squid.conf ubuntu 8.10 server

Squid is one of the simpliest proxy that we can install in any computer we have. It is light and easy to easy. But for beginner like me, the configuration is quite dizzy.

there are some rule that i want to create with this proxy squid.
1. i want our computer lab will be filtered when accessing.
2. There is a time out setting applying the rules.

in this case i m using squid in my ubuntu 8.10 server.
Here are the step of installing the squid since the ubuntu doesn’t have it even for the server.
1. download the squid

#sudo apt-get install squid

2. edit /etc/squid/squid.conf
Like this:
#Recommended minimum configuration:

acl all src all
acl manager proto cache_object
acl localhost src
acl to_localhost dst

acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl blokiran url_regex -i “/etc/squid/wwwblok.txt”
acl keword url_regex -i “/etc/squid/keyword.txt”
acl waktu_akses time MTWHFA 08:00-14:00
http_access deny localnet blokiran
http_access deny localnet keword
http_access allow localnet waktu_akses
http_access allow localnet
http_access deny all
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect #innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
http_reply_access allow all
icp_access allow localnet
icp_access deny all
# Squid normally listens to port 3128
http_port 3128 transparent
visible_hostname www.yoursiteifany.com
cache_mgr youradministrator@email.here
cache_mem 64 MB
cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# Don’t upgrade ShoutCast responses to HTTP
acl shoutcast rep_header X-HTTP09-First-Line ^ICYs[0-9]
#upgrade_http0.9 deny shoutcast
# Apache mod_gzip and mod_deflate known to be broken so don’t trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# hosts_file /etc/hosts
hosts_file /etc/hosts
# coredump_dir none
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.