# WELCOME TO SQUID 2.6.STABLE12 # ---------------------------- # # This is the default Squid configuration file. You may wish # to look at the Squid home page (http://www.squid-cache.org/) # for the FAQ and other documentation. # # The default Squid config file shows what the defaults for # various options happen to be. If you don't need to change the # default, you shouldn't uncomment the line. Doing so may cause # run-time problems. In some cases "none" refers to no default # setting at all, while in other cases it refers to a valid # option - the comments for that keyword indicate if this is the # case. # # NETWORK OPTIONS # ----------------------------------------------------------------------------- # TAG: http_port #http_port 3128 http_port 192.168.1.1:8080 transparent # TAG: https_port #Default: # none # TAG: ssl_unclean_shutdown #Default: # ssl_unclean_shutdown off # TAG: ssl_engine #Default: # none # TAG: sslproxy_client_certificate #Default: # none # TAG: sslproxy_client_key #Default: # none # TAG: sslproxy_version #Default: # sslproxy_version 1 # TAG: sslproxy_options #Default: # none # TAG: sslproxy_cipher #Default: # none # TAG: sslproxy_cafile # TAG: sslproxy_capath # TAG: sslproxy_flags # TAG: sslpassword_program #Default: # none # TAG: icp_port #Default: # icp_port 3130 icp_port 0 # TAG: htcp_port #Default: # htcp_port 4827 # TAG: mcast_groups #Default: # none # TAG: udp_incoming_address # TAG: udp_outgoing_address #Default: # udp_incoming_address 0.0.0.0 # udp_outgoing_address 255.255.255.255 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- # TAG: cache_peer #Default: # none cache_peer proxy.uolfast.com.ar parent 80 3130 no-query no-digest #cache_peer 157.92.4.2 parent 8080 3130 no-query #cache_peer 157.92.4.151 parent 8080 3130 no-query # TAG: cache_peer_domain #Default: # none # TAG: neighbor_type_domain #Default: # none # TAG: icp_query_timeout (msec) #Default: # icp_query_timeout 0 # TAG: maximum_icp_query_timeout (msec) #Default: # maximum_icp_query_timeout 2000 # TAG: mcast_icp_query_timeout (msec) #Default: # mcast_icp_query_timeout 2000 # TAG: dead_peer_timeout (seconds) #Default: # dead_peer_timeout 10 seconds # TAG: hierarchy_stoplist #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # TAG: cache #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? cache deny QUERY # TAG: cache_vary # Set to off to disable caching of Vary:in objects. # #Default: # cache_vary on # TAG: broken_vary_encoding # Apache mod_gzip and mod_deflate known to be broken so don't trust # Apache to signal ETag correctly on such responses acl apache rep_header Server ^Apache broken_vary_encoding allow apache # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) #Default: # cache_mem 8 MB # cache_mem 256 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) #Default: # cache_swap_low 90 # cache_swap_high 95 # TAG: maximum_object_size (bytes) #Default: # maximum_object_size 4096 KB maximum_object_size 32768 KB # TAG: minimum_object_size (bytes) #Default: # minimum_object_size 0 KB # TAG: maximum_object_size_in_memory (bytes) #Default: # maximum_object_size_in_memory 8 KB # TAG: ipcache_size (number of entries) # TAG: ipcache_low (percent) # TAG: ipcache_high (percent) #Default: # ipcache_size 1024 # ipcache_low 90 # ipcache_high 95 # TAG: fqdncache_size (number of entries) #Default: # fqdncache_size 1024 # TAG: cache_replacement_policy #Default: # cache_replacement_policy lru # TAG: memory_replacement_policy #Default: # memory_replacement_policy lru # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- # TAG: cache_dir #Default: # cache_dir ufs /usr/local/squid/cache 100 16 256 cache_dir ufs /var/spool/squid 100 16 256 # TAG: logformat #logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %a %Ss/%03Hs %h] [%a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh # #Default: # none # TAG: access_log #access_log /usr/local/squid/logs/access.log squid access_log /var/log/squid/access.log squid # TAG: cache_log #Default: # cache_log /usr/local/squid/logs/cache.log cache_log /var/log/squid/cache.log # TAG: cache_store_log #Default: # cache_store_log /usr/local/squid/logs/store.log cache_store_log /var/log/squid/store.log # TAG: cache_swap_log #Default: # none # TAG: emulate_httpd_log on|off #Default: # emulate_httpd_log off # TAG: log_ip_on_direct on|off #Default: # log_ip_on_direct on # TAG: mime_table #Default: # mime_table /usr/local/etc/squid/mime.conf # TAG: log_mime_hdrs on|off #Default: # log_mime_hdrs off # TAG: useragent_log #Default: # none # TAG: referer_log #Default: # none # TAG: pid_filename #Default: # pid_filename /usr/local/squid/logs/squid.pid # TAG: debug_options #Default: # debug_options ALL,1 # TAG: log_fqdn on|off #Default: # log_fqdn off # TAG: client_netmask #Default: # client_netmask 255.255.255.255 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- # TAG: ftp_user #Default: # ftp_user Squid@ # TAG: ftp_list_width #Default: # ftp_list_width 32 # TAG: ftp_passive #Default: # ftp_passive on # TAG: ftp_sanitycheck #Default: # ftp_sanitycheck on # TAG: ftp_telnet_protocol #Default: # ftp_telnet_protocol on # TAG: check_hostnames #Default: # check_hostnames on # TAG: allow_underscore #Default: # allow_underscore on # TAG: cache_dns_program #Default: # cache_dns_program /usr/local/libexec/squid/dnsserver # TAG: dns_children #Default: # dns_children 5 # TAG: dns_retransmit_interval #Default: # dns_retransmit_interval 5 seconds # TAG: dns_timeout #Default: # dns_timeout 2 minutes # TAG: dns_defnames on|off #Default: # dns_defnames off # TAG: dns_nameservers #Default: # none # TAG: hosts_file #Default: # hosts_file /etc/hosts # TAG: diskd_program #Default: # diskd_program /usr/local/libexec/squid/diskd-daemon # TAG: unlinkd_program #Default: # unlinkd_program /usr/local/libexec/squid/unlinkd # TAG: pinger_program #Default: # pinger_program /usr/local/libexec/squid/pinger # TAG: url_rewrite_program #Default: # none # TAG: url_rewrite_children #Default: # url_rewrite_children 5 # TAG: url_rewrite_concurrency #Default: # url_rewrite_concurrency 0 # TAG: url_rewrite_host_header #Default: # url_rewrite_host_header on # TAG: url_rewrite_access #Default: # none # TAG: location_rewrite_program #Default: # none # TAG: location_rewrite_children #Default: # location_rewrite_children 5 # TAG: location_rewrite_concurrency #Default: # location_rewrite_concurrency 0 # TAG: location_rewrite_access #Default: # none # TAG: auth_param #Recommended minimum configuration per scheme: #auth_param negotiate program #auth_param negotiate children 5 #auth_param negotiate keep_alive on #auth_param ntlm program #auth_param ntlm children 5 #auth_param ntlm keep_alive on #auth_param digest program #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 #auth_param basic program #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours #auth_param basic casesensitive off # TAG: authenticate_cache_garbage_interval #Default: # authenticate_cache_garbage_interval 1 hour # TAG: authenticate_ttl #Default: # authenticate_ttl 1 hour # TAG: authenticate_ip_ttl #Default: # authenticate_ip_ttl 0 seconds # TAG: external_acl_type #Default: # none # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # TAG: wais_relay_host # TAG: wais_relay_port # Relay WAIS request to host (1st arg) at port (2 arg). # #Default: # wais_relay_port 0 # TAG: request_header_max_size (KB) #Default: # request_header_max_size 20 KB # TAG: request_body_max_size (KB) #Default: # request_body_max_size 0 KB # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # TAG: quick_abort_min (KB) # TAG: quick_abort_max (KB) # TAG: quick_abort_pct (percent) #Default: # quick_abort_min 16 KB # quick_abort_max 16 KB # quick_abort_pct 95 # TAG: read_ahead_gap buffer-size #Default: # read_ahead_gap 16 KB # TAG: negative_ttl time-units #Default: # negative_ttl 5 minutes # TAG: positive_dns_ttl time-units #Default: # positive_dns_ttl 6 hours # TAG: negative_dns_ttl time-units #Default: # negative_dns_ttl 1 minute # TAG: range_offset_limit (bytes) #Default: # range_offset_limit 0 KB # TAG: collapsed_forwarding (on|off) #Default: # collapsed_forwarding off # TAG: refresh_stale_hit (time) #Default: # refresh_stale_hit 0 seconds # TIMEOUTS # ----------------------------------------------------------------------------- # TAG: forward_timeout time-units #Default: # forward_timeout 4 minutes # TAG: connect_timeout time-units #Default: # connect_timeout 1 minute # TAG: peer_connect_timeout time-units #Default: # peer_connect_timeout 30 seconds # TAG: read_timeout time-units #Default: # read_timeout 15 minutes # TAG: request_timeout #Default: # request_timeout 5 minutes # TAG: persistent_request_timeout #Default: # persistent_request_timeout 1 minute # TAG: client_lifetime time-units #Default: # client_lifetime 1 day # TAG: half_closed_clients #Default: # half_closed_clients on # TAG: pconn_timeout #Default: # pconn_timeout 120 seconds # TAG: ident_timeout #Default: # ident_timeout 10 seconds # TAG: shutdown_lifetime time-units #Default: # shutdown_lifetime 30 seconds # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: acl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl Lan src 192.168.1.0/255.255.255.0 #acl DSTUBA dstdomain .uba.ar #acl DSTUBAIP dst 157.92.0.0/255.255.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 631 # cupsd #acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: follow_x_forwarded_for #Default: # follow_x_forwarded_for deny all # TAG: acl_uses_indirect_client on|off #Default: # acl_uses_indirect_client on # TAG: delay_pool_uses_indirect_client on|off #Default: # delay_pool_uses_indirect_client on # TAG: log_uses_indirect_client on|off #Default: # log_uses_indirect_client on # TAG: http_access #Default: # http_access deny all # #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow manager Lan http_access deny manager # Deny requests to unknown ports #http_access deny !Safe_ports # Deny CONNECT to other than SSL ports #http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow localhost http_access allow Lan # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks # And finally deny all other access to this proxy http_access deny all # TAG: http_access2 #Default: # none # TAG: http_reply_access #Default: # http_reply_access allow all # #Recommended minimum configuration: # and finally allow by default http_reply_access allow all # TAG: icp_access #Default: # icp_access deny all # #Allow ICP queries from everyone icp_access allow all # TAG: htcp_access #Default: # htcp_access deny all # TAG: htcp_clr_access #Default: # htcp_clr_access deny all # TAG: miss_access #Default setting: # miss_access allow all # TAG: cache_peer_access #Default: # none # TAG: ident_lookup_access #Default: # ident_lookup_access deny all # TAG: tcp_outgoing_tos #Default: # none # TAG: tcp_outgoing_address #Default: # none # TAG: reply_header_max_size (KB) #Default: # reply_header_max_size 20 KB # TAG: reply_body_max_size bytes allow|deny acl acl... #Default: # reply_body_max_size 0 allow all # TAG: log_access allow|deny acl acl... #Default: # none # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_mgr #Default: # cache_mgr webmaster cache_mgr root@127.0.0.1 # TAG: mail_from #Default: # none # TAG: mail_program #Default: # mail_program mail # TAG: cache_effective_user #Default: # cache_effective_user squid # TAG: cache_effective_group #Default: # none # TAG: httpd_suppress_version_string on|off # Suppress Squid version string info in HTTP headers and HTML error pages. # #Default: # httpd_suppress_version_string off httpd_suppress_version_string on # TAG: visible_hostname #Default: # none visible_hostname proxy # TAG: unique_hostname #Default: # none # TAG: hostname_aliases #Default: # none # TAG: umask #Default: # umask 027 # OPTIONS FOR THE CACHE REGISTRATION SERVICE # ----------------------------------------------------------------------------- # # This section contains parameters for the (optional) cache # announcement service. This service is provided to help # cache administrators locate one another in order to join or # create cache hierarchies. # # An 'announcement' message is sent (via UDP) to the registration # service by Squid. By default, the announcement message is NOT # SENT unless you enable it with 'announce_period' below. # # The announcement message includes your hostname, plus