Chinaunix首页 | 论坛 | 博客
  • 博客访问: 693239
  • 博文数量: 463
  • 博客积分: 40000
  • 博客等级: 大将
  • 技术积分: 4580
  • 用 户 组: 普通用户
  • 注册时间: 2008-10-15 16:47
文章分类

全部博文(463)

文章存档

2011年(1)

2008年(462)

我的朋友

分类:

2008-10-15 16:53:43

  一个功能较全的squi配置文件
 
  #用户认证
 
  auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
 
  auth_param basic children 5
 
  auth_param basic realm Squid proxy-caching web server
 
  auth_param basic credentialsttl 1 hours
 
  auth_param basic casesensitive off
 
  acl all src 0.0.0.0/0.0.0.0
 
  acl manager proto cache_object
 
  acl localhost src 127.0.0.1/255.255.255.255
 
  acl to_localhost dst 127.0.0.0/8
 
  acl SSL_ports port 443
 
  acl Safe_ports port 80 # http
 
  acl Safe_ports port 21 # ftp
 
  acl Safe_ports port 443 # https
 
  acl Safe_ports port 70 # gopher
 
  acl Safe_ports port 210 # wais
 
  acl Safe_ports port 1025-65535 # unregistered ports
 
  acl Safe_ports port 280 # http-mgmt
 
  acl Safe_ports port 488 # gss-http
 
  acl Safe_ports port 591 # filemaker
 
  acl Safe_ports port 777 # multiling http
 
  acl CONNECT method CONNECT
 
  http_access allow manager localhost
 
  http_access deny manager
 
  http_access deny !Safe_ports
 
  http_access deny CONNECT !SSL_ports
 
  #本网段用户可以上网
 
  acl our_networks src 192.168.1.0/24 192.168.2.0/24
 
  http_access deny !our_networks
 
  #绑定mac和ip
 
  acl userip src 192.168.1.3
 
  acl usermac arp 00:0C:29:4E:F5:92
 
  http_access deny usermac !userip
 
  http_access deny !usermac userip
 
  http_access allow localhost
 
  #每个人的连接限制为一个
 
  acl onlyone maxconn 2
 
  http_access deny onlyone
 
  #一个用户只能从一个ip登录代理
 
  acl perip max_user_ip -s 1
 
  http_access allow perip
 
  #阻拦某些关键字开头的网址
 
  acl badhead dstdom_regex -i ^news ^game ^pic ^xxx
 
  http_access deny badhead
 
  #阻拦带有某些关键的网址
 
  acl badurl urlpath_regex -i news game pic sex mp3 xxx
 
  http_access deny badurl
 
  #阻拦具体网站
 
  acl badsite url_regex -i xxx.com
 
  http_access deny badsite
 
  #禁止某些类型的文件
 
  acl badfile url_regex -i \.mp3$ \.vbs$ \.rmvb$ \.rm \.exe$ \.mpg$ \.mpeg$
 
  http_access deny badfile
 
  #授权用户可以访问web
 
  acl userauth proxy_auth REQUIRED
 
  http_access allow userauth
 
  #其他用户连接一律拒绝
 
  http_access deny all
 
  icp_access allow all
 
  log_uses_indirect_client on
 
  http_port 3128
 
  hierarchy_stoplist cgi-bin ?
 
  acl QUERY urlpath_regex cgi-bin \?
 
  cache deny QUERY
 
  cache_mem 16 MB
 
  cache_dir ufs /var/spool/squid 100 16 256
 
  access_log /var/log/squid/access.log squid
 
  mime_table /etc/squid/mime.conf
 
  pid_filename /var/run/squid.pid
 
  ftp_telnet_protocol on
 
  refresh_pattern ^ftp: 1440 20% 10080
 
  refresh_pattern ^gopher: 1440 0% 1440
 
  refresh_pattern . 0 20% 4320
 
  acl apache rep_header Server ^Apache
 
  broken_vary_encoding allow apache
 
  half_closed_clients on
 
  cache_mgr
 
  mail_program mail
 
  cache_effective_user squid
 
  cache_effective_group squid
 
  visible_hostname fc8.lrq.com
 
  delay_pools 1
 
  error_directory /usr/share/squid/errors/Simplify_Chinese
 
  check_hostnames on
 
  dns_timeout 2 minutes
 
  dns_nameservers 192.168.1.254 202.96.134.133
 
  fqdncache_size 1024
 
  forwarded_for on
 
  client_db on
 
  uri_whitespace strip
 
  coredump_dir /var/spool/squid
 
【责编:Zenghui】

--------------------next---------------------

阅读(334) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~