Squid HTTP Accelerator : Squid.conf File

This is the contents of my Squid.conf file, please note that where you see removed the data has been removed from public view...
If you want to download this in a Squid.conf file then please click here


A6N Squid Proxy Server ACL v1.0
This will allow everyone internally anywhere without and restirctions!
#
### A6N Squid Configuration v1.0
#
########### squid.conf ###########
#
visible_hostname
#auth_param negotiate keep_alive on
#auth_param ntlm program
#auth_param ntlm children 5
auth_param ntlm keep_alive on
#auth_param digest program
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds
authenticate_ip_shortcircuit_ttl 0 seconds
acl all src all
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl localnet src
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
http_access allow localnet
http_access allow localhost
icp_access allow localnet
icp_access deny all
htcp_access deny all
#Allow HTCP queries from local networks only
# htcp_access allow localnet
# htcp_access deny all
htcp_clr_access deny all
#acl htcp_clr_peer src
#htcp_clr_access allow htcp_clr_peer
#miss_access allow all
#ident_lookup_access deny all
#reply_body_max_size 0 allow all
# acl_uses_indirect_client on
# delay_pool_uses_indirect_client on
# log_uses_indirect_client on
# ssl_unclean_shutdown off
http_port
dead_peer_timeout 5 seconds
hierarchy_stoplist cgi-bin ?
cache_mem 32 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy lru
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_swap_low 90
cache_swap_high 95
update_headers on
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
# request_header_max_size 20 KB
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
acl shoutcast rep_header X-HTTP09-First-Line ^ICYs[0-9]
upgrade_http0.9 deny shoutcast
httpd_accel_no_pmtu_disc on
detect_broken_pconn on
max_filedescriptors 0
tcp_recv_bufsize 0 bytes
#incoming_rate 30
check_hostnames on
allow_underscore off
dns_children 10
dns_retransmit_interval 4 seconds
dns_timeout 1 minute
dns_defnames off
dns_nameservers
ignore_unknown_nameservers on
ipcache_size 1024
ipcache_low 85
ipcache_high 92
fqdncache_size 1024
memory_pools on
memory_pools_limit 50 MB
forwarded_for off
cachemgr_passwd disable all
client_db on
maximum_single_addr_tries 5
retry_on_error off
uri_whitespace strip
coredump_dir c:/squid/var/cache
pipeline_prefetch on
zero_buffers on
cache_mgr
#DELAY POOL - A6N Custom
#delay_pools 1
#delay_class 1 1
#delay_access 1 allow localnet
#delay_access 1 deny all
#delay_parameters 1 30000/30000
A6N Squid Proxy Server ACL v1.1a

This is a more restrictive version but at the moment we currently have issues with iTunes searches!


#
### A6N Squid Configuration v1.1a
#
########### squid.conf ###########
#
## interface, port and proxy type
#http_port 192.168.0.5:8080 transparent
http_port removed
visible_hostname removed
cache_mgr support_at_removed
## general options
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding on
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
forwarded_for off
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
retry_on_error on
strip_query_terms off
uri_whitespace strip
visible_hostname localhost
## timeouts
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 20 hours
## host definitions
acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
## proxy server client access
acl a6nnetworks src 127.0.0.0/8 removed
http_access deny !a6nnetworks
## max connections per ip
acl maxuserconn src 127.0.0.0/8 removed
acl limitusercon maxconn 300
http_access deny maxuserconn limitusercon
## disable caching
cache deny all
cache_dir null /tmp
## disable multicast icp
icp_port 0
icp_access deny all
## disable ident lookups
ident_lookup_access deny all
## no-trust for on-the-fly Content-Encoding
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
## logs
#logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
access_log C:/squid/var/logs/access.log
cache_store_log C:/squid/var/logs/store.log
cache_log C:/squid/var/logs/cache.log
logfile_rotate 8
## support files
coredump_dir c:/squid/var/cache
pid_filename C:/squid/var/squid.pid
## ports allowed
acl Safe_ports port 80 443
http_access deny !Safe_ports
## ssl ports/method allowed
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
## protocols allowed
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto
## browsers allowed
acl Safe_browser browser ^Mozilla/5.0.*Firefox/2.0.0.6
acl Safe_browser browser Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
acl Safe_browser browser Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Mozilla/4.0
http_access deny !Safe_Browser
## disable ads ( //squid_adservers.html )
acl ads dstdom_regex "C:/squid/etc/ad_block.txt"
http_access deny ads
## Banned Sites
acl Bad_Site dstdom_regex "C:/squid/etc/url_block.txt"
http_access deny Bad_Site
## redirector
# acl my_url dstdomain removed
# redirector_access allow my_url
# redirect_children 1
# redirect_rewrites_host_header off
# redirect_program /etc/squid/squid_redirector.pl
## methods allowed
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method
## allow replies to client requests
http_reply_access allow all
## header re-write
# header_replace Accept */*
# header_replace Accept-Encoding gzip
# header_replace Accept-Language en
header_replace User-Agent a6nanonymous1.0
## header list ( DENY all -> ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access WWW-Authenticate allow all
header_access All deny all
########## END ###########