# SQUID 2.

7 CONFIG FILE
# By - Syed Jahanzaib
# Email: aacable@hotmail.com
# Web : http://aacable.wordpress.com
# PORT and Transparent Option
http_port 8080 transparent
server_http11 on
icp_port 0
# Cache Directory , modify it according to your system.
# but first create directory in root by
# mkdir /cache1
# chown proxy:proxy /cache1
# [for ubuntu user is proxy, in Fedora user is SQUID]
# I have set 100 GB for caching, Adjust it according to your need.
# My recommendation is to have one cache_dir per drive. zzz
store_dir_select_algorithm round-robin
cache_dir aufs /cache1 100000 16 256
#cache_dir ufs /mnt/hdd2/cache2 200000 16 256 # If you have secondary HDD
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF
# If you want to enable DATE time n SQUID Logs,use following
emulate_httpd_log on
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
log_fqdn off
# How much days to keep users access web logs
# You need to rotate your log files with a cron job. For example:
# 0 0 * * * /usr/local/squid/bin/squid -k rotate
logfile_rotate 14
debug_options ALL,1
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
# Block Ads [zaib]
#acl adsites dstdomain url_regex "/etc/squid/adslist.txt"
#http_access deny adsites
#deny_info http://192.168.6.1/psb.htm adsites
#I used DNSAMSQ service for fast dns resolving
#so install by using "apt-get install dnsmasq" first
dns_nameservers 127.0.0.1 8.8.8.8
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#ACL Section mylan myacl
acl all src 0.0.0.0/0.0.0.0
#acl all src 192.168.50.0/255.255.255.0
#acl all2 src 10.0.0.0/255.0.0.0
acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager all
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
#http_access allow all2
http_reply_access allow all
#http_reply_access allow all2
icp_access allow all
#==========================
# Administrative Parameters
#==========================
#============================================================$
# SNMP , if you want to generate graphs for SQUID via MRTG
#============================================================$
#acl snmppublic snmp_community zaib
#snmp_port 3401
#snmp_access allow snmppublic all
#snmp_access allow all
# I used UBUNTU so user is proxy, in FEDORA you may use use squid
cache_effective_user proxy
cache_effective_group proxy
cache_mgr SYED_JAHANZAIB
visible_hostname aacable.wordpress.com
unique_hostname aacable@hotmail.com
# Memory
cache_mem 128 MB
minimum_object_size 0 bytes
maximum_object_size 700 MB
maximum_object_size_in_memory 32 KB

tcp_outgoing_tos 0x30 all

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
acl store_rewrite_list urlpath_regex
\/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|
exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex
^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex
(([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[09]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|
3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/
(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$
quantserve\.com
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)
(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET
storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all
# First add storeurl.pl to enable below, see my other guides
# e.g: http://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/
#storeurl_rewrite_program /etc/squid/storeurl.pl
#storeurl_rewrite_children 7
#storeurl_rewrite_concurrency 0
##
refresh_pattern -i \.htm 120 50% 10080 reload-into-ims
refresh_pattern -i \.html 120 50% 10080 reload-into-ims
refresh_pattern ^http://*.facebook.com/* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
##
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 10800 80% 10800 ignoreno-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 10800
80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)
10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-intoims
refresh_pattern \.(ico|video-stats) 10800 80% 10800 override-expire ignore-reload ignore-nocache ignore-private ignore-auth override-lastmod negative-ttl=10080
refresh_pattern \.etology\?
10800 80% 10800 override-expire ignore-reload
ignore-no-cache
refresh_pattern galleries\.video(\?|sz)
10800 80% 10800 override-expire ignore-reload
ignore-no-cache
refresh_pattern brazzers\?
10800 80% 10800 override-expire ignore-reload
ignore-no-cache
refresh_pattern \.adtology\?
10800 80% 10800 override-expire ignore-reload
ignore-no-cache
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|
bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|
ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|gameadvertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|
adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignoreno-cache ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 maxstale=10
refresh_pattern ^.*safebrowsing.*google 10800 80% 10800 override-expire ignore-reload ignoreno-cache ignore-private ignore-auth negative-ttl=10080
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 10800 80% 10800 overrideexpire ignore-reload ignore-private negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg
10800 80% 10800 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)
10800 80% 10800 override-expire
ignore-reload
refresh_pattern garena\.com
10800 80% 10800 override-expire reloadinto-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10800 80% 10800 override-expire
ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?
10800 80% 10800 ignore-no-cache
override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 10800 80% 10800
reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.
10800 80% 10800 reload-into-ims ignoreno-cache ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/
10800 80% 10800 reload-into-ims ignoreno-cache ignore-reload override-expire
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)
reload reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$
ignore-reload reload-into-ims
refresh_pattern kaspersky.*\.avc$
ignore-reload reload-into-ims
refresh_pattern kaspersky
reload reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)
ignore-reload reload-into-ims

10800 80% 10800 ignore-no-cache ignore10800 80% 10800 ignore-no-cache

10800 80% 10800 ignore-no-cache
10800 80% 10800 ignore-no-cache ignore10800 80% 10800 ignore-no-cache

refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)
no-cache ignore-reload reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe)
ignore-reload reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe)
ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe)
cache ignore-reload reload-into-ims

10800 80% 10800 ignore-

10800 80% 10800 ignore-no-cache

10800 80% 10800 ignore-no-cache
10800 80% 10800 ignore-no-

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)
10800 80% 10800 ignorereload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)
10800 80% 10800 ignore-reload
override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png)
10800 80% 10800 ignore-reload
override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)
10800 80% 10800 ignore-reload
override-expire ignore-no-cache
#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 10800 99999% 10800
reload-into-ims ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/
10800 99999% 10800 reload-into-ims
ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/
10800 99999% 10800 reload-into-ims
ignore-reload override-expire ignore-no-cache
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)
10800 99999% 10800 reload-into-ims
ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/openx.kompas.com.*\/
10800 99999% 10800 reload-into-ims
ignore-reload override-expire ignore-no-cache
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)
10800 99999% 10800 reload-into-ims
ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)
10800 99999% 10800 reload-intoims ignore-reload override-expire ignore-no-cache
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|
exe|msi|zip) 10800 99999% 10800 reload-into-ims ignore-reload override-expire ignore-no-cache
ignore-auth
#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)
10800 80% 10800 ignoreno-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))
10800 80% 10800 ignore-nocache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 10800 80% 10800 ignore-nocache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav)
10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-intoims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-nocache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (cgi-bin|\?)
0
refresh_pattern ^gopher: 1440

0%
0
0% 1440

refresh_pattern ^ftp:
refresh_pattern
.

10080 95% 10800 override-lastmod reload-into-ims

180 95% 10800 override-lastmod reload-into-ims

global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB
#header_access Accept-Encoding deny all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
read_timeout 30 minutes
client_lifetime 6 hours
$negative_ttl 30 seconds
positive_dns_ttl 6 hours
$negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
$store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
client_db off
max_filedescriptors 8192
#http://aacable.wordpress.com/tag/squid-maximum-cache-hit/