alekc/squid.conf

## squid.conf
#
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl custom_ads  dstdom_regex "/etc/squid/ads.acl"
acl ads dstdom_regex "/etc/squid/ad_block.txt"


http_access deny custom_ads
http_access deny ads
deny_info TCP_RESET ads

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localhost manager
#http_access allow localhost
#http_access deny all
http_access allow all
icp_access allow all

cache_mem 512 MB
maximum_object_size_in_memory 128 KB

access_log /var/log/squid/access.log squid

http_port 3128

coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320


cache_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid 15360 16 256
maximum_object_size 4 MB
cache_swap_low 85
cache_swap_high 90

#Squid can not tell the difference between a half-closed and a fully-closed TCP connection. Therefore sends a connection-close to clients that leave a half open connection:
half_closed_clients off

memory_pools off

via off
forwarded_for off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
header_access X_Forwarded_For deny all

#https://calomel.org/squid_adservers.html
	#
	acl SSL_ports port 443
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 443 # https
	acl Safe_ports port 70 # gopher
	acl Safe_ports port 210 # wais
	acl Safe_ports port 1025-65535 # unregistered ports
	acl Safe_ports port 280 # http-mgmt
	acl Safe_ports port 488 # gss-http
	acl Safe_ports port 591 # filemaker
	acl Safe_ports port 777 # multiling http
	acl CONNECT method CONNECT
	acl custom_ads dstdom_regex "/etc/squid/ads.acl"
	acl ads dstdom_regex "/etc/squid/ad_block.txt"


	http_access deny custom_ads
	http_access deny ads
	deny_info TCP_RESET ads

	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	#http_access allow localhost manager
	#http_access allow localhost
	#http_access deny all
	http_access allow all
	icp_access allow all

	cache_mem 512 MB
	maximum_object_size_in_memory 128 KB

	access_log /var/log/squid/access.log squid

	http_port 3128

	coredump_dir /var/spool/squid
	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern ^gopher: 1440 0% 1440
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern (Release\|Packages(.gz)*)$ 0 20% 2880
	refresh_pattern . 0 20% 4320


	cache_replacement_policy heap GDSF
	cache_dir ufs /var/spool/squid 15360 16 256
	maximum_object_size 4 MB
	cache_swap_low 85
	cache_swap_high 90

	#Squid can not tell the difference between a half-closed and a fully-closed TCP connection. Therefore sends a connection-close to clients that leave a half open connection:
	half_closed_clients off

	memory_pools off

	via off
	forwarded_for off
	follow_x_forwarded_for deny all
	request_header_access X-Forwarded-For deny all
	header_access X_Forwarded_For deny all

	#https://calomel.org/squid_adservers.html