# 1. 設定一些網路參數 http_port 3128 icp_port 3130 # 2. 跟上層 Proxy 有關的設定 cache_peer gate.ncku.edu.tw parent 3128 3130 no-digest no-netdb-exchange no-query cache_peer gate2.ncku.edu.tw parent 3128 3130 no-digest no-netdb-exchange no-query cache_peer gate3.ncku.edu.tw parent 3128 3130 no-digest no-netdb-exchange no-query cache_peer proxy.ncku.edu.tw parent 3128 3130 no-digest no-netdb-exchange no-query acl directip dst 192.168.0.0/24 acl directdn dstdomain .vbird.org tw.yahoo.com tw.news.yahoo.com acl nckudn dstdomain .ncku.edu.tw acl nckuip dst 140.116.0.0/16 163.28.112.0/24 163.28.113.0/24 163.28.114.0/24 163.28.115.0/24 163.28.116.0/24 163.28.117.0/24 acl twdn dstdomain .tw .twnic.net .hinet.net .acer.net .wownet.net .seeder.net .silkera.net .neto.net timenet.net tw.aunet.net .adsldns.org acl twip dst 163.28.0.0/16 140.96.0.0/11 140.128.0.0/12 140.92.0.0/16 139.175.0.0/16 139.223.0.0/16 163.12.0.0/14 163.16.0.0/14 168.95.0.0/16 192.72.0.0/16 192.83.160.0/19 192.83.192.0/22 192.192.0.0/16 202.39.0.0/16 202.132.128.0/17 202.145.224.0/19 203.64.0.0/12 210.64.0.0/13 210.60.0.0/14 acl comdn dstdomain .com acl netdn dstdomain .net acl edudn dstdomain .edu cache_peer_access gate.ncku.edu.tw allow comdn cache_peer_access gate.ncku.edu.tw deny !comdn cache_peer_access gate3.ncku.edu.tw allow netdn cache_peer_access gate3.ncku.edu.tw allow edudn cache_peer_access gate3.ncku.edu.tw deny !netdn cache_peer_access gate3.ncku.edu.tw deny !edudn cache_peer_access gate2.ncku.edu.tw deny comdn cache_peer_access gate2.ncku.edu.tw deny netdn cache_peer_access gate2.ncku.edu.tw deny edudn cache_peer_access gate2.ncku.edu.tw deny directdn cache_peer_access gate2.ncku.edu.tw deny directip cache_peer_access gate2.ncku.edu.tw deny twdn cache_peer_access gate2.ncku.edu.tw deny twip cache_peer_access gate2.ncku.edu.tw deny nckudn cache_peer_access gate2.ncku.edu.tw deny nckuip cache_peer_access proxy.ncku.edu.tw deny comdn cache_peer_access proxy.ncku.edu.tw deny netdn cache_peer_access proxy.ncku.edu.tw deny edudn cache_peer_access proxy.ncku.edu.tw deny directdn cache_peer_access proxy.ncku.edu.tw deny directip cache_peer_access proxy.ncku.edu.tw deny twdn cache_peer_access proxy.ncku.edu.tw deny twip cache_peer_access proxy.ncku.edu.tw deny nckudn cache_peer_access proxy.ncku.edu.tw deny nckuip icp_query_timeout 1000 mcast_icp_query_timeout 1000 dead_peer_timeout 2 seconds hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # 3. 關於我們 Proxy 自行前往的設定 always_direct allow nckudn nckuip directdn directip always_direct allow twip twdn # 4. 關於一些 cache 相關設定 cache_mem 32 MB cache_swap_low 60 cache_swap_high 90 maximum_object_size 32768 KB maximum_object_size_in_memory 32 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 # 5. 很重要的 cache dir 設定 cache_dir aufs /proxy/proxy1 1500 32 128 cache_dir aufs /proxy/proxy2 1500 32 128 cache_dir aufs /proxy/proxy3 1500 32 128 cache_dir aufs /proxy/proxy4 1500 32 128 cache_access_log /usr/local/squid/var/logs/access.log cache_log /usr/local/squid/var/logs/cache.log cache_store_log /usr/local/squid/var/logs/store.log mime_table /usr/local/squid/etc/mime.conf pid_filename /usr/local/squid/var/logs/squid.pid ftp_user Squid@ ftp_passive on dns_timeout 1 minutes hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 connect_timeout 30 seconds peer_connect_timeout 10 seconds request_timeout 1 minutes persistent_request_timeout 20 seconds # 6. 其他可否登入的權限設定! # 6.1 底下是系統預設值,我沒有變動他! acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # 6.2 這底下接的兩行是我自己的設定項目,可以參考看看! acl allowhosts src "/usr/local/squid/etc/squid.allow.hosts" http_access allow allowhosts http_access deny all http_reply_access allow all icp_access allow all cache_mgr vbird@tsai.adsldns.org # 這是主機管理員喔! cache_effective_user nobody cache_effective_group nobody coredump_dir /usr/local/squid/var/cache