1、squid.conf配置如下:
http_port 10.15.0.2:3128
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
dns_nameservers 10.15.0.1
#内存中最大缓存的文件
maximum_object_size_in_memory 1024 KB
#不缓存超过4MB的文件
maximum_object_size 4096 KB
minimum_object_size 0 KB
#有DNS正反解所得到的IP存在缓存区的大小,这样可以加快解析速度
#ipcache_size 1024
#ipcache_low 90
#ipcache_high 95
#fqdncache_size 1024
#禁止缓存
hierarchy_stoplist -i ^https:\\ ?
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#上面几个就是说遇到URL中有包含cgi-bin和以https:\\开头的都不要缓存,
#asp、cgi、php等动态脚本也不要缓存,
#
#例如银行付款等都是采用这个的,如果把信用卡号什么缓存那不是很危险。
cache_dir ufs f:/squid/cache 4096 16 256
cache_access_log f:/squid/log/access.log
#cache_access_log none
cache_log f:/squid/log/cache.log
cache_store_log none
hosts_file C:\WINDOWS\system32\drivers\etc\hosts
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
acl num maxconn 100
acl dlnet src 10.15.0.0/255.255.0.0
acl daixu src 10.15.203.233/255.255.255.255
acl zhoumin src 10.15.1.23/255.255.255.255
acl tangke src 10.15.0.12/255.255.255.255
acl guojian src 10.15.1.39/255.255.255.255
acl hanxiaoli src 10.15.0.32/255.255.255.255
acl xiaonei url_regex -i .xiaonei.com
acl taobao url_regex -i .taobao.com
acl othercompany dst 10.0.0.0/255.0.0.0
acl citrix dst 10.100.0.0/255.255.0.0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl baidump3 dstdomain -i mp3.baidu.com
acl safesite dstdomain .51cto.com .microsoft.com .symantec.com .360safe.com .spdb.com.cn .95559.com.cn .cb.kingsoft.com .sogou.com .cmbchina.com
acl ipsite dst "c:/squid/etc/allow_ipsite.txt" #允许访问某些特定IP地址,有的税务网站、财务网站,需要添加它们的所有IP到这里,才可以使用!
acl SSL_ports port 80 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1251 1252 2598 # citrix
#acl Safe_ports port 7001
#acl QQ_port port 4000 8000
acl CONNECT method CONNECT
# MSN+webmsn
acl allow_msn src "c:/squid/etc/allowmsnuser.txt"
acl msn_app rep_mime_type application/x-msn-messenger
acl web_msn dstdomain webmessenger.msn.com
http_access deny web_msn !allow_msn
http_reply_access deny msn_app !allow_msn
http_reply_access allow all
#qq
#这里写入允许使用QQ者的IP,一行一个
acl dl_qq src "c:/squid/etc/allowqquser.txt"
#禁止qq登录端口
acl qq_ports port 4000-4020
acl qq_ports port 8000-8020
http_access allow dl_qq qq_ports
http_access deny qq_ports
#禁止qq登录
#这里面写入要QQ登录服务器的IP地址
acl qqip dst "c:/squid/etc/qqip.txt"
http_access allow dl_qq qqip
http_access deny qqip
http_reply_access allow all
http_access allow tangke taobao
http_access allow guojian taobao
http_access allow hanxiaoli xiaonei
http_access allow baidump3
http_access allow safesite
http_access allow ipsite
http_access allow manager localhost
http_access deny manager
#http_access deny QQ_port
http_access deny !Safe_ports
#http_access deny CONNECT QQ_port
http_access deny CONNECT !SSL_ports
acl denymime urlpath_regex -i \.zip$ \.rar$ \.asf$ \.mid$ \.wmv$ \.mpg$ \.mpeg$ \.torrent$ \.exe$ \.rm$ \.rmvb$ \.avi$ \.mov$ \.ram$ \.ex_$ \.flv$ \.wma$ \.mp3$ \.iso$