the # following information from this configuration file: # # http_port # icp_port # cache_mgr # # All current information is processed regularly and made # available on the Web at http://www.ircache.net/Cache/Tracker/. # TAG: announce_period #Default: # announce_period 0 # #To enable announcing your cache, just uncomment the line below. #announce_period 1 day # TAG: announce_host # TAG: announce_file # TAG: announce_port #Default: # announce_host tracker.ircache.net # announce_port 3131 # HTTPD-ACCELERATOR OPTIONS # ----------------------------------------------------------------------------- # TAG: httpd_accel_no_pmtu_disc on|off #Default: # httpd_accel_no_pmtu_disc off # MISCELLANEOUS # ----------------------------------------------------------------------------- # TAG: dns_testnames #Default: # dns_testnames netscape.com internic.net nlanr.net microsoft.com # TAG: logfile_rotate #Default: # logfile_rotate 10 # TAG: append_domain #Example: # append_domain .yourdomain.com # #Default: # none # TAG: tcp_recv_bufsize (bytes) #Default: # tcp_recv_bufsize 0 bytes # TAG: error_map #Default: # none # TAG: err_html_text #Default: # none # TAG: deny_info #Default: # none # TAG: memory_pools on|off #Default: # memory_pools on # TAG: memory_pools_limit (bytes) #Default: # memory_pools_limit 5 MB # TAG: via on|off #Default: # via on # TAG: forwarded_for on|off #Default: # forwarded_for on # TAG: log_icp_queries on|off #Default: # log_icp_queries on # TAG: icp_hit_stale on|off #Default: # icp_hit_stale off # TAG: minimum_direct_hops #Default: # minimum_direct_hops 4 # TAG: minimum_direct_rtt #Default: # minimum_direct_rtt 400 # TAG: cachemgr_passwd #Default: # none # TAG: store_avg_object_size (kbytes) #Default: # store_avg_object_size 13 KB # TAG: store_objects_per_bucket #Default: # store_objects_per_bucket 20 # TAG: client_db on|off #Default: # client_db on # TAG: netdb_low # TAG: netdb_high #Default: # netdb_low 900 # netdb_high 1000 # TAG: netdb_ping_period #Default: # netdb_ping_period 5 minutes # TAG: query_icmp on|off #Default: # query_icmp off # TAG: test_reachability on|off #Default: # test_reachability off # TAG: buffered_logs on|off #Default: # buffered_logs off # TAG: reload_into_ims on|off #Default: # reload_into_ims off # TAG: always_direct #Default: # none #always_direct allow DSTUBA #always_direct allow DSTUBAIP # TAG: never_direct #Default: # none never_direct allow all never_direct allow Lan # TAG: header_access #Default: # none # TAG: header_replace #Default: # none # TAG: icon_directory #Default: # icon_directory /usr/local/etc/squid/icons # TAG: global_internal_static #Default: # global_internal_static on # TAG: short_icon_urls #Default: # short_icon_urls off # TAG: error_directory #Default: # error_directory /usr/local/etc/squid/errors/English #error_directory /usr/local/etc/squid/errors/Spanish # TAG: maximum_single_addr_tries #Default: # maximum_single_addr_tries 1 # TAG: retry_on_error #Default: # retry_on_error off # TAG: snmp_port #Default: # snmp_port 3401 # TAG: snmp_access #Example: # snmp_access allow snmppublic localhost # snmp_access deny all # #Default: # snmp_access deny all # TAG: snmp_incoming_address # TAG: snmp_outgoing_address #Default: # snmp_incoming_address 0.0.0.0 # snmp_outgoing_address 255.255.255.255 # TAG: as_whois_server #Default: # as_whois_server whois.ra.net # as_whois_server whois.ra.net # TAG: wccp_router # TAG: wccp2_router #Default: # wccp_router 0.0.0.0 # TAG: wccp_version #Default: # wccp_version 4 # TAG: wccp2_rebuild_wait #Default: # wccp2_rebuild_wait on # TAG: wccp2_forwarding_method #Default: # wccp2_forwarding_method 1 # TAG: wccp2_return_method #Default: # wccp2_return_method 1 # TAG: wccp2_assignment_method #Default: # wccp2_assignment_method 1 # TAG: wccp2_service #Default: # wccp2_service standard 0 # TAG: wccp2_service_info #Default: # none # TAG: wccp2_weight #Default: # wccp2_weight 10000 # TAG: wccp_address # TAG: wccp2_address #Default: # wccp_address 0.0.0.0 # wccp2_address 0.0.0.0 # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) # ----------------------------------------------------------------------------- # TAG: