Skip to content

Instantly share code, notes, and snippets.

@VictorLowther
Last active June 9, 2016 17:20
Show Gist options
  • Save VictorLowther/60ebbf9f7ee062f98a7ea3b3597d64aa to your computer and use it in GitHub Desktop.
Save VictorLowther/60ebbf9f7ee062f98a7ea3b3597d64aa to your computer and use it in GitHub Desktop.
Example squid cache config including upstream proxy stuff
# These should be customized to reflect the local address ranges of the networks Rebar nodes use
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl to_localnet dst 10.0.0.0/8 # RFC1918 possible internal network
acl to_localnet dst 172.16.0.0/12 # RFC1918 possible internal network
acl to_localnet dst 192.168.0.0/16 # RFC1918 possible internal network
acl to_localnet dst fc00::/7 # RFC 4193 local private network range
acl to_localnet dst fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
always_direct allow to_localnet
# If you have an upstream http cache to talk to,
# customize the next two lines and uncomment them.
#cache_peer upstream.cache.address parent upsreeam-cache-port 0 default
#never_direct allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 432
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment