Last active
June 29, 2020 11:38
-
-
Save pixline/9679058 to your computer and use it in GitHub Desktop.
pfsense 2.1 squid3 proxy + adblock setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# http://aacable.wordpress.com/tag/squid-maximum-cache-hit/ | |
# https://calomel.org/squid_adservers.html | |
http_port 192.168.3.254:3128 | |
http_port 10.0.0.253:3128 | |
http_port 127.0.0.1:3128 intercept | |
icp_port 7 | |
dns_v4_first off | |
pid_filename /var/run/squid.pid | |
cache_effective_user proxy | |
cache_effective_group proxy | |
error_default_language it | |
icon_directory /usr/pbi/squid-i386/etc/squid/icons | |
visible_hostname proxy.example.org | |
cache_mgr admin@example.org | |
access_log /var/squid/logs/access.log | |
cache_log /var/squid/logs/cache.log | |
cache_store_log none | |
sslcrtd_children 0 | |
logfile_rotate 1 | |
shutdown_lifetime 3 seconds | |
# Allow local network(s) on interface(s) | |
acl localnet src 192.168.3.0/24 10.0.0.0/8 | |
forwarded_for off | |
uri_whitespace strip | |
acl dynamic urlpath_regex cgi-bin \? | |
cache deny dynamic | |
cache_mem 256 MB | |
maximum_object_size_in_memory 128 KB | |
memory_replacement_policy heap GDSF | |
cache_replacement_policy heap GDSF | |
cache_dir aufs /var/squid/cache 1024 16 256 | |
minimum_object_size 0 KB | |
maximum_object_size 262144 KB | |
offline_mode oncache_swap_low 90 | |
cache_swap_high 95 | |
acl donotcache dstdomain "/var/squid/acl/donotcache.acl" | |
cache deny donotcache | |
# No redirector configured | |
#Remote proxies | |
# Setup some default acls | |
acl allsrc src all | |
acl localhost src 127.0.0.1/32 | |
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1337 3128 1025-65535 | |
acl sslports port 443 563 1337 | |
acl manager proto cache_object | |
acl purge method PURGE | |
acl connect method CONNECT | |
# Define protocols used for redirects | |
acl HTTP proto HTTP | |
acl HTTPS proto HTTPS | |
http_access allow manager localhost | |
http_access deny manager | |
http_access allow purge localhost | |
http_access deny purge | |
http_access deny !safeports | |
http_access deny CONNECT !sslports | |
# Always allow localhost connections | |
http_access allow localhost | |
quick_abort_min 0 KB | |
quick_abort_max 0 KB | |
request_body_max_size 0 KB | |
delay_pools 1 | |
delay_class 1 2 | |
delay_parameters 1 -1/-1 -1/-1 | |
delay_initial_bucket_level 100 | |
delay_access 1 allow allsrc | |
# Reverse Proxy settings | |
# Package Integration | |
redirect_program /usr/pbi/squidguard-squid3-i386/bin/squidGuard -c /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf | |
redirector_bypass off | |
url_rewrite_children 5 | |
# Custom options | |
hosts_file /etc/hosts | |
client_db off | |
buffered_logs on | |
half_closed_clients off | |
store_dir_select_algorithm round-robin | |
dns_nameservers 127.0.0.1 | |
refresh_pattern -i \.htm 120 50% 10080 reload-into-ims | |
refresh_pattern -i \.html 120 50% 10080 reload-into-ims | |
refresh_pattern ^http://*.facebook.com/* 720 100% 4320 | |
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320 | |
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320 | |
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320 | |
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320 | |
refresh_pattern ^http://*.google.*/.* 720 100% 4320 | |
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320 | |
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 10800 80% 10800 ignore-reload override-expire ignore-no-cache | |
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 10800 80% 10800 ignore-reload override-expire ignore-no-cache | |
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache | |
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 10800 80% 10800 ignore-reload override-expire ignore-no-cache | |
#All File | |
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims | |
refresh_pattern (cgi-bin|\?) 0 0% 0 | |
refresh_pattern ^gopher: 1440 0% 1440 | |
refresh_pattern ^ftp: 10080 95% 10800 override-lastmod reload-into-ims | |
refresh_pattern . 180 95% 10800 override-lastmod reload-into-ims | |
## disable ads ( http://pgl.yoyo.org/adservers/ ) | |
acl ads dstdom_regex "/etc/squid/ad_block.txt" | |
http_access deny ads | |
deny_info TCP_RESET ads | |
# Setup allowed acls | |
# Allow local network(s) on interface(s) | |
http_access allow localnet | |
# Default block all to be sure | |
http_access deny allsrc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# example: | |
# 35 5 * * */3 /path/to/update_adblock.sh >> /dev/null 2>&1 | |
# | |
wget -O /etc/squid/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml' | |
cat /root/lists/custom_ad_block.txt >> /etc/squid/ad_block.txt | |
/usr/local/sbin/squid -k reconfigure | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment