เอา SQUID มาแจกๆๆๆๆๆๆๆๆ ใช้ได้แน่นอน ตอนนี้ใช้อยู่เก็บแหลก
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
#
# Instead, modify the file '/var/ipcop/proxy/advanced/acls/include.acl' and
# then restart the proxy service using the web interface. Changes made to the
# 'include.acl' file will propagate to the 'squid.conf' file at that time.

shutdown_lifetime 5 seconds
icp_port 0

http_port 192.168.1.254:8080 transparent

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_effective_user squid
cache_effective_group squid
umask 022

pid_filename /var/run/squid.pid

cache_mem 80 MB
cache_dir aufs /var/log/cache 13653 16 256

error_directory /usr/lib/squid/advproxy/errors.ipcop/English

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
useragent_log /var/log/squid/user_agent.log

strip_query_terms off

log_mime_hdrs off
forwarded_for off
via off

acl within_timeframe time MTWHFAS 00:00-24:00

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8080 # Squids port (for icons)

acl IPCop_http  port 81
acl IPCop_https port 445
acl IPCop_ips              dst 192.168.1.254
acl IPCop_networks         src "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_servers          dst "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_green_network    src 192.168.1.0/255.255.255.0
acl IPCop_green_servers    dst 192.168.1.0/255.255.255.0
acl CONNECT method CONNECT

#Start of custom includes

tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0

request_timeout 5 minutes
forward_timeout 5 minutes
connect_timeout 5 minutes
peer_connect_timeout 1 minutes
pconn_timeout 120 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minute
shutdown_lifetime 3 seconds
negative_ttl 2 minutes
negative_ttl 3 minutes
positive_dns_ttl 120 seconds
negative_dns_ttl 120 seconds

netdb_low 900
netdb_high 1000
client_db on
client_lifetime 1 day


hierarchy_stoplist cgi-bin ? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ .exe .cfg ucg
acl QUERY urlpath_regex cgi-bin \? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1 .cfg .exe ucg
cache deny QUERY

logformat common %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
cache_access_log  /var/log/squid/access.log common

log_fqdn off
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1


quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100


half_closed_clients off

logfile_rotate 3
log_icp_queries off
query_icmp off
buffered_logs off
reload_into_ims on
nonhierarchical_direct off
prefer_direct on
strip_query_terms off
pipeline_prefetch on
ie_refresh on
forwarded_for on
vary_ignore_expire on
store_dir_select_algorithm round-robin
ignore_unknown_nameservers on

header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All allow all
#End of custom includes

#Access to squid:
#local machine, no restriction
http_access allow         localhost

#GUI admin if local machine connects
http_access allow         IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https

#Deny not web services
http_access deny          !Safe_ports
http_access deny  CONNECT !SSL_ports

#Set custom configured ACLs
http_access allow IPCop_networks within_timeframe
http_access deny  all

#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all

httpd_suppress_version_string on

maximum_object_size 512000 KB
minimum_object_size 0 KB

request_body_max_size 0 KB
reply_body_max_size 0 allow all

visible_hostname ipcop.localdomain

ขอบคุณครับ

ขอบใจจ้า

  ยายจะใช้เป็นไหมนะ