl x-type req_mime_type -i ^application/x-mplayer2$
acl x-type req_mime_type -i application/x-mplayer2
acl x-type req_mime_type -i ^application/x-oleobject$
acl x-type req_mime_type -i application/x-oleobject
acl x-type req_mime_type -i application/x-pncmd
acl x-type req_mime_type -i ^video/x-ms-asf$
acl x-type2 rep_mime_type -i ^application/x-mplayer2$
acl x-type2 rep_mime_type -i application/x-mplayer2
acl x-type2 rep_mime_type -i ^application/x-oleobject$
acl x-type2 rep_mime_type -i application/x-oleobject
acl x-type2 rep_mime_type -i application/x-pncmd
acl x-type2 rep_mime_type -i ^video/x-ms-asf$
acl blocksites dstdomain "/etc/squid/squid-block.acl"
acl extndeny url_regex -i "/etc/squid/extndeny"
acl download method GET
acl blockfiles urlpath_regex -i
"/etc/squid/multimedia.files.acl"
acl malware_block_list url_regex -i
"/etc/squid/malware_block_list.txt"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 25 # External Mail
acl Safe_ports port 110 # External Mail
acl Safe_ports port 1863 # MSN
acl Safe_ports port 4883 #Articulate TEMP
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny x-type all
http_reply_access deny x-type all
http_access deny x-type2 all
http_reply_access deny x-type2 all
http_access deny extndeny download
http_access deny extndeny
http_reply_access deny blockfiles
http_access deny blocksites
http_access deny malware_block_list
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lk_network src 192.168.1.0/24
acl localweb1 dstdomain .lk.com
http_access allow lk_network
acl local-servers1 dstdomain example.com
always_direct deny local-servers1
always_direct allow localweb1
acl local-servers2 dstdomain lk.com
always_direct deny local-servers2
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
coredump_dir /var/spool/squid

/\
Tarak

      Unlimited freedom, unlimited storage. Get it
now, on http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/

      Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Received on Tue Oct 21 2008 - 08:06:18 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 21 2008 - 12:00:04 MDT