Last active
April 11, 2022 21:25
-
-
Save alexalouit/11048773 to your computer and use it in GitHub Desktop.
OpenWRT Squid transparent configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Squid required: | |
| Mount HD (15GB min) on /tmp/cache, chmod -R 777 /tmp/cache | |
| Firewall section: | |
| config redirect | |
| option src 'lan' | |
| option proto 'tcp' | |
| option src_ip '!192.168.1.1' | |
| option src_dport '80' | |
| option dest_ip '192.168.1.1' | |
| option dest_port '3128' | |
| option target 'DNAT' | |
| /etc/init.d/firewall reload/restart | |
| Squid confiuration: | |
| acl all src all | |
| acl manager proto cache_object | |
| acl localhost src 127.0.0.1/32 | |
| acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 | |
| acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
| acl localnet src 172.16.0.0/12 # RFC1918 possible internal network | |
| acl localnet src 192.168.0.0/24 # RFC1918 possible internal network | |
| acl SSL_ports port 443 | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| http_access allow manager localhost | |
| http_access deny manager | |
| http_access deny !Safe_ports | |
| http_access deny CONNECT !SSL_ports | |
| http_access allow localnet | |
| http_access deny all | |
| icp_access allow localnet | |
| icp_access deny all | |
| http_port 3128 transparent | |
| visible_hostname SquidBox | |
| hierarchy_stoplist cgi-bin ? | |
| cache_mem 8 MB | |
| maximum_object_size_in_memory 8 KB | |
| cache_dir ufs /tmp/cache 15000 16 512 | |
| maximum_object_size 32 MB | |
| access_log /tmp/cache/access.log squid | |
| #access_log none | |
| cache_log /tmp/cache/cache.log | |
| cache_store_log /tmp/cache/store.log | |
| pid_filename /tmp/cache/squid.pid | |
| netdb_filename /tmp/cache/netdb.state | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| refresh_pattern . 0 20% 4320 | |
| #acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] | |
| #upgrade_http0.9 deny shoutcast | |
| #acl apache rep_header Server ^Apache | |
| #broken_vary_encoding allow apache | |
| #dns_nameservers 127.0.0.1 | |
| coredump_dir /tmp/cache | |
| Usage: | |
| squid -z (create cache directory) | |
| squid -D | |
| squid -k kill/configure | |
| use -f cfgfile if is moved | |
| Remember to launch Squid with rc file. |
Does this work for https? What would be the difference?
Way to make it a nearly unreadable mess. Also, the 15gb min requirement is a requirement of Squid, but rather your configuration of it. Not only that, but you shouldn't set the cache to be the same as the storage, you should leave some spare room on the device.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
does transparent https proxy works with your config?