[root@snsatt etc]# cat squid.conf
#accel listen port
http_port 80 accel vhost vport
#accel domain
cache_peer 219.201.201.11 parent 8080 0 no-query originserver no-digest name=imgsns
cache_peer 219.201.201.9   parent 80 0 no-query originserver name=space
cache_peer_domain imgsns .linuxtone.cn 219.201.201.11
cache_peer_domain space   space.linuxtone.org

#acl
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80    # http
acl Safe_ports port 8080
acl LanSrc src 192.168.169.0/24
acl LanDst dst 192.168.169.0/24
acl LanDstDM dstdomain .linuxtone.cn .linuxtone.org

acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow LanSrc
http_access allow LanDst
http_access allow LanDstDM
http_access deny all

#base
visible_hostname imgsns-cache.linuxtone.cn
cache_mgr cache@linuxtone.org
cache_effective_user squid
cache_effective_group squid

error_directory /usr/local/squid/share/errors/Simplify_Chinese
icon_directory /usr/local/squid/share/icons
mime_table /usr/local/squid/etc/mime.conf

cache_replacement_policy lru
#cache_dir
cache_dir aufs /data/cache 32768 64 64
#cache_dir aufs /data/cache2 32768 64 64
cache_mem 2048 MB
max_open_disk_fds 0
maximum_object_size 512 KB
maximum_object_size_in_memory 256 KB

#keepalived
client_persistent_connections off
server_persistent_connections on
#persistent_request_timeout 60 seconds

memory_pools on
memory_pools_limit 64 MB

forwarded_for on
log_icp_queries off

via off
httpd_suppress_version_string off

ie_refresh off
tcp_recv_bufsize 32 KB

#acl webservices rep_header Server -i ^linuxtoneWS ^Apache ^nginx
#broken_vary_encoding allow webservices

#hidden the squid header
#reply_header_access Server deny all
#reply_header_access X-Cache deny all
#reply_header_access Warning deny all
#reply_header_access Expires deny all
#reply_header_access Cache-Control deny all
#reply_header_access age deny all

#reply_header_access All deny all


ipcache_size 1024
ipcache_low 90
ipcache_high 95

memory_replacement_policy lru

hosts_file /etc/hosts
request_header_max_size 128 KB

#deny cache
hierarchy_stoplist cgi-bin ? \.php
acl QUERY urlpath_regex cgi-bin\? \.php \.css
acl DIRECT url_regex -i ^http:\/\/www\.linuxtone\.org\/$
acl DIRECT url_regex -i ^http:\/\/photo\.linuxtone\.org\/.*$
acl DIRECT url_regex -i ^http:\/\/www\.linuxtone\.org\/index\.html$

cache deny QUERY
cache deny DIRECT


#request_body_max_size 0 KB

refresh_pattern ^ftp:           60    20%     10080
refresh_pattern ^gopher:        60    0%    1440
refresh_pattern .             0    20%     1440
#refresh_pattern -i \.css$    360 50%     2880 reload-into-ims
refresh_pattern -i \.js$        1440 50%     2880 reload-into-ims
refresh_pattern -i \.html$        720 50%     1440 reload-into-ims
refresh_pattern -i \.jpg$    1440 50%     2880 ignore-reload
refresh_pattern -i \.gif$    1440 50%     2880 ignore-reload
refresh_pattern -i \.swf$    1440 50%     2880 ignore-reload
refresh_pattern -i \.jpg$    1440    50%     2880 ignore-reload
refresh_pattern -i \.png$    1440    50%     2880    ignore-reload
refresh_pattern -i \.bmp$    1440    50%     2880    ignore-reload

refresh_pattern -i \.doc$ 1440 50%     2880    ignore-reload
refresh_pattern -i \.ppt$ 1440 50%     2880    ignore-reload
refresh_pattern -i \.xls$ 1440 50%     2880    ignore-reload
refresh_pattern -i \.pdf$ 1440 50%     2880    ignore-reload
refresh_pattern -i \.rar$    1440 50%     2880    ignore-reload
refresh_pattern -i \.zip$ 1440 50%     2880    ignore-reload
refresh_pattern -i \.txt$ 1440 50%     2880    ignore-reload

quick_abort_min 20 KB
quick_abort_max 20 KB
quick_abort_pct 95


connect_timeout 1 minute
negative_ttl 0 minutes
read_timeout 30 seconds
pconn_timeout 120 seconds
shutdown_lifetime 5 seconds
strip_query_terms off


# snmp
#snmp_port 3401
#acl snmppublic snmp_orgmunity snsimg
#snmp_access allow snmppublic localhost
#snmp_access deny all

acl snmppublic snmp_orgmunity public
snmp_port 3401
snmp_access allow snmppublic all

icp_port 0


# logfile
emulate_httpd_log on
logformat orgbined %{X-Forwarded-For}>h %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
#access_log none
access_log /data/logs/access.log orgbined
#cache_store_log /var/log/squid/store.log
cache_store_log /dev/null
cache_log /data/logs/cache.log
logfile_rotate 12

# MISCELLANEOUS
store_objects_per_bucket 15
client_db off