海运的博客

记录下Squid反向代理配置

发布时间:April 26, 2012 // 分类:Linux服务 // No Comments

版本:Squid Cache: Version 3.1.10

http_port 80 vhost vport
icp_port 0
visible_hostname proxy.www.haiyun.me
cache_mgr  support@www.haiyun.me
cache_effective_user squid
cache_effective_group  squid 
cache_access_log /cache/access.log
cache_log /cache/cache.log
cache_dir ufs /cache/ 2048 16 256
cache_mem 64 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 256 KB
forwarded_for on 

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ? 
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml \.jsp \.js \.do
acl denyssl urlpath_regex -i ^https:\\ 
acl dy_cache urlpath_regex asp\?
acl dy_cache urlpath_regex aspx\?
acl dy_cache urlpath_regex php\?
acl dy_cache urlpath_regex jsp\?
no_cache deny QUERY
no_cache deny denyssl
no_cache deny dy_cache

cache_peer cp.www.haiyun.me parent 80 0 no-query originserver name=cp
cache_peer_domain cp cp.www.haiyun.me
cache_peer_access cp allow all
cache_peer www.haiyun.me parent 80 0 no-query originserver name=www
cache_peer_domain www www.haiyun.me
cache_peer_access www allow all
#always_direct allow all
http_access allow all 

refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims 
refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
 
refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload
 
refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload

#隐藏head信息,2.x版本使用header_access
reply_header_access Via deny all
reply_header_access Cache-Control deny all
reply_header_access Server deny all
reply_header_access X-Cache deny all
reply_header_access X-Cache-Lookup deny all
reply_header_access X-Squid-Error deny all
reply_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Age deny all
request_header_access X-Squid-Error deny all
request_header_access Pragma deny all
#request_header_access X-Forwarded-For deny all

标签:linux, squid, 反向代理

评论已关闭

分类
最新文章
最近回复
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
  • jiangker: good, very helpful to me
  • fengfeng: N1 armbian 能有编译下内核吗。。我要开启can 不懂怎么操作
  • 1: 方法一ngtcp2要改下:./configure PKG_CONFIG_PATH=/usr/l...