#Default:
http_port 192.168.1.222:8080 transparent //开启透明代理 在客户端把网关改成这个就可以了
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
#Default:
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 60 MB
cache_swap_low 70
cache_swap_high 85
maximum_object_size 32768 KB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
dns_nameservers 202.106.0.20
# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0 //允许使用代理的网段
#acl mycents src 192.168.1.20-192.168.1.254/24
#####baddomain######
#acl sex_domain dst "/etc/squid/acl/sex_domain"
#acl Government_domain dst "/etc/squid/acl/Government_domain"
#acl game_domain dst "/etc/squid/acl/game_domain"
#acl money_domain dst "/etc/squid/acl/money_domain"
#acl webmail_domain dst "/etc/squid/acl/webmail_domain"
#acl chat_domain dst "/etc/squid/acl/chat_domain"
#acl badmailIP dst "/etc/squid/acl/mailIP"
acl badqqip dst "/etc/squid/acl/qqip" //拒绝qqip的acl规则 被拒绝的qq ip放在/etc/squid/acl/qqip中
acl qq_domains dst "/etc/squid/acl/qq_dom" //拒绝访问qq 域 被拒绝的qq域放在/etc/squid/acl/qq_dom中
#####################################
#
#acl sex_r url_regex -i \sex
#acl stock url_regex -i stock
#acl chat url_regex -i chat
acl qq url_regex -i qq
acl qq url_regex -i tencent
#acl game url_regex -i game
#
#acl badurl urlpath_regex -i \.mp3 $\.avi $\.mp4
###acl manager proto cache_object
###acl localhost src 127.0.0.1/255.255.255.255
#acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#########bad web---------
#http_access deny sex_domain
#http_access deny Government_domain
#http_access deny game_domain
#http_access deny money_domain
#http_access deny webmail_domain
#http_access deny chat_domain
#http_access deny badmailIP
http_access deny badqqip //执行拒绝acl
http_access deny qq_domains
######
#http_access deny sex_r
#http_access deny stock
#http_access deny badurl
#http_access deny chat
http_access deny qq
#http_access deny game
####
icp_access allow all
#http_access allow mycents
#http_access allow all
http_access allow all
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#http_access allow localhost
#http_access deny manager
# Deny requests to unknown ports
#http_access allow Safe_ports
#http_access allow SSL_ports
# Deny CONNECT to other than SSL ports
#http_access deny CONNECT !SSL_ports
附件有配置文件
二、反向代理
1、配置
http_port 80 vhost vport 访问端口,启用加速模式,支持虚拟主机,端口
http_access allow all 权限控制
#cache_peer hostname type http-port icp-port [options]
cache_peer 127.0.0.1 parent 8080 0 originserver no-query
原站服务器 缓存协议 指定原站,真正的web服务器 不接受icp协议
如果访问的是www的就从到10.0.0.190的80读取数据
cache_peer 10.0.0.190 parent 80 0 no-query originserver name=www
cache_peer 10.0.0.247 parent 80 0 no-query originserver name=bbs
cache_peer 10.0.0.233 parent 80 0 no-query originserver name=blog
cache_peer_domain www www.sina.com.cn
cache_peer_domain bbs bbs.sina.com.cn
cache_peer_domain blog blog.sina.com.cn
cache_peer_access www allow all
cache_peer_access bbs allow all
cache_peer_access blog allow all
附件:http://down.51cto.com/data/2357835