delay_pools #Default: # delay_pools 0 # TAG: delay_class #Example: # delay_pools 2 # 2 delay pools # delay_class 1 2 # pool 1 is a class 2 pool # delay_class 2 3 # pool 2 is a class 3 pool #Default: # none # TAG: delay_access #Example: # delay_access 1 allow some_big_clients # delay_access 1 deny all # delay_access 2 allow lotsa_little_clients # delay_access 2 deny all # #Default: # none # TAG: delay_parameters #Default: # none # TAG: delay_initial_bucket_level (percent, 0-100) #Default: # delay_initial_bucket_level 50 # TAG: incoming_icp_average # TAG: incoming_http_average # TAG: incoming_dns_average # TAG: min_icp_poll_cnt # TAG: min_dns_poll_cnt # TAG: min_http_poll_cnt # Heavy voodoo here. I can't even believe you are reading this. # Are you crazy? Don't even think about adjusting these unless # you understand the algorithms in comm_select.c first! # #Default: # incoming_icp_average 6 # incoming_http_average 4 # incoming_dns_average 4 # min_icp_poll_cnt 8 # min_dns_poll_cnt 8 # min_http_poll_cnt 8 # TAG: max_open_disk_fds # To avoid having disk as the I/O bottleneck Squid can optionally # bypass the on-disk cache if more than this amount of disk file # descriptors are open. # # A value of 0 indicates no limit. # #Default: # max_open_disk_fds 0 # TAG: offline_mode # Enable this option and Squid will never try to validate cached # objects. # #Default: # offline_mode off # TAG: uri_whitespace #Default: # uri_whitespace strip # TAG: broken_posts #Example: # acl buggy_server url_regex ^http://.... # broken_posts allow buggy_server # #Default: # none # TAG: mcast_miss_addr #Default: # mcast_miss_addr 255.255.255.255 # TAG: mcast_miss_ttl #Default: # mcast_miss_ttl 16 # TAG: mcast_miss_port #Default: # mcast_miss_port 3135 # TAG: mcast_miss_encode_key #Default: # mcast_miss_encode_key XXXXXXXXXXXXXXXX # TAG: nonhierarchical_direct #Default: # nonhierarchical_direct on # TAG: prefer_direct #Default: # prefer_direct off # TAG: strip_query_terms #Default: # strip_query_terms on # TAG: coredump_dir #Default: # coredump_dir none # # Leave coredumps in the first cache dir #coredump_dir /usr/local/squid/cache #coredump_dir /u1/squidcache # TAG: redirector_bypass #Default: # redirector_bypass off # TAG: ignore_unknown_nameservers #Default: # ignore_unknown_nameservers on # TAG: digest_generation #Default: # digest_generation on # TAG: digest_bits_per_entry #Default: # digest_bits_per_entry 5 # TAG: digest_rebuild_period (seconds) # This is the number of seconds between Cache Digest rebuilds. #Default: # digest_rebuild_period 1 hour # TAG: digest_rewrite_period (seconds) #Default: # digest_rewrite_period 1 hour # TAG: digest_swapout_chunk_size (bytes) #Default: # digest_swapout_chunk_size 4096 bytes # TAG: digest_rebuild_chunk_percentage (percent, 0-100) #Default: # digest_rebuild_chunk_percentage 10 # TAG: chroot #Default: # none # TAG: client_persistent_connections # TAG: server_persistent_connections #Default: # client_persistent_connections on # server_persistent_connections on # TAG: persistent_connection_after_error #Default: # persistent_connection_after_error off # TAG: detect_broken_pconn #Default: # detect_broken_pconn off # TAG: balance_on_multiple_ip #Default: # balance_on_multiple_ip on # TAG: pipeline_prefetch #Default: # pipeline_prefetch off # TAG: extension_methods #Default: # none # TAG: request_entities #Default: # request_entities off # TAG: high_response_time_warning (msec) #Default: # high_response_time_warning 0 # TAG: high_page_fault_warning #Default: # high_page_fault_warning 0 # TAG: high_memory_warning #Default: # high_memory_warning 0 # TAG: store_dir_select_algorithm #Default: # store_dir_select_algorithm least-load # TAG: forward_log #Default: # none # TAG: ie_refresh on|off #Default: # ie_refresh off # TAG: vary_ignore_expire on|off #Default: # vary_ignore_expire off # TAG: sleep_after_fork (microseconds) #Default: # sleep_after_fork 0 # TAG: minimum_expiry_time (seconds) #Default: # minimum_expiry_time 60 seconds # TAG: relaxed_header_parser on|off|warn #Default: # relaxed_header_parser on