# Name : squid.conf # Version : 0.1 04/11/1998 # Author : Donovan Baarda # Description : Recomended APANA squid.conf proxy configuration file for # Melbourne Region APANA sites. # # For more recent versions of this file, send email to; # proxymaster@melb.apana.org.au. # # Not all options are shown, only those that are important or that are # most likely to be tweaked to suit different sites. Options shown but # commented out are either at default settings or show optional settings. # Ensure that the following fields are set as appropriate for your site; # # your proxyserver's hostname # your webserver's hostname # your ftpserver's hostname if you have one # your webserver's ip address (with cachemgr) # your first subnet # your second subnet if you have one # your cache size (disk space) in MBytes # your cachemgr password # # NOTE: if you have alternative parent proxys accessed via a supplementary # link, it would be nice if you could let proxymaster@melb.apana.org.au know. # It may be beneficial for APANA to use your proxy as a sibling. # Your proxy port configuration #http_port 3128 #icp_port 3130 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM #----------------------------------------------------------------------------- # Your parent and sibling proxys. cache_host proxy.melb.apana.org.au parent 3128 3130 default # Not recommended: force all non-apana requests through parents. #inside_firewall apana.org.au # Go direct for melbourne hub machines. Add your local domain if you have one. local_domain melb.apana.org.au # Recomended: turn off ICP when you have a single parent. single_parent_bypass on # If using ICP and link is buisy (RTT to hub >=2sec), extend this to 3~4 secs. neighbor_timeout 2 # Go direct for all dynamic and local pages. # Add a line for all local ftp, web, gopher etc servers. hierarchy_stoplist cgi-bin ? hierarchy_stoplist .apana.org.au #hierarchy_stoplist .apana.org.au # Don't cache all dynamic and local pages. # Add a line for all local ftp, web, gopher etc servers. cache_stoplist cgi-bin ? cache_stoplist .apana.org.au #cache_stoplist .apana.org.au # OPTIONS WHICH AFFECT THE CACHE SIZE #----------------------------------------------------------------------------- cache_mem 24 cache_swap maximum_object_size 24576 # LOGFILE PATHNAMES AND CACHE DIRECTORIES #----------------------------------------------------------------------------- # Best to set these to your distribution's defaults. cache_dir /var/spool/cache #cache_access_log /var/log/squid/access.log #cache_log /var/log/squid/cache.log #cache_store_log /var/log/squid/store.log #cache_swap_log #emulate_httpd_log off #log_mime_hdrs off #useragent_log none #pid_filename /var/run/squid.pid debug_options ALL,1 #ident_lookup off #log_fqdn off #client_netmask 255.255.255.255 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS #----------------------------------------------------------------------------- # FTP user for anon-ftp gets. Set to a valid email address at your site. ftp_user proxy@.apana.org.au dns_children 4 #dns_defnames off #redirect_program /bin/false #redirect_children 5 # OPTIONS FOR TUNING THE CACHE #----------------------------------------------------------------------------- #request_size 100 # The following refresh patterns are taken unchanged from the AUIX/VIX group. ################################################# ### SA Peering Squid Refresh Patterns ### ### ### ### Version 1.1 ### ### 10/10/97 ### ### ### ### For Updates check: ### ### http://auix.esc.net.au/auix/refresh ### ################################################# refresh_pattern/i \.gif$ 10080 90% 43200 refresh_pattern/i \.jpg$ 10080 90% 43200 refresh_pattern/i \.bom\.gov\.au 30 20% 120 refresh_pattern/i \.html$ 480 50% 22160 refresh_pattern/i \.htm$ 480 50% 22160 refresh_pattern/i \.class$ 10080 90% 43200 refresh_pattern/i \.zip$ 10080 90% 43200 refresh_pattern/i \.jpeg$ 10080 90% 43200 refresh_pattern/i \.mid$ 10080 90% 43200 refresh_pattern/i \.shtml$ 480 50% 22160 refresh_pattern/i \.exe$ 10080 90% 43200 refresh_pattern/i \.thm$ 10080 90% 43200 refresh_pattern/i \.wav$ 10080 90% 43200 refresh_pattern/i \.txt$ 10080 90% 43200 refresh_pattern/i \.cab$ 10080 90% 43200 refresh_pattern/i \.au$ 10080 90% 43200 refresh_pattern/i \.mov$ 10080 90% 43200 refresh_pattern/i \.xbm$ 10080 90% 43200 refresh_pattern/i \.ram$ 10080 90% 43200 refresh_pattern/i \.avi$ 10080 90% 43200 refresh_pattern/i \.chtml$ 