Skip to content

Instantly share code, notes, and snippets.

@pixline
Last active June 29, 2020 11:38
Show Gist options
  • Save pixline/9679058 to your computer and use it in GitHub Desktop.
Save pixline/9679058 to your computer and use it in GitHub Desktop.
pfsense 2.1 squid3 proxy + adblock setup
# http://aacable.wordpress.com/tag/squid-maximum-cache-hit/
# https://calomel.org/squid_adservers.html
http_port 192.168.3.254:3128
http_port 10.0.0.253:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language it
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname proxy.example.org
cache_mgr admin@example.org
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 1
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src 192.168.3.0/24 10.0.0.0/8
forwarded_for off
uri_whitespace strip
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 256 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF
cache_dir aufs /var/squid/cache 1024 16 256
minimum_object_size 0 KB
maximum_object_size 262144 KB
offline_mode oncache_swap_low 90
cache_swap_high 95
acl donotcache dstdomain "/var/squid/acl/donotcache.acl"
cache deny donotcache
# No redirector configured
#Remote proxies
# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1337 3128 1025-65535
acl sslports port 443 563 1337
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc
# Reverse Proxy settings
# Package Integration
redirect_program /usr/pbi/squidguard-squid3-i386/bin/squidGuard -c /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf
redirector_bypass off
url_rewrite_children 5
# Custom options
hosts_file /etc/hosts
client_db off
buffered_logs on
half_closed_clients off
store_dir_select_algorithm round-robin
dns_nameservers 127.0.0.1
refresh_pattern -i \.htm 120 50% 10080 reload-into-ims
refresh_pattern -i \.html 120 50% 10080 reload-into-ims
refresh_pattern ^http://*.facebook.com/* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache
#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^ftp: 10080 95% 10800 override-lastmod reload-into-ims
refresh_pattern . 180 95% 10800 override-lastmod reload-into-ims
## disable ads ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/ad_block.txt"
http_access deny ads
deny_info TCP_RESET ads
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc
#!/bin/sh
#
# example:
# 35 5 * * */3 /path/to/update_adblock.sh >> /dev/null 2>&1
#
wget -O /etc/squid/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml'
cat /root/lists/custom_ad_block.txt >> /etc/squid/ad_block.txt
/usr/local/sbin/squid -k reconfigure
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment