Notes Squid

/etc/squid/squidGuard.conf

/etc/squid/squid.conf

cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange

never_direct allow all

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 20

header_access From deny all
header_access Server deny all
#header_access WWW-Authenticate deny all
header_access Link deny all
header_access Cache-Control deny all
header_access Proxy-Connection deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Pragma deny all
header_access Keep-Alive deny all
header_access Referer deny all

/etc/privoxy/user.action

safe-imgnotadd      = -filter{banners-by-size}

{ safe-imgnotadd }
michelcollon.info
www..michelcollon.info

{ -block-as-image }
rt.com/files/banners/
.almanar.com.lb/

{ +hide-user-agent{Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0} }
#.yahoo.com

Voir :

https://www.unix-experience.fr/2013/monter-un-proxy-cache-performant-avec-squid-et-openbsd/

/etc/squid3/squid.conf

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
#acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT

#acl allowedips src 10.8.0.0/24

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager

#http_access allow allowedips
http_access allow all

http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

cache_dir ufs /var/spool/squid3 512 16 256
cache_mem 256 MB
maximum_object_size 15 MB

positive_dns_ttl 8 hours
negative_ttl 1 minutes

#visible_hostname proxy.local
#httpd_suppress_version_string on
via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all

dns_nameservers 8.8.8.8 80.67.169.12 80.67.169.40

Squid2 CentOS5

/etc/squid/squid.conf

http_port 3128

acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_access deny all

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

cache_dir ufs /var/spool/squid 512 16 256
cache_mem 256 MB

maximum_object_size 15 MB
positive_dns_ttl 8 hours
negative_ttl 1 minutes

via off
forwarded_for off
follow_x_forwarded_for deny all

Rapport

Voir lightsquid http://blog.adminrezo.fr/2015/11/lightsquid/