版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/05/02/000356.html
-----> squid.conf.diff
--- squid.conf.default Sat Feb 28 17:18:40 2004
+++ squid.conf Sun May 2 19:37:44 2004
@@ -51,6 +51,7 @@
#
#Default:
# http_port 3128
+http_port 5251
# TAG: https_port
# Note: This option is only available if Squid is rebuilt with the
@@ -121,6 +122,7 @@
#
#Default:
# htcp_port 4827
+htcp_port 0
# TAG: mcast_groups
# This tag specifies a list of multicast groups which your server
@@ -171,6 +173,7 @@
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255
+udp_incoming_address 166.111.XXX.YY
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
@@ -322,6 +325,7 @@
#
#Default:
# none
+cache_peer 166.111.XXX.YYY sibling 5251 3130
# TAG: cache_peer_domain
# Use to limit the domains for which a neighbor cache will be
@@ -431,6 +435,7 @@
# list this option multiple times.
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
+hierarchy_stoplist hotmail.com msn.com
# TAG: no_cache
# A list of ACL elements which, if matched, cause the request to
@@ -444,6 +449,12 @@
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
+acl thu-all dst 166.111.0.0/16
+no_cache deny thu-all
+acl alumni-chinaren url_regex ^http://alumni.chinaren.com/
+no_cache deny alumni-chinaren
+acl nmc_gov_cn url_regex ^http://www.nmc.gov.cn/
+no_cache deny nmc_gov_cn
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
@@ -481,6 +492,7 @@
#
#Default:
# cache_mem 8 MB
+cache_mem 64 MB
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
@@ -585,6 +597,7 @@
#
#Default:
# cache_replacement_policy lru
+cache_replacement_policy heap LFUDA
# TAG: memory_replacement_policy
# The memory replacement policy parameter determines which
@@ -594,6 +607,7 @@
#
#Default:
# memory_replacement_policy lru
+memory_replacement_policy heap LFUDA
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
@@ -700,6 +714,7 @@
#
#Default:
# cache_dir ufs c:/squid/var/cache 100 16 256
+cache_dir ufs c:/squid/var/cache 3000 16 256
# TAG: cache_access_log
# Logs the client request activity. Contains an entry for
@@ -707,6 +722,7 @@
#
#Default:
# cache_access_log c:/squid/var/logs/access.log
+cache_access_log c:/squid/var/logs/access.log
# TAG: cache_log
# Cache logging file. This is where general information about
@@ -715,6 +731,7 @@
#
#Default:
# cache_log c:/squid/var/logs/cache.log
+cache_log c:/squid/var/logs/cache.log
# TAG: cache_store_log
# Logs the activities of the storage manager. Shows which
@@ -725,6 +742,7 @@
#
#Default:
# cache_store_log c:/squid/var/logs/store.log
+cache_store_log none
# TAG: cache_swap_log
# Location for the cache "swap.log." This log file holds the
@@ -862,6 +880,7 @@
#
#Default:
# ftp_user Squid@
+ftp_user Squid@ipcn.org
# TAG: ftp_list_width
# Sets the width of ftp listings. This should be set to fit in
@@ -968,6 +987,7 @@
#
#Default:
