How to install squid in forward-proxy mode

This is a simple template of config file:

http_port 80 transparent

# NEED TO BE CUSTOMIZED
cache_mgr your-mail-account@example.com
mail_from your-mail-account@example.com
visible_hostname proxy-cache.example.com

cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 524288 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy lru
cache_dir aufs /var/spool/squid 1024 16 256

httpd_suppress_version_string on
forwarded_for on
icp_port 0

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" ref:"%{Referer}>h" ua:"%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1
coredump_dir /var/spool/squid

mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid

check_hostnames on
hosts_file /etc/hosts

# ACLs to define what is allowed and what is not
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https

acl cernvm_cluster dstdomain cernvm.cern.ch rbuilder.cern.ch cernvm-test.cern.ch cernvm-devel.cern.ch
acl CONNECT method CONNECT

# Enforcing of ACLs
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost

http_access allow cernvm_cluster
http_access allow CONNECT cernvm_cluster SSL_ports

http_access allow localhost
http_access deny all
icp_access deny all

# Routing information to parent caches: everything is forwarded to cernvm.cern.ch
cache_peer 137.138.170.211    parent    80  0  no-query no-digest name=cernvm default
cache_peer_access cernvm allow all
never_direct allow all

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

		
-- Main.CarlosAguado - 13 May 2008
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2020-08-31 - TWikiAdminUser
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox/SandboxArchive All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback