[squid-users] Can a guru verify my config?

From: rightfoot <forums_at_logicore.net>
Date: Sun, 5 Apr 2009 12:18:09 -0700 (PDT)

Here's my config, which I've pieced together from posts I've found. I wanted
to get this working so that I could learn about it, fine tunning as I go.
I've yet to get SSL to work on port 443 so that's one item but the other is
that I don't know how secure this setup is so would certainly appreciate
some input.

Thanks.

cache_mgr someone
visible_hostname my-host-name
http_port 80 accel defaultsite=my-main-domain vhost

cache_peer 192.168.1.93 parent 80 0 no-query originserver
#cache_peer 192.168.1.94 parent 80 0 no-query originserver round-robin

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

# Where the cache files will be, memory and such
cache_dir ufs /var/spool/squid 40000 16 256
cache_mem 1024 MB
maximum_object_size_in_memory 32 KB

# Basic ACLs
acl all src 0.0.0.0/0.0.0.0
acl mydomain dstdomain .my-main-domain
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80
acl SSL_ports port 443
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow localhost
http_access allow all
http_access allow mydomain
http_access deny all
http_reply_access allow all

icp_access allow all
cache_effective_group squid
coredump_dir /var/spool/squid
forwarded_for on
emulate_httpd_log on
redirect_rewrites_host_header off
buffered_logs on

# Log locations and format
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
hosts_file /etc/hosts

My intent is to run a redundant LVS set in front of two squids, each facing
their own web server. I need to figure out a few fail over problems but
other than that, just want to know if this config is safe to use.

Thanks very much for any input you can offer.

-- 
View this message in context: http://www.nabble.com/Can-a-guru-verify-my-config--tp22897504p22897504.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Sun Apr 05 2009 - 19:18:15 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 06 2009 - 12:00:02 MDT