# none
+dns_nameservers 166.111.8.28 166.111.8.29
# TAG: hosts_file
# Location of the host-local IP name-address associations
@@ -1261,8 +1281,12 @@
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
-auth_param basic realm Squid proxy-caching web server
+#auth_param basic realm Squid proxy-caching web server
+auth_param basic realm windtear proxy server
auth_param basic credentialsttl 2 hours
+#authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
+#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
+auth_param basic program c:/squid/libexec/ncsa_auth.exe c:/squid/etc/passwd
# TAG: authenticate_cache_garbage_interval
# The time period between garbage collection across the username cache.
@@ -1454,6 +1478,28 @@
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
+refresh_pattern -i .html 1440 90% 129600 reload-into-ims
+refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
+refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
+refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
+refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
+refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
+refresh_pattern -i .png 1440 90% 129600 reload-into-ims
+refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
+refresh_pattern -i .js 1440 90% 129600 reload-into-ims
+refresh_pattern -i .cab 1440 90% 129600 reload-into-ims
+refresh_pattern -i .zip 1440 90% 129600 reload-into-ims
+refresh_pattern -i .exe 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rar 1440 90% 129600 reload-into-ims
+refresh_pattern -i .doc 1440 90% 129600 reload-into-ims
+refresh_pattern -i .ppt 1440 90% 129600 reload-into-ims
+refresh_pattern -i .xls 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rpm 1440 90% 129600 reload-into-ims
+refresh_pattern -i .deb 1440 90% 129600 reload-into-ims
+refresh_pattern -i .avi 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rm 1440 90% 129600 reload-into-ims
+refresh_pattern -i .wmv 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rmvb 1440 90% 129600 reload-into-ims
# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
@@ -1776,15 +1822,35 @@
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
+acl ipcnauth proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
+acl building src 10.35.0.0/16
+acl building src 169.254.0.0/16
+acl building src 172.16.0.0/12
+acl building src 192.168.0.0/16
+acl fromthu src 166.111.0.0/16
+acl fromthu src 219.224.96.0/19
+acl fromthu src 219.224.128.0/17
+acl tothu dst 166.111.0.0/16
+acl tothu dst 219.224.96.0/19
+acl tothu dst 219.224.128.0/17
+acl tolib dst 166.111.120.0/23
+acl tome dst 166.111.XXX.YY
+acl tome dst 166.111.XXX.YY
+acl tome dst 166.111.XXX.YYY
+acl tome dst 166.111.XXX.YY
+acl peer src 166.111.XXX.YY
+acl peer src 166.111.XXX.YY
+acl peer src 166.111.XXX.YYY
+acl peer src 166.111.XXX.YY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443 563
+acl SSL_ports port 443 563 1863
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
@@ -1796,6 +1862,12 @@
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
+#限制最多连接20个
+acl my_deny_maxconn maxconn 10
+acl ip_no_need_auth src "c:/squid/etc/ip_no_need_auth.txt"
+acl porn url_regex -i (adultos|adultsight|adultsite|adultsonly|adultweb|blow-?job|bondage|centerfold|cumshot|cyberlust|cybercore|hardcore|incest|masturbat|obscene|pedophil|pedofil|playmate|pornstar|sexdream|showgirl|softcore|striptease)
+acl porn url_regex -i (^|[-.\?+=/_0-9])(all|big|cute|cyber|fake|firm|hard|huge|little|mega|mini|naughty|new|old|pure|real|small|serious|soft|super|tiny|young)?(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|hooter|lez|lust|naked|nude|oral|orgy|porno?|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|vixen|xxx)s?(cafe|site|surf|surfing|web|website)?([-.\?+=/_0-9]|$)
