[squid-users] Re: anyOne who has working ssl_bump configuration for facebook ???

Thanks all for giving time at my post

Here is my squid conf.

acl snmppublic snmp_community public
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl zainnet src 192.168.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 1935 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access deny noway
http_access allow manager localhost
http_access allow bamboe
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
htcp_access deny all
miss_access allow all

http_port 3129
http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

# MEMORY CACHE OPTIONS
cache_mem 1024 MB
maximum_object_size_in_memory 16 KB

# DISK CACHE OPTIONS
cache_replacement_policy heap LFUDA
cache_dir aufs /cache 160000 64 256
store_dir_select_algorithm least-load
minimum_object_size 16 KB
maximum_object_size 512 MB
cache_swap_low 97
cache_swap_high 99

#LOGFILE OPTIONS
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none
cache_swap_log /etc/squid/swap/swap.state
logfile_rotate 5
log_fqdn off
log_icp_queries off
buffered_logs off
emulate_httpd_log off

#OPTIONS FOR TUNING THE CACHE
refresh_pattern -i \.swf$ 20160 80% 20160 override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.gif$ 20160 80% 20160 override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.jpg$ 20160 80% 20160 override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.jpeg$ 20160 80% 20160 override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
refresh_pattern -i \.exe$ 20160 80% 20160 override-expire override-lastmod
reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth

# 1 year = 525600 mins, 1 month = 20160 mins, 1 day = 1440
refresh_pattern
^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).*
20160 20% 20160 ignore-no-cache ignore-private override-expire
ignore-reload ignore-auth
refresh_pattern ^.*safebrowsing.*google
20160 80% 20160 override-expire ignore-reload ignore-no-cache ignore-private
ignore-auth
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk)
20160 80% 20160 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg
20160 80% 20160 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)
20160 80% 20160 override-expire ignore-reload
refresh_pattern garena\.com
20160 80% 20160 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
20160 80% 20160 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?
20160 80% 20160 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
20160 80% 20160 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.
20160 80% 20160 reload-into-ims ignore-no-cache ignore-reload
override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/
20160 80% 20160 reload-into-ims ignore-no-cache ignore-reload
override-expire
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9])
20160 80% 20160 override-expire ignore-reload ignore-no-cache
ignore-private ignore-auth override-lastmod
#images facebook
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif)
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
20160 80% 20160 ignore-reload override-expire ignore-no-cache

#All File
refresh_pattern -i
\.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 20160
80% 20160 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 20160
80% 20160 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 20160
80% 20160 ignore-no-cache override-expire override-lastmod reload-into-ims
refresh_pattern -i
\.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob)
20160 80% 20160 ignore-no-cache override-expire override-lastmod
reload-into-ims
refresh_pattern -i
\.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv)
20160 80% 20160 ignore-no-cache override-expire override-lastmod
reload-into-ims
refresh_pattern ^ftp: 1440 90% 201600 override-lastmod
reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440 override-lastmod
reload-into-ims
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 80% 20160 override-lastmod
reload-into-ims

#SNMP OPTIONS
snmp_port 3401
snmp_access allow snmppublic zainnet
snmp_access deny all

#another optimizing
memory_pools off
client_db off
coredump_dir /cache
reload_into_ims on
balance_on_multiple_ip on
vary_ignore_expire on
pipeline_prefetch on
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
shutdown_lifetime 10 seconds
half_closed_clients off
cache_effective_user squid
cache_effective_group squid
dns_nameservers 192.168.7.1 8.8.8.8 8.8.4.4
ipcache_size 2048
ipcache_low 90
ipcache_high 95

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/anyOne-who-has-working-ssl-bump-configuration-for-facebook-tp4663452p4663458.html
Sent from the Squid - Users mailing list archive at Nabble.com.