Differences

This shows you the differences between two versions of the page.

--- pfsense:squid:setup_completely2 [2020/07/15 09:30] – external edit 127.0.0.1
+++ pfsense:squid:setup_completely2 [2021/01/06 11:54] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== PFSense - Squid - Setup completely2 ======
-<WRAP important>
-**WARNING:**  The refresh pattern on this config are **very aggressive** and sometimes a user will get old cached pages even for those sites which updates on daily basis,
-if you face such issues, remove following directives from refresh pattern.
-<code>
-ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale
-</code>
-</WRAP>
-----
-<code>
-# SQUID 2.7 CONFIG FILE
-# By - Syed Jahanzaib
-# Email: aacable@hotmail.com
-# Web  : https://aacable.wordpress.com
-# PORT and Transparent Option
-http_port 8080 transparent
-server_http11 on
-icp_port 0
-# Cache Directory , modify it according to your system.
-# but first create directory in root by
-# mkdir /cache1
-# chown proxy:proxy /cache1
-# [for ubuntu user is proxy, in Fedora user is SQUID]
-# I have set 100 GB for caching, Adjust it according to your need.
-# My recommendation is to have one cache_dir per drive. zzz
-store_dir_select_algorithm round-robin
-cache_dir aufs /cache1 100000 16 256
-#cache_dir ufs /mnt/hdd2/cache2 200000 16 256 # If you have secondary HDD
-memory_replacement_policy heap GDSF
-cache_replacement_policy heap GDSF
-# If you want to enable DATE time n SQUID Logs,use following
-emulate_httpd_log on
-logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
-log_fqdn off
-# How much days to keep users access web logs
-# You need to rotate your log files with a cron job. For example:
-# 0 0 * * * /usr/local/squid/bin/squid -k rotate
-logfile_rotate 14
-debug_options ALL,1
-cache_access_log /var/log/squid/access.log
-cache_log none
-cache_store_log none
-# Block Ads [zaib]
-#acl adsites dstdomain url_regex "/etc/squid/adslist.txt"
-#http_access deny adsites
-#deny_info http://192.168.6.1/psb.htm adsites
-#I used DNSAMSQ service for fast dns resolving
-#so install by using "apt-get install dnsmasq" first
-dns_nameservers 127.0.0.1 8.8.8.8
-ftp_user anonymous@
-ftp_list_width 32
-ftp_passive on
-ftp_sanitycheck on
-#ACL Section mylan myacl
-acl all src 0.0.0.0/0.0.0.0
-#acl all src 192.168.50.0/255.255.255.0
-#acl all2 src 10.0.0.0/255.0.0.0
-acl manager proto cache_object
-acl localhost src 127.0.0.1/255.255.255.255
-acl to_localhost dst 127.0.0.0/8
-acl SSL_ports port 443 563 # https, snews
-acl SSL_ports port 873 # rsync
-acl Safe_ports port 80 # http
-acl Safe_ports port 21 # ftp
-acl Safe_ports port 443 563 # https, snews
-acl Safe_ports port 70 # gopher
-acl Safe_ports port 210 # wais
-acl Safe_ports port 1025-65535 # unregistered ports
-acl Safe_ports port 280 # http-mgmt
-acl Safe_ports port 488 # gss-http
-acl Safe_ports port 591 # filemaker
-acl Safe_ports port 777 # multiling http
-acl Safe_ports port 631 # cups
-acl Safe_ports port 873 # rsync
-acl Safe_ports port 901 # SWAT
-acl purge method PURGE
-acl CONNECT method CONNECT
-http_access allow manager all
-http_access deny manager
-http_access allow purge localhost
-http_access deny purge
-http_access deny !Safe_ports
-http_access deny CONNECT !SSL_ports
-http_access allow localhost
-http_access allow all
-#http_access allow all2
-http_reply_access allow all
-#http_reply_access allow all2
-icp_access allow all
-#==========================
-# Administrative Parameters
-#==========================
-#============================================================$
-# SNMP , if you want to generate graphs for SQUID via MRTG
-#============================================================$
-#acl snmppublic snmp_community zaib
-#snmp_port 3401
-#snmp_access allow snmppublic all
-#snmp_access allow all
-# I used UBUNTU so user is proxy, in FEDORA you may use use squid
-cache_effective_user proxy
-cache_effective_group proxy
-cache_mgr SYED_JAHANZAIB
-visible_hostname aacable.wordpress.com
-unique_hostname aacable@hotmail.com
-# Memory
-cache_mem 128 MB
-minimum_object_size 0 bytes
-maximum_object_size 700 MB
-maximum_object_size_in_memory 32 KB
-tcp_outgoing_tos 0x30 all
-zph_mode tos
-zph_local 0x30
-zph_parent 0
-zph_option 136
-acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
-acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
-acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
-acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
-acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
-acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
-acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
-acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
-acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
-acl dontrewrite url_regex redbot\.org \.php
-acl getmethod method GET
-storeurl_access deny dontrewrite
-storeurl_access deny !getmethod
-storeurl_access allow store_rewrite_list_domain_CDN
-storeurl_access allow store_rewrite_list
-storeurl_access allow store_rewrite_list_domain
-storeurl_access allow store_rewrite_list_path
-storeurl_access deny all
-# First add storeurl.pl to enable below, see my other guides
-# e.g: https://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/
-#storeurl_rewrite_program /etc/squid/storeurl.pl
-#storeurl_rewrite_children 7
-#storeurl_rewrite_concurrency 0
-##
-refresh_pattern -i \.htm 120 50% 10080 reload-into-ims
-refresh_pattern -i \.html 120 50% 10080 reload-into-ims
-refresh_pattern ^http://*.facebook.com/* 720 100% 4320
-refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
-refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
-refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
-refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
-refresh_pattern ^http://*.google.*/.* 720 100% 4320
-refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
-refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
-refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
-refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
-##
-# 1 year = 525600 mins, 1 month = 43800 mins
-refresh_pattern imeem.*\.flv  0 0% 0     override-lastmod override-expire
-refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280    90%    161280 ignore-reload
-refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)       10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern \.(ico|video-stats) 10800 80% 10800    override-expire ignore-reload ignore-no-cache  ignore-private ignore-auth override-lastmod  negative-ttl=10080
-refresh_pattern \.etology\?                       10800 80% 10800    override-expire ignore-reload ignore-no-cache
-refresh_pattern galleries\.video(\?|sz)               10800 80% 10800    override-expire ignore-reload ignore-no-cache
-refresh_pattern brazzers\?                       10800 80% 10800    override-expire ignore-reload ignore-no-cache
-refresh_pattern \.adtology\?                      10800 80% 10800    override-expire ignore-reload ignore-no-cache
-refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignore-no-cache  ignore-private override-expire ignore-reload ignore-auth   negative-ttl=40320 max-stale=10
-refresh_pattern ^.*safebrowsing.*google  10800 80% 10800 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth  negative-ttl=10080
-refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 10800 80% 10800 override-expire ignore-reload   ignore-private  negative-ttl=10080
-refresh_pattern ytimg\.com.*\.jpg                   10800 80% 10800    override-expire ignore-reload
-refresh_pattern images\.friendster\.com.*\.(png|gif)           10800 80% 10800    override-expire ignore-reload
-refresh_pattern garena\.com                                   10800 80% 10800     override-expire reload-into-ims
-refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)  10800 80% 10800     override-expire ignore-reload
-refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?           10800 80% 10800 ignore-no-cache override-expire override-lastmod
-refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    10800 80% 10800 reload-into-ims override-expire ignore-private
-refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire
-refresh_pattern ^http:\/\/www.onemanga.com.*\/           10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire
-# ANTI VIRUS
-refresh_pattern guru.avg.com/.*\.(bin)                      10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern (avgate|avira).*(idx|gz)$                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern kaspersky.*\.avc$                                   10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern kaspersky                                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                    10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern windowsupdate.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern update.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
-refresh_pattern download.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
-#images facebook
-refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache
-refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
-refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
-refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache
-#banner IIX
-refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern ^http:\/\/img.ads.kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)       10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern ^http:\/\/openx.kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)        10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)       10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
-#IIX DOWNLOAD
-refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache    ignore-auth
-#All File
-refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
-refresh_pattern (cgi-bin|\?)       0      0%      0
-refresh_pattern ^gopher:    1440    0%    1440
-refresh_pattern ^ftp:         10080     95%     10800 override-lastmod reload-into-ims
-refresh_pattern         .     180     95% 10800 override-lastmod reload-into-ims
-global_internal_static off
-max_stale 10 years
-retry_on_error on
-buffered_logs on
-read_ahead_gap 32 KB
-#header_access Accept-Encoding deny  all
-client_persistent_connections off
-server_persistent_connections on
-half_closed_clients off
-strip_query_terms off
-quick_abort_min 0 KB
-quick_abort_max 0 KB
-quick_abort_pct 100
-vary_ignore_expire on
-reload_into_ims on
-pipeline_prefetch on
-read_timeout 30 minutes
-client_lifetime 6 hours
-$negative_ttl 30 seconds
-positive_dns_ttl 6 hours
-$negative_dns_ttl 60 seconds
-pconn_timeout 15 seconds
-request_timeout 1 minute
-$store_avg_object_size 13 KB
-log_icp_queries off
-ipcache_size 16384
-ipcache_low 98
-ipcache_high 99
-log_fqdn off
-fqdncache_size 16384
-memory_pools off
-forwarded_for on
-client_db off
-max_filedescriptors 8192
-</code>
-----
-===== References =====
-https://aacable.wordpress.com/tag/squid-refresh-pattern/