+acl porn url_regex -i (^|[-.\?+=/_0-9])(all|big|cute|cyber|fake|firm|hard|huge|little|mega|mini|naughty|new|old|pure|real|small|serious|soft|super|tiny|young)(girl|virgin)s?(cafe|site|surf|surfing|web|website)?([-.\?+=/_0-9]|$)
# TAG: http_access
# Allowing or Denying access based on defined access lists
@@ -1842,6 +1914,18 @@
#http_access allow our_networks
# And finally deny all other access to this proxy
+http_access allow localhost
+http_access allow building
+http_access allow tome
+http_access allow ip_no_need_auth
+#限制最多连接20个
+http_access deny my_deny_maxconn
+http_access deny tolib
+http_access allow tothu fromthu
+http_access deny tothu
+#http_access allow ipcnauth
+http_access allow !porn
+#http_access allow fromthu
http_access deny all
# TAG: http_reply_access
@@ -2008,6 +2092,10 @@
#
#Default:
# reply_body_max_size 0 allow all
+reply_body_max_size 0 allow building
+reply_body_max_size 0 allow ip_no_need_auth
+reply_body_max_size 20000000 allow all
+#reply_body_max_size 20000000 allow ipcnauth
# ADMINISTRATIVE PARAMETERS
@@ -2019,6 +2107,7 @@
#
#Default:
# cache_mgr webmaster
+cache_mgr windtear@ipcn.org
# TAG: cache_effective_user
# TAG: cache_effective_group
@@ -2049,6 +2138,7 @@
#
#Default:
# none
+visible_hostname test.nt.proxy.ipcn.org
# TAG: unique_hostname
# If you want to have multiple machines with the same
@@ -2274,6 +2364,8 @@
#
#Default:
# none
+deny_info ERR_PORN_DENIED porn all
+deny_info ERR_ACCESS_DENIED lib all
# TAG: memory_pools on|off
# If set, Squid will keep pools of allocated (but unused) memory
@@ -2332,6 +2424,7 @@
#
#Default:
# log_icp_queries on
+log_icp_queries off
# TAG: icp_hit_stale on|off
# If you want to return ICP_HIT for stale cache objects, set this
@@ -2419,6 +2512,9 @@
#
#Default:
# none
+cachemgr_passwd none info idns
+cachemgr_passwd disable shutdown offline_toggle
+cachemgr_passwd yoursecret all
# TAG: store_avg_object_size (kbytes)
# Average object size, used to estimate number of objects your
@@ -2672,6 +2768,7 @@
#
#Default:
# error_directory c:/squid/share/errors/English
+error_directory c:/squid/share/errors/chs
# TAG: maximum_single_addr_tries
# This sets the maximum number of connection attempts for a
@@ -2695,6 +2792,7 @@
#
#Default:
# snmp_port 3401
+snmp_port 0
# TAG: snmp_access
# Allowing or denying access to the SNMP port.
-----> grep ^+ squid.conf.diff
% grep ^+ squid.conf.diff
+++ squid.conf Sun May 2 19:37:44 2004
+http_port 5251
+htcp_port 0
+udp_incoming_address 166.111.XXX.YY
+cache_peer 166.111.XXX.YYY sibling 5251 3130
+hierarchy_stoplist hotmail.com msn.com
+acl thu-all dst 166.111.0.0/16
+no_cache deny thu-all
+acl alumni-chinaren url_regex ^http://alumni.chinaren.com/
+no_cache deny alumni-chinaren
+acl nmc_gov_cn url_regex ^http://www.nmc.gov.cn/
+no_cache deny nmc_gov_cn
+cache_mem 64 MB
+cache_replacement_policy heap LFUDA
+memory_replacement_policy heap LFUDA
+cache_dir ufs c:/squid/var/cache 3000 16 256
+cache_access_log c:/squid/var/logs/access.log
+cache_log c:/squid/var/logs/cache.log
+cache_store_log none
+ftp_user Squid@ipcn.org
+dns_nameservers 166.111.8.28 166.111.8.29
+#auth_param basic realm Squid proxy-caching web server
+auth_param basic realm windtear proxy server
+#authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
+#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
+auth_param basic program c:/squid/libexec/ncsa_auth.exe c:/squid/etc/passwd
+refresh_pattern -i .html 1440 90% 129600 reload-into-ims
+refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
+refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
+refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
+refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
+refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
+refresh_pattern -i .png 1440 90% 129600 reload-into-ims
+refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
+refresh_pattern -i .js 1440 90% 129600 reload-into-ims
+refresh_pattern -i .cab 1440 90% 129600 reload-into-ims
+refresh_pattern -i .zip 1440 90% 129600 reload-into-ims
+refresh_pattern -i .exe 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rar 1440 90% 129600 reload-into-ims
+refresh_pattern -i .doc 1440 90% 129600 reload-into-ims
+refresh_pattern -i .ppt 1440 90% 129600 reload-into-ims
+refresh_pattern -i .xls 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rpm 1440 90% 129600 reload-into-ims
+refresh_pattern -i .deb 1440 90% 129600 reload-into-ims
+refresh_pattern -i .avi 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rm 1440 90% 129600 reload-into-ims
+refresh_pattern -i .wmv 1440 90% 129600 reload-into-ims
+refresh_pattern -i .rmvb 1440 90% 129600 reload-into-ims
+acl ipcnauth proxy_auth REQUIRED
+acl building src 10.35.0.0/16
+acl building src 169.254.0.0/16
+acl building src 172.16.0.0/12
+acl building src 192.168.0.0/16
+acl fromthu src 166.111.0.0/16
+acl fromthu src 219.224.96.0/19
+acl fromthu src 219.224.128.0/17
+acl tothu dst 166.111.0.0/16
+acl tothu dst 219.224.96.0/19
+acl tothu dst 219.224.128.0/17
+acl tolib dst 166.111.120.0/23
+acl tome dst 166.111.XXX.YY
+acl tome dst 166.111.XXX.YY
+acl tome dst 166.111.XXX.YYY
+acl tome dst 166.111.XXX.YY
+acl peer src 166.111.XXX.YY
+acl peer src 166.111.XXX.YY
+acl peer src 166.111.XXX.YYY
+acl peer src 166.111.XXX.YY
+acl SSL_ports port 443 563 1863
+#限制最多连接20个
+acl my_deny_maxconn maxconn 10
+acl ip_no_need_auth src "c:/squid/etc/ip_no_need_auth.txt"
+acl porn url_regex -i (adultos|adultsight|adultsite|adultsonly|adultweb|blow-?job|bondage|centerfold|cumshot|cyberlust|cybercore|hardcore|incest|masturbat|obscene|pedophil|pedofil|playmate|pornstar|sexdream|showgirl|softcore|striptease)
+acl porn url_regex -i (^|[-.\?+=/_0-9])(all|big|cute|cyber|fake|firm|hard|huge|little|mega|mini|naughty|new|old|pure|real|small|serious|soft|super|tiny|young)?(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|hooter|lez|lust|naked|nude|oral|orgy|porno?|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|vixen|xxx)s?(cafe|site|surf|surfing|web|website)?([-.\?+=/_0-9]|$)
+acl porn url_regex -i (^|[-.\?+=/_0-9])(all|big|cute|cyber|fake|firm|hard|huge|little|mega|mini|naughty|new|old|pure|real|small|serious|soft|super|tiny|young)(girl|virgin)s?(cafe|site|surf|surfing|web|website)?([-.\?+=/_0-9]|$)
+http_access allow localhost
+http_access allow building
+http_access allow tome
+http_access allow ip_no_need_auth
+#限制最多连接20个
+http_access deny my_deny_maxconn
+http_access deny tolib
+http_access allow tothu fromthu
+http_access deny tothu
+#http_access allow ipcnauth
+http_access allow !porn
+#http_access allow fromthu
+reply_body_max_size 0 allow building
+reply_body_max_size 0 allow ip_no_need_auth
+reply_body_max_size 20000000 allow all
+#reply_body_max_size 20000000 allow ipcnauth
+cache_mgr windtear@ipcn.org
+visible_hostname test.nt.proxy.ipcn.org
+deny_info ERR_PORN_DENIED porn all
+deny_info ERR_ACCESS_DENIED lib all
+log_icp_queries off
+cachemgr_passwd none info idns
+cachemgr_passwd disable shutdown offline_toggle
+cachemgr_passwd yoursecret all
+error_directory c:/squid/share/errors/chs
+snmp_port 0
[相关文章]
http://www.smth.edu.cn/pc/pccon.php?id=10&nid=26797&s=all
|
|
