Linux系统上一个功能较全的Squid配置文件

时间:2008-10-03 13:31:28  来源:第二电脑网上收集  作者:

  第二电脑网导读:ord  auth_param basic children 5  auth_param basic realm Squid proxy-caching web server  auth_param basic credentialsttl 1 hours  auth_param basic casesensitive off  acl all src 0.0.0.0/0.0.0.0  acl manager proto cache_object  acl localhost src 127.0.0.1/255.255.255.255  acl to_localhost...
  正文:

  一个功能较全的squi配置文件

  #用户认证

  auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password

  auth_param basic children 5

  auth_param basic realm Squid proxy-caching web server

  auth_param basic credentialsttl 1 hours

  auth_param basic casesensitive off

  acl all src 0.0.0.0/0.0.0.0

  acl manager proto cache_object

  acl localhost src 127.0.0.1/255.255.255.255

  acl to_localhost dst 127.0.0.0/8

  acl SSL_ports port 443

  acl Safe_ports port 80 # http

  acl Safe_ports port 21 # ftp

  acl Safe_ports port 443 # httphotoshop/ target=_blank class=infotextkey>ps

  acl Safe_ports port 70 # gopher

  acl Safe_ports port 210 # wais

  acl Safe_ports port 1025-65535 # unregistered ports

  acl Safe_ports port 280 # http-mgmt

  acl Safe_ports port 488 # gss-http

  acl Safe_ports port 591 # filemaker

  acl Safe_ports port 777 # multiling http

  acl CONNECT method CONNECT

  http_access allow manager localhost

  http_access deny manager

  http_access deny !Safe_ports

  http_access deny CONNECT !SSL_ports

  #本网段用户可以上网

  acl our_networks src 192.168.1.0/24 192.168.2.0/24

  http_access deny !our_networks

  #绑定mac和ip

  acl userip src 192.168.1.3

  acl usermac arp 00:0C:29:4E:F5:92

  http_access deny usermac !userip

  http_access deny !usermac userip

  http_access allow localhost

  #每个人的连接限制为一个

  acl onlyone maxconn 2

  http_access deny onlyone

  #一个用户只能从一个ip登录代理服务器

  acl perip max_user_ip -s 1

  http_access allow perip

  #阻拦某些关键字开头的网址

  acl badhead dstdom_regex -i ^news ^game ^pic ^xxx

  http_access deny badhead

  #阻拦带有某些关键的网址

  acl badurl urlpath_regex -i news game pic sex mp3 xxx

  http_access deny badurl

  #阻拦具体网站

  acl badsite url_regex -i www.msn.com www.xxx.com xxx.com

  http_access deny badsite

  #禁止下载某些类型的文件

  acl badfile url_regex -i /.mp3$ /.vbs$ /.rmvb$ /.rm /.exe$ /.mpg$ /.mpeg$

  http_access deny badfile

  #授权用户可以访问web

  acl userauth proxy_auth REQUIRED

  http_access allow userauth

  #其他用户连接一律拒绝

  http_access deny all

  icp_access allow all

  log_uses_indirect_client on

  http_port 3128

  hierarchy_stoplist cgi-bin ?

  acl QUERY urlpath_regex cgi-bin /?

  cache deny QUERY

  cache_mem 16 MB

  cache_dir ufs /var/spool/squid 100 16 256

  access_log /var/log/squid/access.log squid

  mime_table /etc/squid/mime.conf

  pid_filename /var/run/squid.pid

  ftp_telnet_protocol on

  refresh_pattern ^ftp: 1440 20% 10080

  refresh_pattern ^gopher: 1440 0% 1440

  refresh_pattern . 0 20% 4320

  acl apache rep_header Server ^Apache

  broken_vary_encoding allow apache

  half_closed_clients on

  cache_mgr root@lrq.com

  mail_program mail

  cache_effective_user squid

  cache_effective_group squid

  visible_hostname fc8.lrq.com

  delay_pools 1

  error_directory /usr/share/squid/errors/Simplify_Chinese

  check_hostnames on

  dns_timeout 2 minutes

  dns_nameservers 192.168.1.254 202.96.134.133

  fqdncache_size 1024

  forwarded_for on

  client_db on

  uri_whitespace strip

  coredump_dir /var/spool/squid

Linux系统上一个功能较全的Squid配置文件》由第二电脑网原创提供,转载请注明:http://www.002pc.com/master/College/Server/Linux/2008-10-03/444.html


关键字:

关于《Linux系统上一个功能较全的Squid配置文件》文章的评论

站内搜索: 高级搜索

热门搜索: Windows style 系统 tr IP QQ CPU 安装 function 注册 if td