480 50% 22160 refresh_pattern/i \.thb$ 10080 90% 43200 refresh_pattern/i \.dcr$ 10080 90% 43200 refresh_pattern/i \.bmp$ 10080 90% 43200 refresh_pattern/i \.phtml$ 480 50% 22160 refresh_pattern/i \.mpg$ 10080 90% 43200 refresh_pattern/i \.pdf$ 10080 90% 43200 refresh_pattern/i \.art$ 10080 90% 43200 refresh_pattern/i \.swf$ 10080 90% 43200 refresh_pattern/i \.mp3$ 10080 90% 43200 refresh_pattern/i \.ra$ 10080 90% 43200 refresh_pattern/i \.spl$ 10080 90% 43200 refresh_pattern/i \.viv$ 10080 90% 43200 refresh_pattern/i \.doc$ 10080 90% 43200 refresh_pattern/i \.gz$ 10080 90% 43200 refresh_pattern/i \.Z$ 10080 90% 43200 refresh_pattern/i \.tgz$ 10080 90% 43200 refresh_pattern/i \.tar$ 10080 90% 43200 refresh_pattern/i \.vrm$ 10080 90% 43200 refresh_pattern/i \.vrml$ 10080 90% 43200 refresh_pattern/i \.aif$ 10080 90% 43200 refresh_pattern/i \.aifc$ 10080 90% 43200 refresh_pattern/i \.aiff$ 10080 90% 43200 refresh_pattern/i \.arj$ 10080 90% 43200 refresh_pattern/i \.c$ 10080 90% 43200 refresh_pattern/i \.cpt$ 10080 90% 43200 refresh_pattern/i \.dir$ 10080 90% 43200 refresh_pattern/i \.dxr$ 10080 90% 43200 refresh_pattern/i \.hqx$ 10080 90% 43200 refresh_pattern/i \.jpe$ 10080 90% 43200 refresh_pattern/i \.lha$ 10080 90% 43200 refresh_pattern/i \.lzh$ 10080 90% 43200 refresh_pattern/i \.midi$ 10080 90% 43200 refresh_pattern/i \.movie$ 10080 90% 43200 refresh_pattern/i \.mp2$ 10080 90% 43200 refresh_pattern/i \.mpe$ 10080 90% 43200 refresh_pattern/i \.mpeg$ 10080 90% 43200 refresh_pattern/i \.mpga$ 10080 90% 43200 refresh_pattern/i \.pl$ 10080 90% 43200 refresh_pattern/i \.ppt$ 10080 90% 43200 refresh_pattern/i \.ps$ 10080 90% 43200 refresh_pattern/i \.qt$ 10080 90% 43200 refresh_pattern/i \.qtm$ 10080 90% 43200 refresh_pattern/i \.ras$ 10080 90% 43200 refresh_pattern/i \.sea$ 10080 90% 43200 refresh_pattern/i \.sit$ 10080 90% 43200 refresh_pattern/i \.tif$ 10080 90% 43200 refresh_pattern/i \.tiff$ 10080 90% 43200 refresh_pattern/i \.snd$ 10080 90% 43200 refresh_pattern/i \.wrl$ 10080 90% 43200 refresh_pattern ^ftp:// 480 60% 22160 refresh_pattern ^gopher:// 30 20% 120 refresh_pattern . 480 50% 22160 # don't cache RealAudio HTTP Streaming proxy requests: cache_stoplist_pattern/i http://[^/]+/SmpDsBhgRl ##### End quick_abort 25000, 1, 100000 #negative_ttl 5 #positive_dns_ttl 360 #negative_dns_ttl 5 # TIMEOUTS #----------------------------------------------------------------------------- #connect_timeout 120 #read_timeout 15 #client_lifetime 200 #shutdown_lifetime 30 # ACCESS CONTROLS #----------------------------------------------------------------------------- # Standard access control lists. acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 563 acl Dangerous_ports port 7 9 19 acl CONNECT method CONNECT # Local access control lists. Add an entry for each subnet you have. acl proxy-melb src 203.12.236.14/255.255.255.255 acl webserver src /255.255.255.255 acl subnet1 src /255.255.255.248 #acl subnet2 src /255.255.255.248 # Deny dangerous access, allow manager access only to localhost and webserver. http_access deny manager !localhost !webserver http_access deny CONNECT !SSL_ports http_access deny Dangerous_ports # Allow http access to only local hosts and proxy-melb. #http_access allow proxy-melb http_access allow localhost http_access allow subnet1 #http_access allow subnet2 http_access deny all # Allow icp access to only local hosts and proxy-melb. #icp_access allow proxy-melb icp_access allow subnet1 #icp_access allow subnet2 icp_access deny all # Allow miss access to all (assuming they have http access) except proxy-melb. #miss_access deny proxy-melb miss_access allow all # ADMINISTRATIVE PARAMETERS #----------------------------------------------------------------------------- # Set these to your distributions default's. cache_mgr proxy cache_effective_user proxy proxy # MISCELLANEOUS #----------------------------------------------------------------------------- dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu logfile_rotate 32 append_domain .apana.org.au #ssl_proxy proxy.melb.apana.org.au #passthrough_proxy proxy.melb.apana.org.au #err_html_text #udp_hit_obj off #udp_hit_obj_size 0 #memory_pools on #forwarded_for on #log_icp_queries on minimum_direct_hops 0 cachemgr_passwd all #http_anonymizer off #fake_user_agent none #client_db on #netdb_low 900 #netdb_high 1000 netdb_ping_period 60 minutes #query_icmp off #icp_hit_stale off #reload_into_ims on