acl denyurl url_regex "c:/squid/etc/sex.txt"
#acl qqdeny urlpath_regex -i .tencent.com
#acl qq_regex -i .tencent.com
#acl denyqq dstdomain .tencent.com
acl LocalServers1 dst 192.168.0.0/16 10.0.0.0/8
acl LocalServers2 dstdomain .51cto.com
no_cache deny LocalServers1
no_cache deny LocalServers2
#http_access deny qq
#http_access deny qqdeny
#http_access deny denyqq
http_access deny denymime
http_access allow daixu
http_access allow zhoumin
http_access deny denyurl
http_access deny dlnet num
http_access allow dlnet
http_access allow othercompany
http_access allow citrix
http_access deny all
#添加提供透明代理的相关功能,需要进行如下配置
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
http_reply_access allow all
#不允许客户端下载超过10MB
request_body_max_size 5 MB
reply_body_max_size 1000 deny dlnet
2、allowmsnuser.txt 和 allowqquser.txt 一样
按如下格式添加:
#王鹏
10.13.21.21
#王涛
10.13.22.22
3、qqip.txt
都是QQ的服务器
#############################
#UDP
121.14.75.57
121.14.74.245
121.14.74.247
#
113.142.8.36
113.142.8.48
#
219.133.51.251
#
219.133.49.163
219.133.49.171
219.133.49.199
#
118.123.234.186
#
219.133.48.57
219.133.48.104
#
119.147.18.46
#
58.60.9.58
#
58.60.15.33
58.60.15.41
58.60.14.44
58.60.14.48
#
58.61.34.26
#
58.251.62.63
58.251.60.51
58.251.63.56
58.251.63.57
#
58.60.14.47
58.60.14.48
58.60.14.110
#
61.141.194.232
#
219.133.49.195
219.133.49.171
#
219.133.60.18
219.133.60.22
219.133.60.36
219.133.60.250
219.133.60.173
#
222.202.96.170
222.202.96.188
#################################
#TCP
58.251.62.31
58.251.62.25
58.251.62.17
#
121.14.75.51
121.14.74.247
#
119.147.14.146
#
219.133.48.106
219.133.60.250
#
58.60.14.180
#
219.133.48.104
219.133.49.206
#
121.14.101.149
#
58.251.60.53
#
222.73.10.102
#################################
#HTTPS:
121.14.102.16
4、sex.txt 中记录要禁止的网站域名,URL上只要出现以下就阻止
sex
asiaadult
sehu
game
play
chat
mov
qq
playboy
222s.com
265.com
qq.com
tencent.com
movie
music
verycd.com
qq
mp3
tudou.com
56.com
mofile.com
5show.com
pomoho.com
uume.com
6.cn
ouou.com
qyule.com
youtube.com
vodone.com
youku.com
cnboo.com
ku6.com
tvix.cn
seehaha.com
155.com
quxiu.com
wangyou.com
51tv.net
ourdv.com
podlook.com
piekee.com
maidee.com
lifepop.com
vottie.com
365cast.com
aeeboo.com
metacafe.com
vsocial.com
ebay.cn
eachnet.com
taobao.com
kaixin001.com
kaixin.com
ebuddy.com
xiaonei.com
meebo.com
imhaha.com
5、这是封MSN的代码,单独拿出来再写一下!可以封WEB的、客户端软件的!
acl allow_msn src "c:/squid/etc/allowmsnuser.txt"
acl msn_app rep_mime_type application/x-msn-messenger
http_reply_access deny msn_app !allow_msn
http_reply_access allow all
6、封QQ的代码和允许QQ的代码
#这里写入要使用QQ者的IP,一行一个
acl dl_qq src "c:/squid/etc/allowqquser.txt"
#禁止qq登录端口
acl qq_ports port 4000-4020
acl qq_ports port 8000-8020
http_access allow dl_qq qq_ports
http_access deny qq_ports
#禁止qq登录
#这里面写入要QQ登录服务器的IP地址
acl qqip dst "c:/squid/etc/qqip.txt"
http_access allow dl_qq qqip
http_access deny qqip